Privacy,
without a hosted middle layer.

This Privacy Policy describes how the DevQuota browser extension (the “Extension”) and any related websites, services, or communications operated by the Publisher under the DevQuota brand (collectively, the “Service”) handle information when you install and use them. It applies only to the Service itself; it does not replace the privacy policies of the third-party AI assistant services, developer tools, payment processors, affiliate partners, webhook endpoints, or any other third-party destinations you choose to connect to, or interact with through, the Service.

The Service is published by Analytigo (the “Publisher”), based in Romania. For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, the Swiss Federal Act on Data Protection (FADP), and any equivalent law, the Publisher is the data controller for any personal data it processes in connection with the Service. Because the Extension currently runs locally in your browser and does not transmit personal data to the Publisher, the Publisher’s processing today is limited to (a) messages you send through the contact form on /contact, (b) correspondence you initiate via support@devquota.com, and (c) limited technical metadata generated by our infrastructure provider when you visit devquota.com. The Publisher does not currently operate analytics, advertising, telemetry, or profiling servers for the Service.

• The Extension runs locally in your browser.
• All data the Extension stores — settings, usage snapshots, billing readings, alert history, activity logs, and any credentials you provide — stays in browser-managed extension storage on your device.
• The Publisher does not receive, collect, transmit, or aggregate your extension data.
• The Extension sends data outside your browser only in response to your own configuration — for example, by signing into a third-party service it monitors, or by configuring a webhook destination you control.
• The only personal data the Publisher actively receives today is the content you voluntarily send through the contact form or by emailing support@devquota.com.
• The Publisher does not sell or share personal data for cross-context behavioral advertising, and does not use personal data to train, fine-tune, or evaluate any artificial-intelligence or machine-learning model.
• This Policy also describes how personal data would be handled if and when the Publisher introduces future features such as paid plans, affiliate links, or opt-in analytics. Those sections are labelled “reserved” where no such processing occurs today.

The Extension stores the following in browser-managed extension storage on your device:

• Configuration: enabled sources, source-specific settings, preferences, alert rules, destinations, assistant-related settings, UI state.
• Runtime data: usage snapshots, quota readings, billing-related readings, alert state and history, refresh state, diagnostics, and activity logs produced by the Extension runtime.
• Credentials you provide: optional secrets (for example, bearer tokens, API keys) you enter into the Extension so it can read from services on your behalf. These are stored in browser-managed extension storage with whatever local protection the platform provides.

• No publisher-run analytics, behavioral tracking, or telemetry.
• No advertising identifiers.
• No data brokerage, sale, or sharing for cross-context behavioral advertising.
• No automatic upload of extension data to any server controlled by the Publisher.
• No crash or error reports sent off-device by the Extension.
• No prompts, completions, file contents, source code, or third-party account content.
• No biometric or genetic identifiers, precise geolocation, or other special categories of personal data (GDPR Article 9) collected by the Extension.
• No automated decision-making or profiling within the meaning of GDPR Article 22. The Extension displays, summarizes, and alerts on signals you have asked it to monitor; it does not make decisions that produce legal or similarly significant effects on you.

The Extension and the devquota.com website transmit data outside your browser only in the following circumstances:

• To third-party services you monitor.When you enable a source (for example, Cursor, ChatGPT, Claude, or GitHub Copilot), the Extension makes requests to that service using your existing browser session — including, where available, the session cookies your browser already holds for that host — so it can read quota, usage, billing, and related account signals. These requests go directly from your browser to the third-party service and are governed by that service’s own privacy policy and terms. Cookies are read only for the hosts you have enabled a source for; the Extension does not read cookies for any other site.
• To webhook destinations you configure. If you set up a webhook destination, the Extension sends the payloads you have configured to the webhook URL you provided. Neither the URL nor the payload is routed through the Publisher.
• Browser notifications and console delivery are handled entirely within your browser environment.
• To the Publisher, via the contact form or support email. See Section 08.
• To the Publisher’s infrastructure provider, when you visit the website. See Sections 07 and 13.

The Publisher does not receive, proxy, log, or otherwise access any of the Extension-to-third-party requests or responses described above.

For some sources, the Extension reads a session bearer or API credential from your browser in order to call the same authenticated endpoints you already use on the third-party service. Where such credentials are captured, they are stored on your device as described in Section 03 and are used only to make the authenticated requests the Extension is configured to make. Credentials are never transmitted to the Publisher.

