Dev in Forest
Home

Privacy Policy and Data Security

Dev in Forest

Last updated:

1. Definitions

  • Dev in Forest – the website operator conducting business as DevoJAM Krystian Gadomski
  • Website – the internet platform operating at devinforest.com domain
  • User – any individual who visits or uses the Website
  • Subscriber – a User who has subscribed to our newsletter service
  • Service – any offering provided through the Website, including newsletter, content, and downloads
  • Electronic Service – services provided electronically by Dev in Forest to Users through the Website
  • GDPR – General Data Protection Regulation (EU) 2016/679

2. Data Controller

The data controller within the meaning of the General Data Protection Regulation is:

DevoJAM Krystian Gadomski
Individual business activity
Marii Skłodowskiej-Curie 87E
87-100 Toruń, Poland

Contact: contact@devinforest.com
Privacy matters: contact@devinforest.com

3. Purpose and Scope of Data Collection

During your presence on the Website, particularly when using Electronic Services or purchasing Services offered by Dev in Forest, you may be asked to provide your personal data. The scope of data provision is divided into mandatory and optional data, each specified in the appropriate form for entering such data, according to the needs of the given Service or Electronic Service that the User intends to use. Providing data is always voluntary, but sometimes necessary for proper execution of the Service or Electronic Service.

Data processing occurs only for the purpose for which it was provided to Dev in Forest. Processing data for marketing purposes occurs only after obtaining separate consent from the User. Processing data for sending commercial information occurs only after obtaining separate consent from the User.

4. Information We Collect

4.1 Newsletter Subscription

When you subscribe to our newsletter, we collect:

  • Email address (required) - to send you newsletter content
  • Subscription timestamp - for record keeping
  • IP address - for security and fraud prevention
  • Consent preferences - your choices regarding different types of communications

4.2 Website Usage

When you visit our website, we may collect:

  • Technical data - browser type, device information, operating system
  • Usage data - pages visited, time spent, click patterns (only with your consent)
  • Cookies and local storage - as detailed below
  • Outbound link tracking - clicks on external links (YouTube) for analytics (only with consent)
  • Download tracking - when you download the Forest Work Setup Kit

4.3 Local Storage Data

We store the following data locally in your browser:

  • dif_cookie_consent (localStorage) - your consent choice (accepted/declined)
  • dif_theme (localStorage) - your Day/Night theme preference
  • dif_weather (localStorage) - your Sunny/Rainy ambience preference
  • dif_player_preset, dif_player_volume, dif_player_playing (localStorage) - ambience player settings
  • dif_cta_shimmered (sessionStorage) - one-time UI animation flag (resets when tab closes)

5. Data Processing Time

We retain your personal data for different periods depending on the type of data and legal requirements:

📧 Newsletter and Marketing Data

  • Active subscriptions: Until you unsubscribe or request deletion
  • Unsubscribed users: 30 days for processing unsubscribe requests, then deleted
  • Marketing consent records: 3 years for compliance documentation

📊 Analytics and Technical Data

  • Google Analytics data: 26 months (Google's default retention)
  • Server logs: 12 months for security and performance monitoring
  • Error logs: 6 months for debugging and improvement
  • Local storage preferences: Until you clear browser data or withdraw consent

📋 Legal and Business Records

  • Tax and accounting records: 6 years (Polish legal requirement)
  • Legal compliance documentation: As required by applicable law
  • Data processing records: 3 years for GDPR compliance demonstration

Automatic Deletion: We have implemented automated systems to delete data when retention periods expire, unless longer retention is required by law or for legitimate business purposes (e.g., ongoing legal proceedings).

6. Voluntary Nature of Data Provision

Every User has the right to voluntarily enter data to use Services or Electronic Services. When using some services, entering data, although voluntary, may prove necessary for the execution of the Service or Electronic Service.

Data necessary (mandatory) to enter when using a Service or Electronic Service are always specified in the form intended for entering such data.

7. Legal Basis for Processing

We process your personal data based on:

  • Consent (GDPR Art. 6(1)(a)) - for newsletter subscriptions, marketing communications, and analytics
  • Legitimate interests (GDPR Art. 6(1)(f)) - for website security, fraud prevention, and service improvement
  • Legal obligation (GDPR Art. 6(1)(c)) - for tax records and legal compliance

8. Right of Access to Data

Every User has the right to access data and correct it, particularly through access to the User Panel or contact with Dev in Forest.

In case of contact with Dev in Forest, for security reasons, verification of your identity will be conducted.

9. Right to Data Deletion

Respecting the rights of Users, we want to inform that each person has the right to delete their data. This right is commonly referred to as the "right to be forgotten". Dev in Forest is obliged to delete all data of the reporting person, with the reservation that there will be no other legal basis for further processing of this data. Such basis may result from, for example, the obligation to store financial documentation. However, if the request cannot be fulfilled, we will inform you along with indicating the legal basis.

10. Right to Data Portability

Upon explicit request from the person whose data is processed by Dev in Forest, you will receive from us a file with data structured in a commonly used format. Under this right, you can also indicate an entity to which, as data controller, we should send your data. Implementation of this right may take up to 30 days. At the same time, for security reasons, we will verify your identity to ensure that your data reaches the owner or entity indicated by the owner.

11. Right to Withdraw Previously Given Consent

In case of previously given consent for processing personal data by Dev in Forest, you have the right to withdraw this consent at any time.

12. Consent Types

We offer granular consent options:

✉️ Newsletter Subscription

Essential newsletter content including your Forest Work Setup Kit and occasional updates about deep work and focus techniques.

📢 Marketing Communications

Information about new content, products, services, and updates related to productivity and development tools.

🎯 Personalized Marketing

Tailored content recommendations based on your interests, engagement patterns, and preferences to provide more relevant communications.

13. Data Security and Protection

Dev in Forest declares that it processes personal data of Users in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the movement of such data, and that it applies technical and organizational measures ensuring protection of processed data appropriate to the threats and categories of data covered by protection, and in particular secures personal data of Users against disclosure to unauthorized persons, loss or damage.

14. How We Use Your Information

  • Send you the newsletter content you subscribed to
  • Provide your Forest Work Setup Kit download
  • Send marketing communications (only with your consent)
  • Personalize content recommendations (only with your consent)
  • Remember your website preferences (theme, ambience settings)
  • Provide enhanced user experience (ambience player, smooth navigation)
  • Track website performance and user engagement (only with consent)
  • Optimize YouTube link performance (preconnect, only with consent)
  • Improve our website and services
  • Ensure website security and prevent fraud
  • Comply with legal obligations

15. Cookies

"Cookies" should be understood as IT data, in particular short text files, stored by the web browser or directly in end devices of users intended for using websites. These files allow recognition of the user's device and appropriate display of the website adapted to their individual preferences. "Cookies" usually contain the name of the website from which they originate, the time of their storage on the end device, and an identifier number.

15.1 Cookie Usage Purposes

We use cookies and local storage for the following purposes:

  • Analytics (with consent): Measuring site usage to improve content and performance using Google Analytics 4.
  • Preferences: Remembering your theme (Day/Night), ambience settings, and UI preferences.
  • Performance hints (with consent): Improving external link performance (e.g., YouTube preconnect) after consent.
  • Essential functionality: Storing your cookie consent choice.

15.2 Types of Cookies

Within the Website, two basic types of "cookies" are used: "session cookies" and "persistent cookies". "Session" files are temporary files stored in the user's end device until logout, leaving the Website, or turning off the software (web browser). "Persistent" files are stored in the user's end device for the time specified in the "cookies" parameters or until their manual deletion by the user.

