Privacy Policy

1. Introduction

InfinityDevops (“we,” “our,” “us,” or “the Company”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your data when you visit our website (www.infinitydevops.com), use our DevOps services, or otherwise interact with us.

By accessing our website or engaging our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our website and services immediately.

This policy applies to all individuals including visitors, clients, prospective clients, partners, and employees who interact with InfinityDevops through any digital or physical channel.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily submit to us, including but not limited to:

• Identity Information: Full name, job title, company name, and designation.
• Contact Information: Email address, phone number, and mailing address.
• Account Information: Username, password (encrypted), and account preferences when you create a portal account or client dashboard.
• Communication Data: Messages, inquiries, feedback, and support tickets submitted through our website contact form, email, or support channels.
• Billing Information: Invoice details, company billing address, and payment references. Note: We do not store full credit/debit card numbers on our servers. Payment processing is handled by third-party PCI-DSS-compliant payment processors.
• Project & Technical Data: Infrastructure details, server configurations, deployment requirements, and technical documentation you share with us in the course of receiving DevOps services.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Log Data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visits, and time spent on pages.
• Device Information: Device type, screen resolution, and hardware model.
• Cookie Data: Session cookies, preference cookies, and analytics cookies as described in Section 7 of this Policy.
• Usage Analytics: Click patterns, scroll depth, and navigation behavior collected via analytics platforms (e.g., Google Analytics).

2.3 Information from Third Parties

We may receive information about you from:

• Cloud Platform Partners: AWS, Microsoft Azure, and Google Cloud Platform in connection with services we configure and manage on your behalf.
• Integration Tools: CI/CD platforms, container registries, and monitoring tools (including Jenkins, Docker Hub, Kubernetes, Grafana, Prometheus, and ELK Stack) where you have authorized InfinityDevops to act on your behalf.
• Referral Sources: Partner organizations or vendors who refer you to our services.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Providing, configuring, and managing DevOps services (CI/CD pipelines, cloud infrastructure, containerization, monitoring, etc.) as contracted.
• Setting up and maintaining your cloud environments on AWS, Azure, or GCP.
• Performing infrastructure automation, configuration management, and deployment operations on your behalf.

3.2 Account and Contract Management

• Creating and managing client accounts and service agreements.
• Processing subscriptions, invoices, and payments.
• Communicating regarding service plans (Basic, Standard, Enterprise, Custom).

3.3 Communication and Support

• Responding to inquiries, support tickets, and technical issues.
• Sending service updates, maintenance notifications, and incident alerts.
• Providing 24/7 support communications where applicable under your plan.

3.4 Security and Compliance

• Monitoring for unauthorized access, fraud, and security incidents.
• Maintaining records for security audits and compliance verification.
• Implementing DevSecOps practices and compliance requirements on behalf of clients under Enterprise and Custom plans.

3.5 Service Improvement

• Analyzing usage patterns to improve our website and service offerings.
• Conducting internal research and performance benchmarking.
• Developing new features, tools, and service packages.

3.6 Legal Obligations

• Complying with applicable laws, regulations, and government requests.
• Enforcing our contractual rights and Terms & Conditions.
• Resolving disputes and defending legal claims.

3.7 Marketing (With Consent)

• Sending newsletters, blog updates, and promotional offers where you have opted in.
• You may unsubscribe from marketing emails at any time via the unsubscribe link or by emailing support@infinitydevops.com.

4. Legal Basis for Processing (GDPR & Applicable Laws)

Where applicable under data protection regulations, we process your data on the following legal bases:

• Contractual Necessity: To fulfill our service agreement with you.
• Legitimate Interests: To improve our services, ensure security, and grow our business, where such interests are not overridden by your rights.
• Legal Obligation: To comply with applicable laws and regulatory requirements.
• Consent: For marketing communications and non-essential cookies, where you have provided explicit consent.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

5.1 Service Providers and Subprocessors

We engage trusted third-party vendors to assist with service delivery, including:

• Cloud platforms: Amazon Web Services (AWS), Microsoft Azure, Google Cloud.
• Payment processors: Third-party billing and invoicing services.
• Analytics providers: Web analytics platforms for website improvement.
• Communication tools: Email and support ticketing platforms.

All subprocessors are contractually bound to handle data with appropriate security and confidentiality.

5.2 Business Partners

With your consent and as required to deliver contracted services, we may share technical or configuration data with our certified technology partners (e.g., Docker, Kubernetes ecosystem vendors).

5.3 Legal Requirements

We may disclose your data when required to do so by law, court order, or government authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you of any such change and your options in that event.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

• Active client data: Retained for the duration of the service engagement.
• Billing and invoice records: Retained for a minimum of 7 years for financial compliance purposes.
• Support and communication records: Retained for up to 3 years after the last interaction.
• Website analytics data: Retained in aggregated, anonymized form for up to 2 years.

Upon expiry of the retention period, data is securely deleted or anonymized.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience.

7.1 Types of Cookies Used

• Strictly Necessary Cookies: Essential for website functionality.
• Performance/Analytics Cookies: Help us understand how visitors use our site.
• Preference Cookies: Remember your settings and preferences.
• Marketing Cookies: Used with your consent to deliver relevant content.

7.2 Managing Cookies

You may control cookie preferences through your browser settings or via our cookie consent banner. Disabling certain cookies may affect website functionality.

8. Data Security

We implement robust technical and organizational security measures, including:

• TLS/SSL encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Role-based access controls (RBAC) for internal systems.
• Regular security audits, vulnerability assessments, and penetration testing.
• Multi-factor authentication (MFA) for internal and client-facing systems.
• Incident response and breach notification procedures.

While we take all reasonable precautions, no system is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours of becoming aware, in accordance with applicable regulations.

9. Your Rights

Subject to applicable law, you have the following rights regarding your data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data where no longer necessary.
• Right to Restrict Processing: Request limitation of how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at support@infinitydevops.com. We will respond within 30 days of receiving your request.

10. Children's Privacy

Our services are intended exclusively for business clients and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected data from a minor, we will delete it promptly.

11. International Data Transfers

InfinityDevops is based in Bangladesh. If you are accessing our services from outside Bangladesh, your data may be transferred to and processed in Bangladesh or other jurisdictions where our cloud infrastructure and subprocessors operate (including the United States and the European Union). We ensure that such transfers are protected by appropriate safeguards, including data processing agreements with our subprocessors.

12. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via email or a prominent notice on our website at least 14 days before the changes take effect. Continued use of our services after changes constitute acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy, please contact our Data Privacy team: