This Privacy Policy is issued by Devora Systems, doing business as Devora ('we,' 'our,' or 'us'), a company organized under the laws of the State of New Mexico, United States, with its principal place of business at 1209 Mountain Road Pl NE, STE R, Albuquerque, NM 87110, USA. It explains how we collect, use, store, and share personal data when you visit our website or purchase our WordPress maintenance, security, and SEO services. We act as the data controller of the personal data described below. By using our website or services you confirm that you have read this policy.

1. Data we collect. Identity and contact data: name, business name, email address, billing address, and telephone number you provide when creating an account, requesting a quote, or contacting support. Transaction data: products purchased, invoice number, amount, currency, and date. Technical data: IP address, browser type and version, time zone, operating system, and pages visited, collected through cookies and similar technologies. Service data: WordPress login credentials, hosting access, and site configuration information you choose to share so that we can deliver the services.

2. Payment data. We do not store full payment card numbers, CVV codes, or bank account numbers on our servers. All card and bank payments are processed by Stripe, Inc. and its affiliates ('Stripe'), which is certified as a PCI Service Provider Level 1 under the Payment Card Industry Data Security Standard (PCI-DSS). When you pay, your card details are submitted directly to Stripe over TLS and we receive only a tokenized reference, the last four digits of the card, the card brand, the expiry month and year, the cardholder name, and the country of issuance. Stripe's own privacy notice applies to the data Stripe collects and is available at https://stripe.com/privacy.

3. How we use your data

We process personal data on the following legal bases: (a) performance of a contract, to deliver the services you have ordered, manage your account, send invoices, and provide customer support; (b) legal obligation, including tax, accounting, anti-fraud, anti-money-laundering, and record-keeping requirements; (c) legitimate interests, to operate, secure, and improve our services and to communicate with existing customers about similar services; and (d) consent, for optional marketing communications and non-essential cookies, which you can withdraw at any time.

4. Payment processing, fraud prevention, and chargebacks. Stripe is our sole payment processor. Stripe may use the transaction and device information you provide to detect and prevent fraud, perform sanctions and watch-list screening (including OFAC), and meet Strong Customer Authentication requirements where applicable. We may share limited information with Stripe and, through Stripe, with the card networks (Visa, Mastercard, American Express, Discover) and the issuing bank as needed to authorize a payment, process a refund, or respond to a chargeback, retrieval, or pre-arbitration request. We retain payment-related records for the period required by applicable tax and anti-money-laundering law.

5. Cookies. We use a small number of essential cookies to keep the site functional and to remember your preferences. Analytics and marketing cookies, where used, are only loaded after you accept them in the cookie banner. You can clear or block cookies at any time through your browser settings.

6. Marketing communications. We will only send you marketing email if you have opted in or are an existing customer receiving information about similar services. Every marketing email contains an unsubscribe link. Unsubscribing does not affect transactional emails such as invoices, renewal notices, or service alerts.

7. How we protect your data

We apply administrative, technical, and physical safeguards designed to protect personal data, including TLS encryption in transit, encryption at rest for credentials, role-based access control, multi-factor authentication for staff accounts, regular backups, and least-privilege access to customer environments. No system can be guaranteed to be 100% secure; we will notify affected users and the competent supervisory authority of any personal data breach as required by law.

8. Sharing your data

We do not sell your personal data. We share it only with the following categories of recipients and only to the extent necessary:

Service providers acting as processors on our behalf, including Stripe (payments), our hosting and email providers, our accounting and invoicing software, and our customer support tooling. All processors are bound by written agreements and may only use your data on our documented instructions.

Authorities and regulators, where we are required by law to disclose information, including in response to a valid court order, tax investigation, anti-money-laundering enquiry, or law enforcement request.

Successors in interest, in the event of a merger, acquisition, restructuring, or sale of assets. We will notify you in advance and ensure that any successor is bound by privacy commitments at least as protective as those in this policy.

9. Your rights

Subject to applicable law, you have the right to access the personal data we hold about you, to request rectification or erasure, to restrict or object to processing, to portability, and to withdraw any consent you have given. You also have the right to lodge a complaint with your local data protection authority. To exercise any of these rights please email contact@devorasystems.com; we will respond within 30 days.

10. International transfers and retention. Devora Systems is established in the United States. Where personal data of users located in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States or other jurisdictions, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful transfer mechanism, and we apply supplementary safeguards where required. We retain personal data only for as long as needed to deliver the services and to meet our legal obligations: account and transaction records are kept for the period required by applicable tax, accounting, and anti-money-laundering law (typically up to 7 years), and support correspondence is kept for up to 3 years after closure of the ticket.

11. Children's privacy

Our services are intended for businesses and adults aged 18 or over. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The current version, together with the date it was last updated, will always be published on this page. Material changes will be communicated to active customers by email at least 14 days before they take effect. Questions about this policy or about how we handle personal data can be sent to contact@devorasystems.com or by post to Devora Systems, 1209 Mountain Road Pl NE, STE R, Albuquerque, NM 87110, United States. California residents have additional rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information; we do not sell personal information.