Privacy Policy

1. Information We Collect

Account Information

When you create an account through Clerk (our authentication provider), we collect:

• Email address (required)
• Name (optional, can be updated in your profile)
• Profile picture (optional, managed by Clerk)
• Authentication tokens (managed securely by Clerk, we never store passwords)

Note: We use Clerk for authentication. Your password is never stored on our servers. Clerk handles all authentication securely.

Content You Create

We store the decisions, projects, and related content you create in Decitak:

• Decision titles, descriptions, context, alternatives, and consequences
• Project names, colors, icons, and settings
• Tags and categories associated with decisions
• Comments and discussions on decisions
• Participants added to decisions
• Shared links and their access settings
• AI analysis results (if you use the AI Assistant feature)

Usage Data

We collect analytics to improve the product:

• Pages visited and features used
• Device and browser information
• IP address (for security and fraud prevention)
• Time spent in the app
• AI Assistant usage (number of analyses, for quota management)

AI Assistant Data

Decitak uses artificial intelligence (AI) powered by Anthropic's Claude API to provide AI-powered features including:

• AI Decision Analysis: Automated analysis of your decision questions to generate insights, alternatives, and consequences
• Magic Wand Feature: AI-powered field generation to help you fill in decision forms
• Smart Tag Suggestions: AI-generated tag recommendations based on your decision content

When you use our AI features, we collect:

• Your decision questions, context, and content (sent to Anthropic for processing)
• AI-generated analysis results, suggestions, and tags (stored in our database)
• Usage metrics (number of analyses per month, for plan limits)

Data Processing: Your decision questions and context are sent to Anthropic's API to generate AI analyses. Anthropic's privacy policy applies to this data. We store the results but do not share your raw questions with third parties except as necessary for the AI service.

2. How We Use Your Information

We use your data to:

• Provide the service: Store and retrieve your decisions, projects, and related content
• AI Assistant: Process your decision questions through Anthropic's Claude API to generate AI analyses
• Search functionality: Find decisions in 5s with smart filters (available for all plans)
• Improve the product: Analyze aggregated, anonymized usage patterns to build better features
• Communicate with you: Send product updates, security alerts, support responses, and email notifications (if enabled)
• Process payments: Handle subscription payments through Stripe
• Ensure security: Detect and prevent fraud or abuse
• Comply with law: Respond to legal requests when required

3. Data Sharing

We never sell your data. We only share data with:

• Service providers:
  • Supabase: Database hosting and storage (PostgreSQL)
  • Clerk: User authentication and account management
  • Stripe: Payment processing and subscription management
  • Anthropic: AI Assistant feature (Claude API) - your decision questions are sent to Anthropic for processing
  • Resend: Email delivery service (for notifications and contact form)
• Team members: Decisions are visible to your workspace members only
• Shared links: If you create a shared link (Pro plan), the decision becomes publicly accessible via that link
• Legal authorities: Only when required by law (e.g., valid subpoena)

Data Processing: All service providers are bound by their own privacy policies and data processing agreements. We ensure all providers meet industry standards for data security.

4. Data Security

We take security seriously:

• Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
• Access controls: Row Level Security (RLS) policies in Supabase ensure users can only access their own workspace data
• Authentication: Secure authentication via Clerk with industry-standard security practices
• API security: All API requests require authentication tokens
• Input validation: All user inputs are validated and sanitized to prevent XSS and injection attacks
• Backups: Daily encrypted backups with 30-day retention
• Monitoring: Error tracking via Sentry and security monitoring for suspicious activity
• AI data: Decision questions sent to Anthropic are processed according to their privacy policy and security standards

5. Your Rights

You have full control over your data:

• Access: View all your data at any time through the application
• Export: Download your data in JSON, CSV, or Markdown format (Pro plan feature)
• Delete: Remove individual decisions, projects, or your entire account
• Email preferences: Control which email notifications you receive in your user preferences
• AI data: Delete AI analysis results associated with your decisions
• Shared links: Revoke or delete shared links at any time
• Portability: Export your data to take it to another service

To exercise these rights, email support@decitak.com

6. Data Retention

We keep your data as long as your account is active. When you delete:

• Decisions: Soft-deleted immediately, permanently deleted after 30 days
• Projects: Deleted when all associated decisions are deleted
• AI analyses: Deleted when associated decisions are deleted
• Shared links: Deleted immediately when revoked or when the decision is deleted
• Account: Deleted within 30 days, backups within 90 days
• Logs: Retained for 90 days for security purposes
• Email data: Contact form submissions retained for 1 year for support purposes

7. Cookies & Tracking

We use cookies for:

• Essential cookies: Authentication and session management via Clerk (required for the service to function)
• Functional cookies: Store your preferences and workspace settings
• Analytics: We use Sentry for error tracking and performance monitoring (can be disabled in settings)
• No advertising cookies: We don't use cookies for ads or cross-site tracking

Third-party cookies: Clerk, Stripe, and other service providers may set their own cookies as necessary for their services to function.

8. International Data Transfers

Your data may be processed and stored in servers located outside your country of residence. Our service providers include:

• Supabase: Data stored in their cloud infrastructure (may be in US, EU, or other regions)
• Clerk: Authentication data processed in their infrastructure
• Anthropic: AI processing may occur in their infrastructure
• Stripe: Payment data processed according to their global infrastructure

By using Decitak, you consent to the transfer of your data to these service providers. We ensure all providers comply with applicable data protection laws.

9. Children's Privacy

Decitak is not intended for children under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately at support@decitak.com.

10. Changes to This Policy

We may update this policy occasionally. When we do, we'll:

• Update the "Last updated" date
• Notify you via email for material changes
• Post a notice in the app