At Decitak, we take your privacy seriously. This policy explains how we collect, use, and protect your data.
TL;DR
✓We only collect data necessary to provide the service
✓Your decisions are private to your workspace
✓We never sell your data to third parties
✓All data is encrypted at rest and in transit
✓You can export or delete your data anytime
1. Information We Collect
Account Information
When you create an account through Clerk (our authentication provider), we collect:
Email address (required)
Name (optional, can be updated in your profile)
Profile picture (optional, managed by Clerk)
Authentication tokens (managed securely by Clerk, we never store passwords)
Note: We use Clerk for authentication. Your password is never stored on our servers. Clerk handles all authentication securely.
Content You Create
We store the decisions, projects, and related content you create in Decitak:
Decision titles, descriptions, context, alternatives, and consequences
Project names, colors, icons, and settings
Tags and categories associated with decisions
Comments and discussions on decisions
Participants added to decisions
Shared links and their access settings
AI analysis results (if you use the AI Assistant feature)
Usage Data
We collect analytics to improve the product:
Pages visited and features used
Device and browser information
IP address (for security and fraud prevention)
Time spent in the app
AI Assistant usage (number of analyses, for quota management)
AI Assistant Data
Decitak uses artificial intelligence (AI) powered by Anthropic's Claude API to provide AI-powered features including:
AI Decision Analysis: Automated analysis of your decision questions to generate insights, alternatives, and consequences
Magic Wand Feature: AI-powered field generation to help you fill in decision forms
Smart Tag Suggestions: AI-generated tag recommendations based on your decision content
Semantic Search: AI-powered search to find decisions by meaning, not just keywords (Pro plan)
When you use our AI features, we collect:
Your decision questions, context, and content (sent to Anthropic for processing)
AI-generated analysis results, suggestions, and tags (stored in our database)
Usage metrics (number of analyses per month, for plan limits)
AI Accuracy & Responsibility
Important: AI-generated content may contain errors, inaccuracies, or incomplete information. The AI is a tool to assist you, but you are responsible for reviewing, verifying, and validating all AI-generated content before using it in your decisions.
We are not responsible for any errors, omissions, or inaccuracies in AI-generated content. You should not rely solely on AI-generated content for critical decisions without human review and validation.
Data Processing: Your decision questions and context are sent to Anthropic's API to generate AI analyses. Anthropic's privacy policy applies to this data. We store the results but do not share your raw questions with third parties except as necessary for the AI service.
2. How We Use Your Information
We use your data to:
Provide the service: Store and retrieve your decisions, projects, and related content
AI Assistant: Process your decision questions through Anthropic's Claude API to generate AI analyses
Search functionality: Generate embeddings for semantic search (Pro plan feature)
Improve the product: Analyze aggregated, anonymized usage patterns to build better features
Communicate with you: Send product updates, security alerts, support responses, and email notifications (if enabled)
Process payments: Handle subscription payments through Stripe
Ensure security: Detect and prevent fraud or abuse
Comply with law: Respond to legal requests when required
3. Data Sharing
We never sell your data. We only share data with:
Service providers:
Supabase: Database hosting and storage (PostgreSQL)
Clerk: User authentication and account management
Stripe: Payment processing and subscription management
Anthropic: AI Assistant feature (Claude API) - your decision questions are sent to Anthropic for processing
Resend: Email delivery service (for notifications and contact form)
Team members: Decisions are visible to your workspace members only
Shared links: If you create a shared link (Pro plan), the decision becomes publicly accessible via that link
Legal authorities: Only when required by law (e.g., valid subpoena)
Data Processing: All service providers are bound by their own privacy policies and data processing agreements. We ensure all providers meet industry standards for data security.
4. Data Security
We take security seriously:
Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3)
Access controls: Row Level Security (RLS) policies in Supabase ensure users can only access their own workspace data
Authentication: Secure authentication via Clerk with industry-standard security practices
API security: All API requests require authentication tokens
Input validation: All user inputs are validated and sanitized to prevent XSS and injection attacks
Backups: Daily encrypted backups with 30-day retention
Monitoring: Error tracking via Sentry and security monitoring for suspicious activity
AI data: Decision questions sent to Anthropic are processed according to their privacy policy and security standards
5. Your Rights
You have full control over your data:
Access: View all your data at any time through the application
Export: Download your data in JSON, CSV, or Markdown format (Pro plan feature)
Delete: Remove individual decisions, projects, or your entire account
Email preferences: Control which email notifications you receive in your user preferences
AI data: Delete AI analysis results associated with your decisions
Shared links: Revoke or delete shared links at any time
Portability: Export your data to take it to another service
We keep your data as long as your account is active. When you delete:
Decisions: Soft-deleted immediately, permanently deleted after 30 days
Projects: Deleted when all associated decisions are deleted
AI analyses: Deleted when associated decisions are deleted
Shared links: Deleted immediately when revoked or when the decision is deleted
Account: Deleted within 30 days, backups within 90 days
Logs: Retained for 90 days for security purposes
Email data: Contact form submissions retained for 1 year for support purposes
7. Cookies & Tracking
We use cookies for:
Essential cookies: Authentication and session management via Clerk (required for the service to function)
Functional cookies: Store your preferences and workspace settings
Analytics: We use Sentry for error tracking and performance monitoring (can be disabled in settings)
No advertising cookies: We don't use cookies for ads or cross-site tracking
Third-party cookies: Clerk, Stripe, and other service providers may set their own cookies as necessary for their services to function.
8. International Data Transfers
Your data may be processed and stored in servers located outside your country of residence. Our service providers include:
Supabase: Data stored in their cloud infrastructure (may be in US, EU, or other regions)
Clerk: Authentication data processed in their infrastructure
Anthropic: AI processing may occur in their infrastructure
Stripe: Payment data processed according to their global infrastructure
By using Decitak, you consent to the transfer of your data to these service providers. We ensure all providers comply with applicable data protection laws.
9. Children's Privacy
Decitak is not intended for children under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately at privacy@decitak.com.
10. Changes to This Policy
We may update this policy occasionally. When we do, we'll: