Privacy Policy
This Privacy Policy explains how Decisive (“Decisive”, “we”, “us”, or “our”) collects, uses, shares, and protects information when you use our website at decisive.rocks, our application at app.decisive.rocks, and related features (together, the “Service”). It works alongside our Terms of Service.
In short: your team’s content is yours. We process it to run the workspace and the features you choose to use, we rely on a small set of trusted providers to do that, and we don’t sell your data.
1. Information we collect
Account information
When you sign up, we collect your email address (used for passwordless login) and basic profile details you provide, such as a display name and avatar image. We do not store passwords, because we use one-time email codes to sign you in.
Workspace content
We store the content you and your team create in a workspace, including chat messages, tasks, documents, discussions, comments, reactions, and uploaded file attachments. This content is provided by you and shared with the members of your workspace.
Integration data
If you connect integrations, we process the data needed to make them work. For GitHub, this includes repository content and metadata accessed under the permissions you grant. If your workspace provides its own AI provider API key, we store it encrypted and use it to make AI requests on your behalf.
Billing information
When you subscribe to a paid plan, payment is processed by our payment provider, Paddle, which acts as the merchant of record. Paddle collects and processes your payment details (such as card or other payment information) and billing address directly; we do not receive or store full payment card numbers. We receive limited billing records from Paddle, such as your plan, subscription status, the last digits and type of your payment method, and invoices, so we can manage your subscription.
Voice, video & transcripts
When you use huddles or the voice AI agent, we and our real-time communication providers process audio and video streams, and may generate captions, transcripts, and synthesized AI voice as part of the feature.
Usage, device & log data
Like most online services, we and our providers automatically collect technical information such as IP address, browser and device type, pages and features used, timestamps, and diagnostic logs. We use this to operate, secure, debug, and improve the Service. We may use privacy-respecting product analytics for the same purposes.
Cookies & local storage
We use cookies and similar browser storage (including local storage and IndexedDB) to keep you signed in, remember preferences, support offline and real-time editing of documents, and keep the Service secure. We do not use third-party advertising cookies.
2. How we use information
- to provide, maintain, and operate the Service and its features;
- to authenticate you and keep your account and workspace secure;
- to power AI features you use, including generating responses, summaries, and code changes;
- to enable integrations you connect, such as GitHub;
- to respond to support requests and communicate with you about the Service;
- to monitor, debug, prevent abuse of, and improve the Service; and
- to comply with legal obligations and enforce our Terms.
Where required by law, we rely on the following legal bases: performance of our contract with you (to provide the Service), our legitimate interests (to secure and improve the Service), your consent (where requested), and compliance with legal obligations.
3. AI processing
When you use AI features, relevant workspace content is sent to AI providers — primarily Anthropic (Claude) — to generate a response, and, for voice features, to speech-to-text and text-to-speech providers. Where your workspace uses its own provider API key, requests are made under your own account with that provider and are also subject to that provider’s terms and privacy practices. We do not use your content to train our own models, and we rely on our AI providers’ commitments not to train their models on data submitted through their business APIs.
4. Code & repository data
If you connect a GitHub repository, our build and coding-agent features may clone your repository into a secure cloud environment to run, edit, preview, and propose changes, and may send relevant code to AI providers to generate those changes. Proposed changes are delivered as pull requests for your review. Your source code remains in your own GitHub repository, and you can disconnect the integration at any time.
5. How we share information
We do not sell your personal information. We share information only as needed to run the Service: with the members of your workspace; with the service providers (sub-processors) listed below; in connection with a merger, acquisition, or sale of assets (with notice where required); and when required by law or to protect rights, safety, and the integrity of the Service.
Sub-processors
We rely on the following providers to operate the Service. They process data on our behalf:
| Provider | Purpose |
|---|---|
| Supabase | Authentication, database, file storage, and real-time sync |
| Cloudflare | Hosting, serverless functions, cloud containers for the coding/voice agents, real-time media, and bot prevention |
| Anthropic (Claude) | AI assistant, summaries, code generation, and other AI features |
| GitHub | Source-control integration (repository access, branches, pull requests) |
| LiveKit | Real-time audio and video for huddles and the voice agent |
| Deepgram | Speech-to-text (captions and voice transcription) |
| ElevenLabs | Text-to-speech (AI voice responses) |
| Paddle | Payment processing, billing, and tax handling (merchant of record) |
| Mailgun | Transactional and product email delivery |
| PostHog | Product analytics and diagnostics |
This list may change as the Service evolves; we will keep it up to date here. Some providers process data in the United States and other countries.
6. Data retention
We retain your information for as long as your account and workspace are active and as needed to provide the Service. When you delete content, your account, or your workspace, we delete or anonymize the associated data within a reasonable period, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements. Residual copies may persist in routine backups for a limited time before being overwritten.
7. Security
We take reasonable technical and organizational measures to protect your information, including encryption in transit, encryption of sensitive credentials (such as AI provider API keys) at rest, and access controls that isolate each workspace’s data. No method of transmission or storage is completely secure, and during the alpha period you should not rely on the Service as your only copy of important data.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, export, or restrict the processing of your personal information, and to object to certain processing or withdraw consent. You can update much of your profile and content directly in the app, and you can delete your account. To exercise any of these rights, contact us at contact@decisive.rocks and we will respond as required by applicable law. If a workspace administrator controls your workspace, some requests may need to be directed to them.
9. International transfers
We and our providers operate globally, and your information may be processed in countries other than your own, including the United States. Where required, we rely on appropriate safeguards for such transfers.
10. Children
The Service is not directed to children, and you must be at least 16 years old (or the age of digital consent in your jurisdiction, if higher) to use it. We do not knowingly collect personal information from children below that age.
11. Billing & refunds
Paid-plan payments are processed by our payment provider, Paddle, which acts as the merchant of record and handles your payment and billing information. Decisive does not store full payment card details. Our billing, cancellation, and refund terms — including that subscriptions can be cancelled anytime, remain active until the end of the paid period, and that payments are non-refundable except where required by law — are set out in our Terms of Service.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
13. Contact
Questions about your privacy or this policy? Email us at contact@decisive.rocks.
Questions?
Reach us at contact@decisive.rocks.