15.3 Cookie Categories

We use different categories of cookies on our Website:

🔧 Essential Cookies

Required for website functionality (no consent required under GDPR Art. 6(1)(f)):

  • dif_cookie_consent - stores your consent choice
  • dif_theme - remembers your Day/Night theme preference
  • dif_weather - stores your Sunny/Rainy ambience preference
  • dif_player_* - ambience player settings for user experience

📊 Analytics Cookies

Help us understand website usage (consent required):

  • Google Analytics 4 cookies (_ga, _ga_*, etc.)
  • Outbound link tracking for YouTube clicks

15.4 Cookie Management

Web browsing software (web browser) usually allows storage of "cookies" in the user's end device by default. Website Users can change settings in this regard. The web browser enables deletion of "cookies". Automatic blocking of "cookies" is also possible. Detailed information on this is contained in the help or documentation of the web browser.

You can manage your cookie preferences at any time using the "Manage cookies" link in our website footer. Restrictions on the use of optional "cookies" may affect some functionalities available on the Website, but essential cookies are required for basic website operation.

16. Third Parties and Cookies

We use third-party services only as described in this policy (e.g., Google Analytics 4, Google Fonts). We do not use advertising cookies or ad networks on this Website.

For more information, please review relevant partner documentation, including Google's cookie policy:

17. Third-Party Services

17.1 Kit (Newsletter Service)

We use Kit (formerly ConvertKit) to manage newsletter subscriptions and send emails. Kit is GDPR compliant and processes data according to their privacy policy.

17.2 Google Analytics (Website Analytics)

With your consent, we use Google Analytics 4 (Property ID: G-ECXY6DVKVD) to understand website usage. IP anonymization is enabled by default. We load GA4 only after you accept optional cookies and disable/remove it if you decline. Data is processed according to Google's privacy policy.

17.3 YouTube Integration

Our website contains links to YouTube content. With your consent, we preconnect to YouTube domains (youtube.com, i.ytimg.com, yt3.ggpht.com, youtube-nocookie.com) to improve loading performance, and track outbound clicks for analytics. If you decline, we do not preconnect to YouTube and do not track outbound clicks. No YouTube content is embedded directly on our site.

17.4 Google Fonts

We use Google Fonts (fonts.googleapis.com, fonts.gstatic.com) to display custom typography. This may result in your IP address being transmitted to Google servers when loading fonts.

18. Server Logs

Information about some User behaviors is subject to logging at the server layer. This data is used only for Website administration and to ensure the most efficient operation of provided hosting services.

Browsed resources are identified by URL addresses. Additionally, the following may be recorded:

  • Time of query arrival
  • Time of response sending
  • User station name – identification performed by HTTP protocol
  • Information about errors that occurred during HTTP transaction execution
  • URL address of the page previously visited by the User (referer link) – in case transition to the Website occurred through a link
  • Information about user's browser
  • Information about user's IP address

The above data is not associated with specific persons browsing pages and is used only for Website administration purposes.

19. Newsletter

Newsletter is sent by Dev in Forest only after prior ordering, in accordance with the provisions of the Terms of Use.

Dev in Forest declares that the email address provided by the user will be processed in accordance with regulations, and in particular in accordance with the Act of July 18, 2002 on providing services by electronic means, and that it will not be made available to third parties.

The User has the right to remove their email address from the Newsletter Electronic Service subscriber list by unsubscribing through the link provided in each newsletter or by contacting us directly.

20. Data Retention Summary

This section provides a quick reference for our data retention practices. For detailed information, please refer to Section 5 (Data Processing Time).

  • Newsletter subscriptions: Until unsubscribe + 30 days processing
  • Analytics data: 26 months (Google Analytics default)
  • Local storage preferences: Until browser data cleared or consent withdrawn
  • Download tracking: Aggregated data for 12 months
  • Website logs: 12 months for security purposes
  • Legal compliance data: 3-6 years as required by law

Data Deletion Requests: You can request immediate deletion of your data at any time by contacting contact@devinforest.com. We will process deletion requests within 30 days, subject to legal retention requirements.