In the Extension. The Extension uses the browser’s cookies permission to read session cookies that your browser already holds for hosts you have explicitly enabled as a source. The Extension does so only to make authenticated requests to those hosts on your behalf, in the same way your logged-in browser tab does. The Extension does not set its own cookies or similar identifiers, and does not use cookies for advertising, profiling, or cross-site tracking.

On devquota.com. The website itself does not set advertising, analytics, or profiling cookies. When you load the contact page, the Publisher embeds a Cloudflare Turnstile anti-abuse challenge (see Section 13) that may set strictly-necessary cookies or local-storage items managed by Cloudflare solely to defend against spam and automated abuse. These are treated as strictly necessary under the ePrivacy Directive Article 5(3) exemption and do not require opt-in consent.

If the Publisher later introduces features that require placing cookies, local-storage identifiers, pixels, tags, or similar technologies that would trigger consent requirements under the ePrivacy Directive, the GDPR, or equivalent local law, the Publisher will present an appropriate consent interface and will not rely on implicit consent for non-strictly-necessary categories.

The contact form on devquota.com collects the following data that you enter:

• your name (as provided by you);
• your email address; and
• the free-text message you compose.

In addition, the Publisher and its infrastructure provider (Cloudflare; see Section 13) process limited technical metadata that is inherent to any internet request — including your IP address, user-agent string, the request timestamp, and a Turnstile challenge token — in order to validate the submission and enforce per-IP rate limits (5 submissions per minute per IP). This metadata is processed in memory by our Worker runtime and is not joined to, or persisted alongside, the form contents.

Purpose and lawful basis (GDPR Article 6(1)(f)). The Publisher processes contact-form submissions and support emails under the legal basis of legitimate interests: replying to your request, resolving support or abuse reports, keeping records necessary to exercise or defend legal claims, and protecting the integrity of the Service against automated abuse. The Publisher has balanced this interest against your rights and freedoms under GDPR Article 6(1)(f); you may object under Section 12.

Recipients and delivery path.Contact-form messages are delivered through Cloudflare Email Routing to the Publisher’s support inbox. They are not forwarded to marketing tools, CRMs, analytics pipelines, or advertising partners. The Publisher’s incidental use of email infrastructure — in particular the inbox provider hosting support@devquota.com — acts as a sub-processor solely for the purpose of email delivery and storage.

Retention. Messages remain in the support inbox for as long as reasonably necessary to handle the request and to keep an audit trail of support activity — typically up to 24 months — after which they are deleted unless a specific operational, legal, or tax reason requires a longer retention period.

What not to send. You should not send passwords, API keys, session tokens, cryptographic private keys, financial-account credentials, government identifiers, or any sensitive or special-category personal data through the contact form or support email. The Publisher cannot be responsible for data you voluntarily disclose that was not necessary for the Publisher to reply to your request. If you send such data anyway, the Publisher may redact or delete it on receipt.

Unsolicited ideas and feedback.Any product feedback, feature requests, bug reports, or suggestions you send through the contact form or support email are subject to the “Feedback” clause of the Terms of Service.

When you visit devquota.com, the Publisher’s infrastructure provider (Cloudflare; see Section 13) processes the request at the network layer. This processing necessarily involves your IP address, user-agent, request method, URL, response status, and timing. These request logs are retained and managed by Cloudflare under its own privacy notice and are used by the Publisher only for security, fraud-prevention, rate-limiting, and debugging. The Publisher does not maintain its own application-level access logs that associate you with activity on the website.

Extension-managed data stays on your device until:

• you delete it through the in-extension Clear all datacontrol (Settings > Developer);
• you uninstall the Extension; or
• your browser profile is removed.

There is no server-side copy under Publisher control. The Publisher has no mechanism to retrieve, restore, or audit your local data.

Contact-form and support data is retained as described in Section 08 (typically up to 24 months). Infrastructure logs follow the retention schedule of the relevant sub-processor (see Section 13). If future features cause personal data to be retained on Publisher-controlled systems, this Section will be updated to describe the applicable retention period and the criteria used to determine it.

