DevAgents OSDevAgents OS
← Back to site

Privacy Policy

DevAgents OS

Responsible company: PULSEFLOW TECNOLOGIA LTDA
CNPJ: 62.683.137/0001-45
Last updated: May 2026

This Privacy Policy describes how DevAgents OS, a product currently maintained by PULSEFLOW TECNOLOGIA LTDA, registered under CNPJ No. 62.683.137/0001-45, collects, uses, stores, shares, and protects personal data in connection with its websites, forms, assessments, communications, demonstrations, services, integrations, and solutions related to the orchestration of specialized agents across the software development lifecycle.

For the purposes of this Policy, the terms “DevAgents OS”, “we”, “us”, “our”, or “platform” refer to the product, services, and digital channels currently operated by PULSEFLOW TECNOLOGIA LTDA, without prejudice to any future change in corporate name, brand, corporate structure, or responsible entity, in which case this Policy may be updated to reflect the new legal identification.

DevAgents OS organizes and orchestrates specialized agents throughout the software development lifecycle, including discovery, requirements, architecture, development, quality, security, delivery, operations, observability, metrics, and system modernization. Our objective is to expand the capacity of technology teams, reduce bottlenecks, preserve traceability, and support continuous improvement driven by data.

This Policy has been prepared in accordance with Brazilian Law No. 13,709/2018, the Brazilian General Data Protection Law, known as the LGPD, and other applicable personal data protection regulations.

1. Scope of this Policy

This Policy applies to personal data processed by DevAgents OS in situations such as:

  • browsing our website;
  • submitting contact forms;
  • requesting demonstrations, presentations, or assessments;
  • participating in commercial, technical, or diagnostic meetings;
  • contracting or using DevAgents OS services;
  • using platforms, agents, automations, integrations, or environments operated by DevAgents OS;
  • interacting with institutional, commercial, technical, or support communications;
  • analyzing engineering flows, metrics, technical artifacts, repositories, pipelines, tickets, logs, documents, or other elements provided by the client during service delivery.

This Policy does not apply to third-party websites, tools, platforms, or services that have their own privacy policies, even if they are accessed through links, integrations, or references available in our environments.

2. Who is the controller of personal data

For personal data collected directly through our website, forms, commercial communications, assessment processes, and institutional relationships, the controller of personal data is PULSEFLOW TECNOLOGIA LTDA, registered under CNPJ No. 62.683.137/0001-45, the current responsible entity for the operation of DevAgents OS.

In projects where DevAgents OS processes personal data on behalf of a client, according to contractual instructions and within the client’s own environment, tools, or databases, DevAgents OS may act as a processor of personal data under the LGPD.

The specific definition of roles, responsibilities, purposes, legal bases, security measures, retention periods, and confidentiality obligations may be detailed in a contract, commercial proposal, confidentiality agreement, data processing agreement, or equivalent document.

If the corporate name, corporate structure, or legal entity responsible for DevAgents OS changes in the future, this Policy may be updated to reflect the new identification of the applicable controller or processor.

3. Personal data we may collect

DevAgents OS may collect different categories of personal data depending on how the user, visitor, lead, client, employee, or representative of the contracting company interacts with us.

3.1. Data provided directly by the user

We may collect data voluntarily provided through forms, meetings, commercial contacts, assessment requests, or communications with DevAgents OS, such as:

  • name;
  • email address;
  • phone number;
  • job title;
  • company;
  • business area;
  • country, state, or city;
  • professional profile;
  • information provided in messages, forms, comments, briefings, or requests;
  • information necessary for scheduling meetings, sending proposals, providing service, or maintaining the commercial relationship.