21. Your Rights

Under GDPR, CCPA, and other applicable privacy laws, you have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate personal data
  • Erasure - Request deletion of your personal data
  • Restrict processing - Limit how we use your data
  • Data portability - Receive your data in a structured format
  • Object - Object to processing based on legitimate interests
  • Withdraw consent - Withdraw consent at any time
  • Lodge a complaint - Contact your local data protection authority

To exercise these rights, contact us at contact@devinforest.com. You can also withdraw consent for analytics and tracking at any time using the "Manage cookies" link in the website footer.

22. Right to File a Complaint with Supervisory Authority

You have the right to file a complaint with a supervisory authority within the meaning of the GDPR if you determine that data is processed incorrectly, violating your rights or GDPR provisions.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO): https://uodo.gov.pl

23. International Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place for each service provider:

23.1 Transfers to the United States

Kit (ConvertKit) - Newsletter Service:

  • Data transferred: Email addresses, subscription preferences, timestamps
  • Safeguards: EU Standard Contractual Clauses (SCCs), GDPR compliance certification
  • Legal basis: Your explicit consent for newsletter subscription

Google Analytics - Website Analytics:

  • Data transferred: Anonymized usage data, IP addresses (anonymized), browser information
  • Safeguards: Google's Data Processing Amendment, EU-US adequacy framework participation
  • Legal basis: Your consent for analytics cookies
  • IP anonymization: Enabled by default in GA4

Google Fonts - Typography Service:

  • Data transferred: IP address (automatically when loading fonts)
  • Safeguards: Google's standard data protection measures
  • Legal basis: Legitimate interest for website functionality
  • Note: Font files are cached locally to minimize repeated transfers

23.2 General Safeguards

For all international transfers, we ensure:

  • EU Standard Contractual Clauses where applicable
  • Adequacy decisions by the European Commission
  • Certification schemes and codes of conduct
  • Regular review of transfer mechanisms and data protection measures

24. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

25. Children's Privacy

Our services are not directed to children under the applicable age limit in your jurisdiction:

  • European Union: Under 16 years old (GDPR)
  • United States: Under 13 years old (COPPA)
  • Other jurisdictions: As defined by local privacy laws

We do not knowingly collect personal information from children under the applicable age limit. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@devinforest.com and we will take steps to remove such information from our systems.

Age Verification: By using our services, you represent that you meet the minimum age requirements in your jurisdiction or have parental/guardian consent where required.

26. Disclaimer

This Privacy Policy and Security does not cover information regarding services, goods, or websites of third parties, offers made available under agreements on the Website. Third parties independently and at their own responsibility determine separate, individual principles for the functioning of their services, goods, or websites in their terms of use.

27. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email (if you are subscribed) or by posting a notice on our website. The updated policy will be effective when posted.

28. Contact Information

For any questions about this privacy policy or our data practices, please contact:

General Contact:
Email: contact@devinforest.com
Address: DevoJAM Krystian Gadomski, Marii Skłodowskiej-Curie 87E, 87-100 Toruń, Poland

Data Protection Officer:
Email: contact@devinforest.com
For individual contact regarding personal data protection regulations, data processing, reporting objections, comments, or signaling irregularities in personal data protection.

29. CCPA/CPRA for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. Subject to certain exceptions, you have the right to:

  • Know/Access the categories and specific pieces of personal information we collect and how we use it.
  • Correct inaccurate personal information.
  • Delete personal information we collected from you.
  • Limit the use and disclosure of sensitive personal information (not applicable as we do not process SPI).
  • Non-discrimination for exercising any of your CCPA/CPRA rights.

No Sale/Share: We do not sell or share your personal information as defined under CCPA/CPRA. We also do not use targeted advertising cookies.

To exercise your rights, contact us at contact@devinforest.com. We will verify your request consistent with applicable law.

30. Official Profiles and External Links

You can find Dev in Forest on the following platforms. These are third-party websites with their own privacy policies: