HeroDevs

Data Privacy Framework Privacy Statement

HeroDevs' Data Privacy Framework Privacy Statement compliant with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Compliant with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework

Effective Date: April 6, 2026Last Updated: April 6, 2026

1. Introduction

HeroDevs, Inc. ("HeroDevs," "we," "our," or "us") respects the privacy of individuals and is committed to handling personal information responsibly and in accordance with applicable law. This DPF Privacy Statement describes how HeroDevs collects, uses, discloses, and protects personal information obtained from individuals in the European Union, European Economic Area, Switzerland, and the United Kingdom.

HeroDevs participates in and has certified its compliance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") as set forth by the U.S. Department of Commerce. HeroDevs has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard our handling of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

If there is any conflict between the terms in this Privacy Statement and the DPF Principles, the DPF Principles shall govern. This Privacy Statement applies solely to personal information collected from individuals in the European Union, the European Economic Area, Switzerland, and the United Kingdom.

For individuals not located within the European Economic Area, Switzerland, or the United Kingdom, please refer to our separate Privacy Statement.

2. Scope of Personal Information Collected

HeroDevs collects a limited set of personal information exclusively through three channels:

Marketing Events

When you meet us at conferences, trade shows, webinars, or other marketing events and voluntarily provide us with your information, we may collect:

  • Full name
  • Business email address
  • Job title and company/organization name
  • Business phone number
  • Business mailing address
  • Any other information you voluntarily share during our interaction

Website Interests

When you visit herodevs.com and interact with our website, we may collect:

  • Full name and business email address (when you submit a form)
  • Company name and job title (when you submit a form)
  • Pages visited and content interests inferred from your browsing behavior
  • IP address, browser type, and device identifiers (collected automatically via cookies and similar technologies)
  • Information you provide when requesting a demo, signing up for a newsletter, or downloading resources

Performance of our Services

When you utilize our services, you may be required to provide us with certain information based on your level of interaction, whether that may be to request support or access our platforms. This information may include:

  • Full name
  • Business email address
  • Job title and company/organization name
  • Business phone number
  • IP address
  • Any other information you voluntarily share during these requests

HeroDevs does not collect sensitive personal information (such as information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) through these channels.

3. Notice

This Privacy Statement serves as notice to individuals about HeroDevs' data collection and usage practices. In accordance with the Notice Principle, HeroDevs informs individuals of the following:

  • HeroDevs participates in the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Our certification can be viewed on the Data Privacy Framework List.
  • The types of personal data we collect are described in Section 2 of this Privacy Statement.
  • We use personal data for the purposes described in Section 5 below.
  • Individuals have the right to access their personal data as described in Section 8.
  • Individuals may exercise choices about how their data is used as described in Section 4.
  • We may disclose personal data to third-party service providers as described in Section 6.
  • HeroDevs is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
  • HeroDevs may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • HeroDevs' liability in cases of onward transfers to third parties is described in Section 6.
  • Individuals may, under certain conditions, invoke binding arbitration as described in Section 10.

This notice is provided in clear and conspicuous language when individuals are first asked to provide personal information, such as at marketing events, through website forms, and in performing our services.

4. Choice

HeroDevs offers individuals the opportunity to opt out of having their personal information used for purposes that are materially different from those for which it was originally collected or subsequently authorized.

Specifically, individuals may opt out of: (a) receiving marketing communications from HeroDevs, and (b) having their personal information disclosed to non-agent third parties for purposes materially different from those described in this Privacy Statement.

To exercise your choice, you may:

  • Use the unsubscribe link included in any marketing email from HeroDevs.
  • Contact us at the address provided in Section 14 of this Privacy Statement to request that we cease using your personal information for specific purposes.

Because HeroDevs does not collect sensitive personal information, opt-in consent provisions for sensitive data are not applicable to our activities.

5. How We Process Personal Information

HeroDevs processes personal information we collect for the following purposes:

  • To respond to inquiries and requests you make at marketing events or through our website.
  • To send marketing communications, product updates, event invitations, and newsletters (subject to your opt-out preferences).
  • To personalize your experience on our website and deliver content relevant to your interests.
  • To analyze website usage patterns and improve the functionality and content of herodevs.com.
  • To manage and administer our customer and prospect relationships.
  • To support your usage of our tools and technologies.
  • To ensure your access to our platform and technologies.
  • To comply with legal obligations and enforce our terms and agreements.