3.2. Data related to assessments and technical diagnostics

During an assessment, diagnostic process, proof of concept, demonstration, or project, we may process information related to the client’s engineering flow, such as:

  • descriptions of internal processes;
  • information about teams, roles, and responsibilities;
  • delivery, quality, operational, and performance metrics;
  • bottlenecks, risks, dependencies, and flow indicators;
  • requirements, architecture, development, quality, security, DevOps, observability, and operations artifacts;
  • information from work management, version control, CI/CD, documentation, monitoring, or incident management tools;
  • data contained in tickets, stories, epics, acceptance criteria, pull requests, issues, logs, reports, diagrams, technical documents, or operational records.

Whenever possible, we recommend that clients remove, mask, anonymize, or minimize personal data before making artifacts available for analysis.

3.3. Platform usage and browsing data

When accessing our website or using our solutions, we may collect technical and browsing data, such as:

  • IP address;
  • browser type;
  • device type;
  • operating system;
  • pages accessed;
  • access date and time;
  • traffic source;
  • session identifiers;
  • usage events;
  • interactions with features;
  • technical records necessary for security, auditing, fraud prevention, failure diagnosis, and experience improvement.

These data may be processed in aggregated or anonymized form whenever possible.

3.4. Data generated by specialized agents

DevAgents OS organizes specialized agents throughout the software development lifecycle. Depending on the contracted service, these agents may process, generate, or transform information such as:

  • epics, stories, acceptance criteria, and business rules;
  • architectural decisions, diagrams, technical risks, and components;
  • code snippets, reviews, technical documentation, and engineering recommendations;
  • test scenarios, Gherkin specifications, automations, evidence, and traceability;
  • security findings, threat models, SAST and DAST validations, and AppSec controls;
  • pipelines, execution logs, scripts, failure diagnostics, and DevOps automations;
  • logs, metrics, traces, operational events, and root cause analyses;
  • indicators such as lead time, cycle time, throughput, bottlenecks, and flow efficiency;
  • legacy system documentation, extracted rules, and modernization proposals.

These data may contain personal information if entered by the client, users, integrated systems, or analyzed artifacts. For this reason, DevAgents OS adopts minimization, access control, traceability, and security measures appropriate to the processing context.

4. Sensitive personal data

DevAgents OS does not aim to collect sensitive personal data, such as information about racial or ethnic origin, religious belief, political opinion, trade union membership, health data, biometric data, genetic data, sex life, or sexual orientation.

If sensitive data is incidentally submitted by a user, client, or integrated system, DevAgents OS may process it only when strictly necessary for the performance of the service, compliance with a legal or regulatory obligation, exercise of legal rights, protection of life, fraud prevention, security, or another lawful basis permitted by applicable law.

We recommend that clients and users do not send sensitive personal data to DevAgents OS unless it is indispensable, previously authorized, and duly protected by an appropriate contractual instrument.

5. Data of children and adolescents

DevAgents OS services are intended for companies, professionals, and technology teams, and are not directed at children or adolescents.

We do not intentionally collect personal data from children or adolescents. If accidental processing of this type of data is identified, we will adopt reasonable measures for deletion, anonymization, or adjustment of the processing, as applicable.

6. Purposes of data processing

DevAgents OS may process personal data for the following purposes:

6.1. Relationship and service

  • responding to contact requests;
  • scheduling meetings, presentations, diagnostics, or demonstrations;
  • sending information about requested services;
  • answering technical, commercial, or contractual questions;
  • maintaining a relationship history with leads, clients, and partners.

6.2. Assessments, diagnostics, and proposals

  • understanding the client’s current engineering flow;
  • identifying bottlenecks, risks, waste, dependencies, and improvement opportunities;
  • evaluating which specialized agents make sense for the team’s actual context;
  • preparing reports, recommendations, technical proposals, and adoption plans;
  • supporting decisions related to architecture, governance, quality, security, DevOps, observability, and metrics.

6.3. Performance of contracted services

  • configuring, operating, monitoring, and improving specialized agents;
  • integrating agents with tools already used by the client;
  • processing technical artifacts, documents, tickets, code, logs, and metrics;
  • generating recommendations, analyses, documents, automations, and evidence;
  • preserving traceability between requirements, architecture, code, quality, security, delivery, and operations;
  • supporting strategic, tactical, and operational governance of the software development lifecycle.