Where the Publisher acts as a data controller, the legal bases for processing are:

• Legitimate interests (Article 6(1)(f)) for responding to messages you send through the contact form or to support@devquota.com, for investigating abuse or security incidents affecting the Service, for enforcing the Terms of Service, and for exercising or defending legal claims.
• Consent (Article 6(1)(a)) for any future opt-in feature (for example, opt-in diagnostic telemetry, newsletters, or optional integrations). Consent is collected before processing begins and may be withdrawn at any time; withdrawal does not affect the lawfulness of processing before withdrawal.
• Performance of a contract (Article 6(1)(b)) for any future paid features, to the extent processing of billing, entitlement, and account information is necessary to provide the paid features you have purchased.
• Compliance with a legal obligation (Article 6(1)(c)) for retaining records required by tax, accounting, consumer-protection, or other applicable law if and when the Publisher issues paid invoices or receives a legally binding request.

You can exercise the following controls directly inside the Extension:

• Access / export — use Settings > Developer > Export settings to download a JSON snapshot of all Extension-managed data.
• Deletion — use Settings > Developer > Clear all data to wipe every Extension-managed setting, snapshot, log, and stored credential. Deletion is immediate and local.
• Full removal — uninstalling the Extension removes all local state the Extension owned.

For any personal data you voluntarily send the Publisher (for example, by emailing support@devquota.comor by using the contact form), under GDPR and equivalent laws you may have the right to: access your personal data; request rectification of inaccurate data; request erasure (“right to be forgotten”); request restriction of processing; object to processing based on legitimate interests; receive your personal data in a portable, machine-readable format; withdraw consent at any time where consent is the legal basis; and not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you (no such decision-making happens today).

Requests to exercise these rights can be sent to privacy@devquota.com (or, if that address is unreachable, to support@devquota.com). The Publisher will respond within the timeframe required by applicable law (typically one month under the GDPR, extendable by two further months for complex requests).

If you are in the European Economic Area and believe the Publisher has handled your personal data in violation of applicable data-protection law, you may lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP, https://www.dataprotection.ro/) or with the supervisory authority in your country of residence.

The Publisher engages the following sub-processors in connection with the Service today:

Cross-border transfers of personal data outside the European Economic Area, the United Kingdom, and Switzerland rely on Standard Contractual Clauses adopted by the European Commission, the UK Addendum to the EU SCCs, and equivalent safeguards recognised by Swiss law. Where the sub-processor is certified under an applicable adequacy framework (for example, the EU–US Data Privacy Framework) the Publisher additionally relies on that adequacy decision.

If and when the Publisher introduces features that rely on additional sub-processors (for example, a payment processor for paid features, an error-reporting service, or a hosted analytics pipeline that you have opted into), the Publisher will maintain an up-to-date list of sub-processors on this page and will ensure, where required, that appropriate safeguards are in place for any cross-border transfer.

The Extension relies on the security of your browser’s extension-storage subsystem and the security of your operating system. The Publisher does not store secrets on your behalf and cannot offer server-side protections it has no access to. You are responsible for keeping your device, browser profile, and account credentials secure.

For the website and the contact form, the Publisher applies technical and organisational measures appropriate to the risk, including transport encryption (TLS), at-rest encryption by the underlying sub-processors, least-privilege access to the support inbox, IP-based rate limiting, and anti-automation challenges. No method of transmission or storage is perfectly secure, and the Publisher cannot guarantee absolute security.

If personal data held by the Publisher is ever affected by a security breach subject to a notification obligation under applicable law, the Publisher will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in line with GDPR Article 33, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms under GDPR Article 34.

The Service is not directed at children under 13 (or the equivalent minimum age in your jurisdiction, for example 16 in much of the EEA and 14 in certain jurisdictions). The Publisher does not knowingly collect personal data from children under those ages. If you believe a child has installed and used the Extension, uninstall it and run Clear all data to remove any Extension-managed information from the device. If you believe the Publisher has received personal data relating to a child, please contact support@devquota.com so the information can be deleted.

In the United States, the Publisher complies with the Children’s Online Privacy Protection Act (COPPA) to the extent applicable; the Service is not designed to attract children under 13 and will not knowingly process their personal data without verifiable parental consent.

The Service is offered from Romania (EU). By using the Service, you understand that your personal data may be processed in, and transferred to, the countries where the Publisher and its sub-processors maintain operations (see Section 13). Where transfers cross borders, they are subject to the safeguards described in Section 13.

