Trust Center

Compliance

Effective Date: May 15, 2026 — Last Updated: May 15, 2026

Overview

DEVUP AI operates with a strong commitment to security and data privacy. We regularly evaluate our infrastructure practices and workflows to align with established global privacy and security frameworks.

Algerian Law 18-07

As an Algeria-based entity, DEVUP AI designs its internal security and data handling practices in alignment with the principles of Algerian Law 18-07 concerning the protection of personal data. Our processing workflows are structured to respect national data protection guidelines and sovereignty.

Algerian National Authority for the Protection of Personal Data (ANPDP)

DEVUP AI acknowledges the supervisory authority of the Algerian National Authority for the Protection of Personal Data (ANPDP), established under Article 22 of Law 18-07. Our data processing practices are designed to meet the standards set by this independent regulatory body. Users who believe their data protection rights have been violated may lodge a complaint directly with the ANPDP, in addition to contacting us at support@devupai.com.

GDPR Standards

DEVUP AI adopts privacy engineering principles inspired by global standards such as the General Data Protection Regulation (GDPR). This includes foundational practices like data minimization, purpose limitation, and implementing robust technical safeguards for routing operations.

SOC 2 Type II Certifications

DEVUP AI exclusively selects Tier-1 GPU compute sub-processors that maintain independent third-party security certifications. Our authorized sub-processors hold SOC 2 Type II and ISO 27001 certifications, as fully disclosed on our Sub-processors page. These certifications provide independent verification of security controls, availability, processing integrity, and confidentiality of our inference infrastructure.

Vendor Risk Management

All infrastructure providers and sub-processors undergo periodic security review prior to onboarding and on an ongoing basis. Evaluation criteria include: possession of valid SOC 2 Type II or ISO 27001 certification, enforcement of zero-persistence data handling for inference workloads, execution of a Data Processing Agreement (DPA) explicitly prohibiting training on user data, and geographic and operational resilience. Sub-processors that fail to maintain these standards are subject to immediate contract review and replacement.

Data Breach Notification Policy

In the event of a personal data breach that poses a risk to the rights and freedoms of affected users, DEVUP AI commits to:
— Notifying affected users within 72 hours of becoming aware of the breach, in accordance with Article 41 of Law 18-07.
— Providing clear information about the nature of the breach, the categories of data affected, and the measures taken to address it.
— Cooperating fully with the ANPDP and any competent Algerian authority in the investigation and remediation of the breach.

Local Compliance Operations

Compliance inquiries, account security reviews, and billing-related disputes are handled directly by DEVUP AI operations in Algeria, ensuring local accountability and faster resolution for businesses, enterprise teams, and regulated industries.