1. Introduction
DevFlow ("we," "our," or "the app") is a mobile client for Azure DevOps that helps developers and teams manage work items, pull requests, pipelines, sprints, test cases, and repositories on the go.
This Privacy Policy explains what information we collect, how we use it, how it is stored, and your rights regarding your data. We take your privacy seriously and are committed to protecting your personal information.
By using DevFlow, you agree to the practices described in this policy. If you do not agree, please do not use the app.
2. Information We Collect
DevFlow operates as a client application that connects directly to your Azure DevOps organization. We do not operate our own servers to store your data. All work item, pipeline, repository, and project data is fetched from and sent to Microsoft Azure DevOps servers over HTTPS.
2.1 Information You Provide
| Data Type | Purpose | Storage |
|---|---|---|
| Azure DevOps organization name | Connect to your Azure DevOps account | Encrypted on device (EncryptedSharedPreferences) |
| Personal Access Token (PAT) or OAuth 2.0 access/refresh tokens | Authenticate with Azure DevOps APIs | Encrypted on device (EncryptedSharedPreferences) |
| Display name, email, avatar URL | Show your profile within the app | Encrypted on device (EncryptedSharedPreferences) |
| Selected project and team preferences | Scope the app to your project | Encrypted on device (EncryptedSharedPreferences) |
| Theme preference (Light / Dark / System) | Apply your chosen appearance | Encrypted on device (EncryptedSharedPreferences) |
2.2 Work Data (Azure DevOps)
When you use DevFlow to view or create work items, test cases, pull requests, pipelines, sprints, and other Azure DevOps entities, that data is:
- Retrieved from and sent to Microsoft Azure DevOps servers directly over HTTPS
- Not stored on any third-party server operated by DevFlow
- Temporarily cached on your device in an encrypted local database (Room) for offline access
2.3 Google Play Billing Information
If you subscribe to DevFlow Premium, purchase information is handled by Google Play Billing. We do not process or store payment information. Google Play manages all payment processing and billing details. We only receive a confirmation of your purchase status (active/inactive subscription) through the Google Play Billing Library.
3. How We Use Your Information
Your information is used solely for the following purposes:
- Authentication: Connecting to your Azure DevOps organization using your PAT or OAuth tokens
- App functionality: Displaying and managing your work items, pipelines, pull requests, sprints, test cases, and repositories
- Offline support: Caching data locally so you can work without an internet connection; changes sync automatically when you reconnect
- Premium subscription: Determining whether you have an active DevFlow Premium subscription (via Google Play Billing)
- App integrity: Verifying that the app has not been tampered with (via Google Play Integrity API)
4. Data Storage and Security
4.1 On-Device Storage
All sensitive data stored on your device is encrypted using EncryptedSharedPreferences (AES-256 encryption) for credentials and Room Database for cached work items and settings. This ensures that even if someone gains physical access to your device, your data remains protected.
4.2 Network Security
All communication between DevFlow and Azure DevOps servers uses HTTPS with TLS encryption. Additionally, DevFlow implements certificate pinning to ensure the app only trusts known Azure DevOps server certificates, preventing man-in-the-middle attacks.
4.3 App Integrity Protection
DevFlow uses the Google Play Integrity API to verify that the app installed on your device is genuine, unmodified, and was distributed through Google Play. We also perform APK signature verification at runtime to detect repackaged or tampered versions of the app.
5. Data Sharing and Third-Party Services
DevFlow interacts with the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Microsoft Azure DevOps (dev.azure.com) |
Core app functionality — work items, pipelines, repos, etc. | Your Azure DevOps credentials (PAT/OAuth tokens) and all work data you manage |
| Google Play Billing | Processing Premium subscription payments | Purchase tokens and subscription status only |
| Google Play Integrity API | App integrity attestation (anti-tampering) | Device integrity signals (no personal data) |
We do not use analytics services, crash reporting services, advertising SDKs, or any other third-party SDKs that collect user data.
6. Data Retention
Your data is retained on your device for as long as the app is installed. Cached work items, settings, and credentials are stored locally and are automatically deleted when you:
- Sign out from the app (Settings > Sign Out)
- Uninstall the application
- Clear app data from your device settings
Data stored in your Azure DevOps organization is managed by Microsoft according to their own privacy policy and terms of service.
7. Your Rights
You have the following rights regarding your data:
- Access: You can view all stored credentials and settings in the app's Settings screen
- Delete: You can delete all locally stored data by signing out (Settings > Sign Out) or uninstalling the app
- Modify: You can change your stored preferences (theme, project, organization) at any time in Settings
- Export: Your Azure DevOps work data can be exported from your Azure DevOps organization directly (dev.azure.com)
8. Children's Privacy
DevFlow is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected personal data from a child, please contact us and we will take steps to delete such information.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will update the "Last updated" date at the top of this policy. We encourage you to review this policy periodically.
For material changes, we will notify users through the app or by other appropriate means before the changes take effect.
10. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: ghazaryan.zhudeks.dev@gmail.com
GitHub: https://github.com/zhudeks
We will respond to privacy-related requests within 30 days.