Privacy Policy

This document describes the policy of the Indevious Labs website ( and blog ( with regard to our users’ (including visitors, readers, and members) private data and personally identifiable information (PII) as of July 1st, 2019.

Policy Date July 1st, 2019
Policy Version 1.0.0
Policy URL

Who we are

Indevious Labs is a software development company doing business as “Indevious” and/or “Indevious Labs” and located in North Carolina, the United States of America. Our official website address is

Privacy Philosophy

Indevious Labs strongly supports individual privacy and user data autonomy. Our privacy approach is based around two guiding principles:

That is, we store user data, even relatively innocuous user data like email addresses and gravatar images, only when and if absolutely necessary. And even then, we only use that data if we have to, as required by law, or for a core (and publicized) aspect of our business.

What personal data we collect and why we collect it


When visitors leave comments on the Indevious blog we collect the data shown in the comment form along with the visitor’s IP address, URL referer (if any) and browser user agent string.

We collect this data for the purpose of storing and publishing the visitor’s comment as well as for spam mitigation and general security.

Gravatar Images

When visitors leave comments on the Indevious blog, we may submit an anonymized string created from the visitor’s email address (also called a hash) to the Gravatar service to see if the visitor has a registered profile image. The Gravatar service privacy policy is available here:

After approval of the visitor’s comment, their Gravatar profile image, if any, will be publicly displayed in the context of the visitor’s comment.


When visitors leave comments on the Indevious blog, any media (pictures, video, audio clips, etc.) provided in the context of the comment are typically published as part of the comment without modification. Depending on the origin of the media, such media artifacts may contain personally identifiable information such as EXIF or GPS data, and the visitor assumes all liability for posting them.

Avoid uploading or linking to private images unless you’ve taken care to strip them of embedded metadata (EXIF GPS). This is a good security practice for all websites because other visitors to the website can potentialy download and extract any location data from images on the website.

Contact forms

When visitors fill out contact forms on the Indevious website or blog, we collect the data shown in the contact form along with the visitor’s IP address and browser user agent string.

We collect this data for the purpose of storing and publishing the visitor’s message as well as for spam mitigation and general security.


If you leave a comment on the Indevious blog you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Indevious Labs may use third-party website analytics services such as Google Analytics in order to track website traffic and performance over time. Such services typically collect visitors’ IP address, URL referer (if any), user agent string, and other anonymized data as governed by the third party service’s privacy policy.

Who we share your data with

Indevious Labs does not share your personal information or other sensitive user data with any person or agency except as and if required by law. We may, from time to time, publicize anonymized aggregate statistics regarding website reach, traffic, and performance.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. Indevious Labs firmly believes that comments are the most important part of a blog and constitute a permanent and valuable addition to the published content. User may, however, request deletion or anonymization of their comments by contacting

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service. Third-party login data, such as for Facebook or Twitter integrated logins, may be sent to Facebook and/or Twitter.

Your contact information

Visitor contact information, as provided in comment forms, contact forms, and registration pages, is never shared with third parties except as and if required by law. The name and URL portion of the comment form will be publicly displayed in the context of the comment. Other fields, such as the commenter’s email address, will remain private, and Indevious Labs will never contact you directly without prior opt-in by the user.

Additional information

How we protect your data

Indevious Labs makes reasonable efforts to follow industry best practices with regard to the security and retention of user data. In particular, we avoid storing sensitive personal information (such as credit cards or user passwords) of any kind.

What data breach procedures we have in place

In the event of a data breach, the Indevious Labs blog will publish a summary of the event and the steps, if any, users should take to mitigate. As Indevious Labs stores no sensitive or privileged user data of any kind, this is unlikely to occur.

What third parties we receive data from

Indevious Labs doesn’t currently receive user data of any kind from third-party providers.

What automated decision making and/or profiling we do with user data

Indevious Labs may engage in automated detection and mitigation of malicious logins, denial of service attacks, high volume spam comments, and the like.

Questions about this privacy policy should be directed to our resident Data Protection Officer (DPO) at