6.4. Security, auditing, and risk prevention

  • protecting environments, systems, integrations, and data;
  • preventing unauthorized access, misuse, abuse, fraud, or incidents;
  • recording relevant technical events for auditing and traceability;
  • diagnosing failures, unavailability, and anomalous behavior;
  • complying with internal information security policies.

6.5. Service improvement

  • analyzing the usage, performance, and efficiency of features;
  • improving the user experience;
  • improving flows, integrations, reports, and platform resources;
  • developing new resources and features;
  • generating aggregated statistics and usage indicators.

Whenever possible, DevAgents OS will use anonymized, pseudonymized, aggregated, or minimized data for improvement and analysis purposes.

6.6. Institutional and commercial communications

  • sending institutional, technical, or educational materials;
  • sending invitations to demonstrations, events, webinars, or related content;
  • communicating relevant updates about services, terms, policies, or features;
  • conducting commercial contact based on legitimate interest or consent, as applicable.

The user may request to unsubscribe from promotional communications at any time.

6.7. Compliance with legal and regulatory obligations

  • complying with tax, accounting, labor, contractual, regulatory, or legal obligations;
  • responding to requests from competent authorities;
  • exercising rights in administrative, judicial, or arbitration proceedings;
  • preserving records required by law.

7. Legal bases for processing

DevAgents OS may process personal data based on the following legal bases provided under the LGPD:

  • performance of a contract or preliminary procedures related to a contract, when processing is necessary for service provision, proposal preparation, assessments, support, or the performance of assumed obligations;
  • legitimate interest, when necessary for commercial relationships, service improvement, security, fraud prevention, performance analysis, relevant communications, and protection of DevAgents OS rights, always observing the fundamental rights and freedoms of data subjects;
  • consent, when required by law or when the data subject authorizes a specific purpose, such as optional communications or the use of certain non-essential cookies;
  • compliance with a legal or regulatory obligation, when necessary to meet legal, tax, accounting, regulatory requirements, or orders from competent authorities;
  • regular exercise of rights, including in contracts and judicial, administrative, or arbitration proceedings;
  • credit protection, when applicable;
  • fraud prevention and security of the data subject, when relevant to authentication processes, access control, and protection of environments.

8. Use of artificial intelligence and specialized agents

DevAgents OS uses specialized agents to support activities across the software development lifecycle. These agents may operate in areas such as requirements, architecture, development, quality, security, DevOps, observability, metrics, and modernization.

The agents may process information provided by the client or available through integrated tools in order to generate analyses, recommendations, documentation, automations, evidence, indicators, and technical artifacts.

DevAgents OS adopts measures to preserve traceability, access control, governance, security, and human review when applicable. Outputs generated by agents must be used as technical and operational support and do not fully replace human validation, professional responsibility, security review, architectural approval, or the client’s internal controls.

When third-party models, services, or infrastructure are used, DevAgents OS will seek to apply appropriate configurations, contracts, and measures to protect processed data, observing the purpose of the service and the limits agreed with the client.

9. Integrations with third-party tools

DevAgents OS may integrate with tools used by the client, such as project management platforms, code repositories, CI/CD pipelines, documentation systems, observability tools, security platforms, cloud environments, service systems, communication channels, and other technical solutions.

Examples of tool categories that may be integrated include:

  • demand, epic, story, and task management;
  • code versioning and pull request review;
  • CI/CD pipelines and deployment automation;
  • testing, quality, and coverage tools;
  • SAST, DAST, dependency analysis, and AppSec tools;
  • logs, metrics, traces, and incident platforms;
  • documentation and knowledge repositories;
  • communication and collaboration tools.

Data processing in these integrations will depend on the permissions granted, configurations defined by the client, authorized access scopes, and applicable contracts.

The client is responsible for ensuring that it has proper authorization to make data, artifacts, credentials, permissions, or integrations available to DevAgents OS.