The Service is currently free of charge. If and when the Publisher introduces paid features, payments will be processed through one or more third-party payment processors. Those processors will collect and process billing data (such as payment-method details, billing address, and transaction history) as independent or joint data controllers under their own privacy policies. The Publisher will:

• disclose the identity of the payment processor before you transact;
• receive only the minimum billing metadata necessary to provision the feature and to meet tax, accounting, and anti-fraud obligations;
• retain billing records for the period required by applicable tax and commercial law; and
• not sell or share billing data for marketing purposes.

This Section will be updated with concrete processor names and retention periods before any paid feature is offered.

The Service does not currently include affiliate links, referral codes, sponsored content, or commission-bearing links. If and when such content is introduced, the Publisher will:

• disclose the commercial nature of the content to the extent required by applicable law or industry guidance;
• avoid setting tracking cookies or identifiers for affiliate or advertising purposes without first obtaining any consent required under applicable law (see Section 07);
• not share your personal data with affiliate or referral partners beyond what is strictly necessary to credit a legitimate referral; and
• update this Section to describe the partners, categories of data shared, and the consent mechanism (if any).

The Publisher does not currently operate analytics or telemetry. If an analytics or diagnostic-telemetry feature is introduced in the future, it will be:

• opt-in rather than opt-out;
• scoped to aggregated, pseudonymized, or anonymized signals to the maximum extent reasonable;
• disclosed in advance in this Policy with the categories of data collected, the retention period, and any sub-processor involved; and
• subject to withdrawal of consent at any time, with no impact on the continued functioning of the core Service.

The Publisher does not use your Extension data, contact-form content, support correspondence, feedback, or any other personal data it receives to train, fine-tune, evaluate, or otherwise improve any artificial-intelligence or machine-learning model, whether operated by the Publisher or by a third party. The Publisher does not sell, share, or otherwise make such data available to third parties for AI or ML training. If the Publisher ever intends to use personal data for these purposes, it will update this Policy in advance, describe the categories of data and the purposes, and — where required by applicable law — obtain your prior opt-in consent.

The Publisher does not make decisions based solely on automated processing — including profiling — that produce legal or similarly significant effects on you within the meaning of GDPR Article 22. The Extension’s alerting, aggregation, and display features are not decisions about you; they are summaries of signals you configured the Extension to read on your behalf.

Because the Publisher does not operate tracking, advertising, or analytics pipelines on devquota.com today, Do Not Track (“DNT”) headers and Global Privacy Control (“GPC”) signals are not currently meaningful for the Service — there is nothing to turn off. If the Publisher later introduces features that would fall within the scope of either signal, the Publisher will honour those signals to the extent required by applicable law (in particular, by treating a GPC signal as a valid opt-out of sale or sharing under the CCPA/CPRA — see Section 26).

The Publisher aims to make the Service, including this Policy and the Terms, reasonably accessible to people with disabilities, in line with the Web Content Accessibility Guidelines (WCAG) 2.1 AA to the extent practicable. If you encounter an accessibility barrier with the website, the Extension, or either policy document, please let the Publisher know at support@devquota.com and the Publisher will work with you on an alternative format or accommodation.

If you are located in the EEA or Switzerland:

• The Publisher is the data controller (Section 01).
• The legal bases for processing are set out in Section 11.
• Your rights are described in Section 12.
• The data retention periods are described in Sections 08 and 10.
• The sub-processors and cross-border transfer safeguards are described in Section 13.
• You may complain to the Romanian National Supervisory Authority (ANSPDCP, https://www.dataprotection.ro/) or, for Swiss residents, to the Federal Data Protection and Information Commissioner (FDPIC, https://www.edoeb.admin.ch/).

If you are located in the United Kingdom, the UK GDPR and the Data Protection Act 2018 apply to the Publisher’s processing of your personal data in materially the same way as the EU GDPR. You may complain to the Information Commissioner’s Office (ICO, https://ico.org.uk/) at any time.

This Section applies to residents of the State of California under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”).

Categories of personal information collected in the last 12 months. Depending on whether you contact the Publisher or merely visit the website, the Publisher may collect: identifiers (name, email address, IP address); internet or other electronic network activity information (user-agent, request metadata, Turnstile token); customer records (free-text content of messages you submit); no inferences; and no sensitive personal information intentionally collected.