HeroDevs will not process personal information in a way that is incompatible with the purposes for which it was originally collected or subsequently authorized by the individual.

6. Accountability for Onward Transfer

HeroDevs may transfer personal information to third parties acting as controllers or agents on our behalf. In doing so, HeroDevs complies with the Accountability for Onward Transfer Principle as follows:

Transfers to Controllers

Before transferring personal data to a third-party controller, HeroDevs will comply with the Notice and Choice Principles and will enter into a contract with the third-party controller providing that the data may only be processed for limited and specified purposes consistent with the consent provided by the individual, and that the recipient will provide the same level of protection as the DPF Principles.

Transfers to Agents

When transferring personal data to a third-party agent, HeroDevs will: (i) transfer such data only for limited and specified purposes; (ii) ensure the agent is obligated to provide at least the same level of privacy protection as required by the DPF Principles; (iii) take reasonable steps to ensure that the agent effectively processes the data consistent with our DPF obligations; (iv) require the agent to notify us if it can no longer meet its obligation to provide the required level of protection; and (v) upon such notice, take reasonable steps to stop and remediate unauthorized processing.

HeroDevs shall remain liable under the DPF Principles if an agent processes personal information in a manner inconsistent with the DPF Principles, unless HeroDevs proves it is not responsible for the event giving rise to the damage.

7. Security

HeroDevs takes reasonable and appropriate measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data.

Our security measures include, but are not limited to: encryption of data in transit and at rest, access controls limiting personnel access to personal data on a need-to-know basis, regular security assessments and vulnerability testing, and training for staff who handle personal information.

8. Data Integrity and Purpose Limitation

HeroDevs limits the collection of personal information to that which is relevant to the purposes of processing. We do not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual.

HeroDevs takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. We adhere to the DPF Principles for as long as we retain personal information.

Personal information is retained in an identifiable form only for as long as it serves a purpose of processing as described in this Privacy Statement. HeroDevs will periodically review its data holdings and delete or anonymize personal information that is no longer necessary for the purposes for which it was collected.

9. Access

Individuals have the right to access personal information that HeroDevs holds about them and to correct, amend, or delete that information where it is inaccurate or has been processed in violation of the DPF Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated.

To request access to your personal information, please contact us using the details provided in Section 14. We will respond to access requests within a reasonable timeframe.

10. Recourse, Enforcement, and Liability

HeroDevs has mechanisms in place to help assure compliance with the DPF Principles. We conduct an annual self-assessment of our personal information practices to verify that the attestations and assertions we make about our DPF privacy practices are true and that our privacy practices have been implemented as presented.

Independent Dispute Resolution

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, HeroDevs commits to resolve DPF Principles-related complaints about our collection and use of your personal information. Individuals located within the European Economic Area, Switzerland, and the United Kingdom may inquire with or submit complaints to HeroDevs regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF using the contact information in Section 14.

HeroDevs has further committed to refer unresolved complaints under the DPF Principles to JAMS Data Privacy Framework (DPF) Dispute Resolution, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS Data Privacy Framework (DPF) Dispute Resolution are provided at no cost to you.

Binding Arbitration

If your DPF complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For additional information, see Annex I of the DPF Principles.

FTC Enforcement

HeroDevs is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

11. Cookies

HeroDevs' cookie policy may be found here.

12. Disclosures Required by Law

HeroDevs may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where permitted, HeroDevs will make reasonable efforts to notify affected individuals of such disclosure.

13. Changes to This Privacy Statement

HeroDevs may update this Privacy Statement from time to time to reflect changes in our practices or applicable law. We will post any material changes on our website with an updated effective date. Your continued interaction with us after any changes constitutes acceptance of the updated Privacy Statement.

14. Contact Information

If you have questions or complaints regarding this Privacy Statement or our data processing practices, or if you wish to exercise your access or choice rights, please contact us at:

HeroDevs, Inc.
Attn: Data Privacy Officer
8850 S 700 E, #2437
Sandy, UT 84070
Email: privacy@herodevs.com

HeroDevs will respond to inquiries and complaints within 45 days of receipt.