Privacy Policy

Last updated:

1. Introduction

Device Prophet (“we,” “our,” or “us”) is committed to protecting your privacy and the security of your technical data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and IoT security assessment tools.

We operate with a “Security by Design” philosophy: we only collect the data necessary to generate your reports and improve our logic engine.

2. Information We Collect

Assessment Data

When you use the Device Prophet assessment tool, we collect technical specifications regarding your product. This includes:

  • Device Architecture: Processor type (SoC), memory constraints, connectivity modules, and operating systems.
  • Security Posture: Implementation details regarding Secure Boot, key storage, update mechanisms, and authentication protocols.
  • Market Context: Intended industry (e.g., Medical, Industrial) and target regions (e.g., EU, USA) to determine regulatory applicability.
  • Optional Context: If you request a Verified Prophecy, we collect the additional context and documentation files you voluntarily upload.

Contact & Inquiry Data

When you contact us via email or our contact forms, we collect:

  • Name and email address
  • Company name (optional)
  • The content of your message and inquiry type

Technical Usage Data

To maintain the security and performance of our platform, we automatically collect:

  • Log Data: IP address, browser type, and timestamp of your visit.
  • Analytics: Privacy-preserving, aggregated data regarding page visits and time spent on site (we do not use persistent tracking cookies for analytics).

3. How We Use Your Information

We process your data for specific, limited purposes:

  • Service Provision: To generate the automated “Prophecy” reports and risk timelines based on your assessment inputs.
  • Verified Reporting: To allow our security analysts to review your “Enhanced” submission and provide expert validation.
  • Communication: To send you the link to your report and respond to your support inquiries.
  • Algorithm Improvement: We use aggregated, anonymized assessment data to refine our risk logic (e.g., identifying that a specific SoC is becoming obsolete).
  • Security & Compliance: To prevent abuse of our tool and comply with legal obligations (such as GDPR).

4. Data Storage and Security

We implement enterprise-grade technical measures to protect your data:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest.
  • Secure Storage: Assessment data is stored in Cloudflare D1 (Database). Uploaded documentation is stored in Cloudflare R2 (Object Storage), which is explicitly configured for EU jurisdiction to ensure data residency within the region.
  • Access Control: Access to raw assessment data is strictly restricted to authorized security personnel needed to generate your report.

5. Data Retention

We practice data minimization and do not keep data longer than necessary:

  • Assessment Reports: Retained for 90 days to allow you to access and download your results.
  • Verified Report Artifacts: Data specifically uploaded for a human verification (e.g., architecture diagrams) is scheduled for permanent deletion in 14 days after the report is generated.
  • Contact Inquiries: Retained for 2 years to maintain a history of our business relationship.
  • Aggregated Analytics: Retained for 13 months in a non-identifiable format.

Note: You may request earlier deletion of your data at any time by contacting us.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and Finnish Data Protection Act, you have the following rights:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may correct inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): You may ask us to delete your personal data.
  • Right to Restriction: You may ask us to limit how we process your data.
  • Right to Object: You may object to the processing of your data.
  • Data Portability: You may request your data in a structured, machine-readable format.

Data Controller Information: For the purposes of the GDPR, the Data Controller is Device Prophet. While we are a specialized boutique firm and do not have a separate Data Protection Officer (DPO), all privacy-related requests are handled directly by the founder to ensure immediate attention.

To exercise any of these rights, please contact us at info@deviceprophet.com.

7. Data Sharing

We do not sell your data. We share data only in the following strict circumstances:

  • Service Providers: We use trusted infrastructure providers (specifically Cloudflare) to host our database and storage. They process data only according to our instructions.
  • Legal Obligations: If compelled by a valid court order or government regulation.
  • Business Transfers: If Device Prophet is acquired or merged, data may be transferred as a business asset (you would be notified of such a change).

8. Cookies and Local Storage

  • No Tracking Cookies: We do not use third-party tracking cookies (like those used for ad retargeting).
  • Local Storage: We use your browser’s Local Storage to save your progress in the assessment tool. This data stays on your device and is not sent to us until you submit the form.

9. International Data Transfers

Our infrastructure utilizes Cloudflare’s global network. We rely on Data Residency configurations to keep uploaded files within the EU. However, metadata or database content may be processed globally. We rely on Cloudflare’s Data Processing Addendum (DPA) and Standard Contractual Clauses (SCCs) to ensure your data receives a level of protection equivalent to EU standards when transit occurs.

10. Children’s Privacy

Our service is a B2B professional tool and is not intended for children under 13. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy to reflect changes in our service or regulations. The “Last Updated” date at the top of this page indicates the latest revision.

12. Contact Information

We operate as a digital-first entity. For the fastest response regarding privacy concerns or general inquiries, please contact us via email.

Email: info@deviceprophet.com Address: Kirvestie 18b, 33710 Tampere, Finland