10. Sharing of personal data

DevAgents OS does not sell, rent, or commercialize personal data.

We may share personal data only when necessary and in a manner compatible with this Policy, including in the following cases:

  • with service providers essential to platform operation, hosting, security, communication, analytics, support, processing, infrastructure, or service delivery;
  • with technology, cloud, artificial intelligence, automation, or observability providers, when necessary for service provision;
  • with technical or commercial partners involved in project execution, provided they are subject to confidentiality and data protection obligations;
  • with companies from the same economic group, if applicable, for legitimate administrative, operational, or commercial purposes;
  • with public authorities, regulators, courts, or third parties, when necessary to comply with a legal or regulatory obligation or valid order;
  • for the regular exercise of DevAgents OS rights, including in judicial, administrative, or arbitration proceedings;
  • in corporate transactions, such as mergers, acquisitions, reorganizations, asset sales, or business transfers, subject to applicable safeguards.

When we act as a processor of personal data, sharing will follow the instructions of the client acting as controller and the applicable contractual instruments.

11. International data transfers

DevAgents OS may use technology, infrastructure, cloud, artificial intelligence, communication, security, observability, or support providers located in Brazil or other countries.

When international transfers of personal data occur, we will adopt reasonable measures to ensure that the transfer complies with the LGPD and appropriate protection mechanisms, such as contractual clauses, confidentiality commitments, supplier assessments, security controls, and other instruments permitted by applicable law.

12. Data storage and retention

Personal data will be stored for the time necessary to fulfill the purposes described in this Policy, perform contracts, respond to requests, comply with legal or regulatory obligations, preserve rights, resolve disputes, maintain security, audit operations, or as permitted by applicable law.

Retention criteria may vary depending on:

  • the nature of the data;
  • the purpose of processing;
  • legal, tax, accounting, or regulatory requirements;
  • contractual obligations;
  • the need for auditing, security, or traceability;
  • deletion requests from the data subject, when applicable;
  • instructions from the client acting as controller, in cases where DevAgents OS acts as processor.

When data is no longer necessary, we may delete it, anonymize it, or retain it only when there is a valid legal basis for preservation.

13. Information security

DevAgents OS adopts technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, improper disclosure, or inappropriate processing.

Measures may include, as applicable:

  • need-to-know access control;
  • authentication and permission management;
  • environment segregation;
  • encryption in transit and, where applicable, at rest;
  • recording and monitoring of relevant events;
  • internal security policies;
  • credential and secrets management;
  • permission reviews;
  • restricted access to data by authorized employees, service providers, or partners;
  • backup, continuity, and recovery measures;
  • assessment of critical suppliers;
  • secure development practices;
  • traceability of operations performed by agents, systems, and users.

Despite the measures adopted, no system is completely immune to risk. In the event of a security incident that may result in relevant risk or harm to data subjects, we will adopt appropriate containment, investigation, remediation, and communication measures, as required by applicable law.

14. Cookies and similar technologies

DevAgents OS may use cookies, pixels, tags, identifiers, and similar technologies to enable website functionality, improve the user experience, analyze performance, measure audience, protect the platform, and understand interactions with content and features.

We may use the following categories of cookies:

14.1. Essential cookies

These are necessary for the operation of the website and for basic resources such as navigation, security, page loading, authentication, and session maintenance. These cookies do not depend on consent when they are strictly necessary.

14.2. Performance and analytics cookies

These help us understand how visitors use the website, which pages are accessed, which content generates more interest, and how to improve the experience. Whenever possible, we use aggregated or anonymized data.

14.3. Functional cookies

These allow us to remember user preferences, such as language, settings, or previous choices.

14.4. Marketing or third-party cookies

These may be used to measure campaigns, personalize communications, or integrate third-party resources, when applicable and according to consent or an appropriate legal basis.

Users may manage cookies through their browser settings or, when available, through a cookie preferences tool on the website. Disabling essential cookies may impair the operation of certain features.

