Log in Book a demo

Security & Compliance

Deventura is a privacy-first analytics platform designed to analyze and improve developer activity without storing source code. We follow strict GDPR practices, apply security by design, and use responsible AI with minimal data footprint.

Overview

Deventura is built with enterprise-grade protections and transparent practices at its core. This page provides detailed information about our security measures, compliance standards, and data handling practices to help you make informed decisions about your organization's data.

Data Privacy

We act as a Data Processor under GDPR and never use customer data for training AI models.

Key Principles

  • No raw code stored: Only metadata and diff-based metrics are processed
  • Personal data minimized: We store only what's needed to provide the service
  • Retention: All customer data is deleted or anonymized within 60 days of contract termination
  • Right to audit: Enterprise customers may audit us

Subprocessors

Name Purpose Region Data Stored
Google Cloud Hosting & storage EU Yes
Anthropic LLM code analysis US* No retention

*All international transfers are secured using Standard Contractual Clauses (SCCs)

AI Governance

For detailed information about our AI practices, please visit our AI Transparency page.

Claude (Anthropic) AI Usage

What is processed by Claude:

  • Employee identifiers
  • Activity history
  • Comparative data
  • Code context (merge request content, diff summaries)

What Claude generates:

  • Individual feedback
  • Manager tools
  • Insight transparency notes

Security and limits:

  • No retention: Anthropic does not store any data after processing
  • Strict scope: Only metadata and content required for analysis
  • Usage controls: Token usage is tracked per customer organization

Security Measures (TOMs)

Our technical and organizational measures are aligned with ISO 27001 and GDPR Article 32 requirements.

Highlights

  • Encryption: AES-256 at rest, TLS 1.2+ in transit
  • Authentication: Username/password and SSO via Google login, role-based access control
  • Monitoring: All access to sensitive data is logged and reviewed
  • Backups: Encrypted and gradually deleted within 14 days post-termination
  • Incident response: Breach notifications occur within 72 hours as per GDPR

Infrastructure Security

Our infrastructure runs on Google Cloud Platform, using managed services for databases, container orchestration, networking, secret management, and logging. This allows us to benefit from Google's world-class security infrastructure and compliance certifications.

International Transfers

Our primary data storage is in Google Cloud EU regions.

  • Where subprocessors are outside EU/EEA, we apply Standard Contractual Clauses (SCCs)
  • Customers are notified of any changes in subprocessors and may object within 14 days

Your Responsibilities as Controller

Deventura provides the infrastructure — as a customer, you are the data controller.

Customer responsibilities include:

  • Informing your developers of the data being processed
  • Ensuring your legal basis for processing under GDPR
  • Managing internal access to analytics data and reports

Contact & Policies

General inquiries: privacy@deventura.com

Data Protection Officer: dpo@deventura.com

Additional Information

GDPR Compliance

All operations and data practices are fully compliant with the EU's General Data Protection Regulation. We maintain comprehensive records of processing activities and conduct regular privacy impact assessments.

No Sale of Personal Data

We do not sell any personal data, including as defined under the California Consumer Privacy Act (CCPA). Your data is used exclusively to provide and improve our services for your organization.

Trust through Transparency

We believe in being upfront about how we operate. We're happy to share our security practices with customers and answer any questions about our data handling procedures.

Your trust is our priority. We continuously review and improve our security posture to protect your data.

Legal Documents

Privacy Policy Terms of Service Data Processing Agreement
Get started

Ready to Grow Your Engineering Team?

Join CTOs and VPs of Engineering who trust Deventura with their developer insights. Book a demo to see how we can help your team grow while keeping your data secure.

Book a demo

Security you can trust