Business or commercial purposes for collection. To respond to your inquiries, secure and protect the Service against abuse, enforce the Terms of Service, comply with law, and exercise or defend legal claims.

Categories disclosed for a business purpose. Identifiers and customer records are disclosed to the sub-processors listed in Section 13 strictly for the delivery, storage, and anti-abuse purposes described there. The Publisher has not sold or shared personal information for cross-context behavioral advertising in the last 12 months and does not do so today.

Your California rights. Right to know, right to delete, right to correct, right to opt out of sale or sharing, right to limit use of sensitive personal information, and right to non-discrimination for exercising any of these rights. To exercise these rights, email privacy@devquota.com (or support@devquota.com) from the address associated with your request, or send a message through the contact form describing your request. The Publisher may verify your request by asking you to confirm ownership of the email address on file or to provide additional identifying information proportionate to the sensitivity of the request. You may designate an authorized agent; the Publisher may require proof of authorization and your direct verification.

Global Privacy Control.The Publisher honours a valid GPC signal as an opt-out of sale or sharing to the extent applicable. Because the Publisher does not sell or share today, this currently has no operational effect but will be honoured automatically if the Publisher’s practices change.

Residents of other US states that have enacted comprehensive consumer privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), Delaware (DPDPA), New Hampshire, New Jersey, Minnesota, Rhode Island, Maryland, Kentucky, and any other state whose law becomes operative after this document was last updated — have substantially similar rights to those described in Section 26, including rights to access, correct, delete, port, and opt out of targeted advertising, sale, or profiling that produces legal or similarly significant effects. The Publisher does not conduct targeted advertising or sell personal data, and does not engage in profiling that produces legal or similarly significant effects. You may exercise your rights by emailing privacy@devquota.com (or support@devquota.com), and if the Publisher denies your request you may appeal by replying to the denial email; an appeal will be reviewed and answered within the timeframe required by your state’s law.

If you are located in Brazil, the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, “LGPD”) applies to the Publisher’s processing of your personal data. You have rights equivalent to those described in Section 12, including rights to confirmation of processing, access, correction, anonymization or deletion, portability, information about sharing, and revocation of consent. You may exercise these rights by emailing privacy@devquota.com (or support@devquota.com). You may also lodge a complaint with the Brazilian National Data Protection Authority (ANPD, https://www.gov.br/anpd/).

If you are located in Canada, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, for residents of Quebec, the Act respecting the protection of personal information in the private sector (as modernized by Law 25) apply. You have rights to access, correct, and, in certain cases, delete your personal information; to withdraw consent subject to legal or contractual restrictions; and to file a complaint with the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/) or the Commission d’accès à l’information du Québec (https://www.cai.gouv.qc.ca/).

The Publisher is established in the European Union (Romania). A designated Data Protection Officer is not mandatory under GDPR Article 37 for the Publisher’s current processing activities; the Publisher will appoint one if its processing activities change in a way that makes designation mandatory. A separate EU representative under GDPR Article 27 is not required because the Publisher is established in the Union. Privacy-related enquiries can be sent to privacy@devquota.com (or support@devquota.com).

The Publisher may update this Privacy Policy from time to time, including to reflect new features, new sub-processors, new legal requirements, or changes to the Publisher’s business. The current version always carries a Last updateddate at the top of this document. Material changes — for example, new categories of data collected, new recipients, or the introduction of features described as reserved in this Policy — will additionally be surfaced in the Service’s release notes, and where a legally significant change is made, the Publisher will take reasonable steps to bring the change to your attention (for example, via an in-Service notice). Continued use of the Service after an update takes effect constitutes acceptance of the updated Policy.

“Cursor”, “ChatGPT”, “Claude”, “GitHub Copilot”, “Gemini”, “OpenAI”, and “Anthropic” are trademarks of their respective owners. “Google”, “Chrome”, and “Chrome Web Store” are trademarks of Google LLC. “Cloudflare” and “Turnstile” are trademarks of Cloudflare, Inc. DevQuota is not affiliated with, endorsed by, or sponsored by any of them. All other trademarks are the property of their respective owners.

Questions about this Privacy Policy, data-subject rights requests, and privacy-related complaints can be sent to privacy@devquota.com. Copyright takedowns should go to dmca@devquota.com, and general support to support@devquota.com. All three aliases are delivered to the same support inbox and will reach the Publisher if one of the others is unavailable.