15. Data subject rights

Under the LGPD, data subjects may request, as applicable:

  • confirmation of the existence of processing;
  • access to processed personal data;
  • correction of incomplete, inaccurate, or outdated data;
  • anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in violation of the LGPD;
  • data portability, subject to applicable regulations and trade and industrial secrets;
  • information about data sharing with public and private entities;
  • information about the possibility of not providing consent and the consequences of refusal;
  • withdrawal of consent;
  • deletion of data processed based on consent, when applicable;
  • review of decisions made solely on the basis of automated processing of personal data, when applicable;
  • objection to processing carried out based on one of the legal bases that waive consent, in case of non-compliance with the LGPD.

Requests will be assessed in accordance with applicable law, third-party rights, legal obligations, trade and industrial secrets, information security, fraud prevention, and other legitimate retention or restriction grounds.

16. How to exercise your rights

To exercise your rights or clarify questions about the processing of personal data, the data subject may contact us through the channels available on the DevAgents OS homepage or through the privacy channel indicated by the company.

Upon receiving a request, we may ask for additional information to confirm the requester’s identity and ensure that data is made available only to the data subject or an authorized legal representative.

When DevAgents OS acts as a processor of personal data on behalf of a client, the request may be forwarded to the client acting as controller, who is responsible for decisions regarding the processing.

17. Automated decisions

DevAgents OS may use automations, artificial intelligence models, and specialized agents to support analysis, classification, artifact generation, technical recommendation, flow diagnostics, bottleneck identification, code review, quality analysis, security, observability, and metrics.

These automations are used as instruments to support operations, governance, and decision-making. Whenever a decision produces relevant effects on natural persons, DevAgents OS will seek to ensure appropriate mechanisms for review, challenge, proportional explainability, and human intervention, as required by applicable law.

18. Responsibilities of clients and authorized users

Clients and authorized users must use DevAgents OS services lawfully, responsibly, and in accordance with this Policy, applicable contracts, and current legislation.

Clients and authorized users are responsible for:

  • ensuring that they are authorized to share data, documents, code, logs, tickets, metrics, and other artifacts with DevAgents OS;
  • avoiding the submission of personal data that is unnecessary, excessive, or incompatible with the purpose of the service;
  • removing, masking, anonymizing, or minimizing personal data whenever possible;
  • protecting credentials, tokens, API keys, and granted access permissions;
  • configuring permissions and integrations proportionally to the contracted purpose;
  • informing DevAgents OS of specific security, confidentiality, retention, or processing restrictions;
  • complying with their own obligations as controllers of personal data, when applicable.

19. Confidentiality of technical and business information

During assessments, demonstrations, or projects, DevAgents OS may have access to the client’s technical, operational, strategic, or commercial information, including architecture, code, documentation, processes, metrics, vulnerabilities, incidents, roadmaps, and business information.

This information will be treated confidentially and used only for authorized purposes, in accordance with the applicable contract, proposal, confidentiality agreement, or equivalent instrument.

20. Links to third parties

Our website, materials, or platform may contain links to third-party websites, documents, tools, or services. DevAgents OS is not responsible for the privacy, security, content, or terms of such third parties.

We recommend that users read the privacy policies and terms of use of any external service before providing personal data or using its features.

21. Updates to this Policy

This Policy may be updated periodically to reflect legal, regulatory, technical, operational, commercial, or security changes.

When relevant changes occur, we may notify users through the website, email, platform notice, or other appropriate channels.

The date of the latest update will always be indicated at the beginning of this document.

22. Contact

For questions about this Policy, requests related to personal data, or the exercise of rights provided under the LGPD, please use the contact channels available on the DevAgents OS homepage.

Until a specific privacy channel or formally appointed data protection officer is made available, requests may be submitted through the platform’s official contact channels.

DevAgents OS
A product currently maintained by PULSEFLOW TECNOLOGIA LTDA
CNPJ: 62.683.137/0001-45
Specialized agent orchestration for the software development lifecycle.