Back to Deviance
Legal

Privacy Policy

Last updated: 2026-05-17

This Privacy Policy describes how Deviance ("Deviance", "I", "me" or "my") collects, uses and protects your personal data when you visit dev1ance.com or use the mentorship service. Deviance is operated by a single individual based in the European Union.

1. Data controller

The data controller for the purposes of the EU General Data Protection Regulation (GDPR) is the individual operating Deviance. You can reach out at contact@dev1ance.com.

2. What data I collect

  • Identification & contact data: full name and email address, provided when you sign the NDA or pay for the mentorship.
  • Payment data: Stripe customer ID, Stripe session ID and payment status. I never see or store your full card number; Stripe handles all card data.
  • NDA audit data: the IP address and user agent used at the time you sign the NDA, plus the signed text and timestamp, kept as proof of consent.
  • Discord handle: if you provide it during onboarding, so I can add you to the private server.
  • Technical data: minimal server and analytics logs from Vercel (hosting) and basic Supabase logs (database).

3. Why I collect it

  • To process your payment and deliver the mentorship service.
  • To enforce and prove the NDA you sign before joining the private community.
  • To grant and manage access to the private Discord server and 1-on-1 sessions.
  • To comply with tax, accounting and other legal obligations.
  • To protect against fraud, abuse and unauthorized access.

4. Legal bases (GDPR Art. 6)

  • Performance of a contract: processing payments, granting access, providing 1-on-1 sessions.
  • Legal obligation: retaining invoices and transaction data for the period required by tax law.
  • Legitimate interest: NDA enforcement, fraud prevention and basic analytics to improve the site.
  • Consent: where you explicitly opt in (for example, marketing emails, if any).

5. Who I share data with

I share data only with the processors strictly required to run the service:

  • Stripe (payments)  ·  PCI-DSS compliant, EU/US data transfers under SCCs.
  • Resend (transactional email).
  • Supabase / Postgres (database).
  • Vercel (hosting and basic analytics).
  • Discord (private community access).

I do not sell your data and I do not share it with third parties for their own marketing.

6. International transfers

Some processors are located outside the European Economic Area (for example, Stripe and Discord in the United States). When data leaves the EEA, I rely on Standard Contractual Clauses or equivalent safeguards provided by each processor.

7. Data retention

I keep your account and signature data for as long as your access to Deviance is active, plus up to 6 years after termination to comply with tax and legal obligations. NDA audit logs are retained for the same period. You can request earlier deletion at any time, subject to legal retention requirements.

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data I hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion ("right to be forgotten"), subject to legal retention.
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Lodge a complaint with your local supervisory authority if you believe your rights have been violated.

To exercise any of these rights, email contact@dev1ance.com.

9. Cookies

The site uses only essential cookies and minimal first-party analytics provided by Vercel. No third-party advertising cookies are set.

10. Changes to this policy

I may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email or via the site.