DecisionLedger AI

    Privacy Policy

    Effective March 1, 2026

    DecisionLedger AI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the DecisionHost platform and related services.

    1. Information We Collect

    We collect information in the following categories:

    • Account Information: Name, email address, organization name, and role when you create an account
    • Usage Data: Pages visited, features used, session duration, and interaction patterns
    • Decision Data: Scenarios, model inputs, outputs, and configurations you create within the platform
    • Integration Data: Data synchronized from connected systems (HRIS, ERP, etc.) as configured by you
    • Payment Information: Billing details processed securely through Stripe; we do not store full card numbers
    • Device and Log Data: IP address, browser type, operating system, and access timestamps

    2. How We Use Your Information

    We use your information to:

    • Provide, maintain, and improve the Service
    • Process your decision models and deliver analytics results
    • Manage your account, subscriptions, and billing
    • Send service-related communications and updates
    • Monitor platform performance, uptime, and security
    • Comply with legal obligations and enforce our Terms of Service

    3. Data Sharing and Third Parties

    We do not sell your personal data. We share data only with the following categories of service providers, under strict contractual obligations:

    • Amazon Web Services (AWS): Cloud infrastructure, compute, storage, and database services (us-west-2 region)
    • AWS Cognito: Authentication and identity management
    • Stripe: Payment processing and subscription management
    • PostHog: Product analytics (anonymized usage data only)

    We may also disclose information if required by law, subpoena, or governmental request, or to protect the rights and safety of DecisionLedger AI, our users, or the public.

    4. Data Security

    We implement industry-standard security measures to protect your data:

    • Encryption at rest: AES-256 encryption for all stored data
    • Encryption in transit: TLS 1.2+ for all data transfers
    • Row-Level Security (RLS): Tenant isolation at the database level across all tables
    • Immutable audit logs: S3 Object Lock ensures audit trails cannot be altered or deleted
    • Access controls: Role-based access with 40+ granular permissions
    • PII scanning: Automated detection and classification of personal data in model inputs

    5. Data Retention

    We retain your account information and decision data for the duration of your subscription. Following account termination, we retain data for 30 days to allow export, after which it is permanently deleted. Audit logs are retained according to your plan tier (30 days for Starter, 180 days for Professional, custom for Enterprise). Anonymized analytics data may be retained indefinitely for service improvement.

    6. Your Rights

    Depending on your jurisdiction, you may have the right to:

    • Access the personal data we hold about you
    • Request correction of inaccurate data
    • Request deletion of your personal data
    • Export your data in a portable format
    • Object to or restrict certain processing activities
    • Withdraw consent where processing is consent-based

    To exercise any of these rights, contact us at privacy@decisionledgerai.com.

    7. International Data Transfers

    Our Service is hosted in the United States (AWS us-west-2 region). If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We implement appropriate safeguards, including Standard Contractual Clauses where required, to ensure your data is protected in accordance with applicable law.

    8. Children's Privacy

    The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will take steps to delete it promptly.

    9. California Privacy Rights

    If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA). For details on your rights and how to exercise them, please see our California Privacy Rights page.

    10. Data Processing Agreement

    For customers who require a formal data processing agreement, our Data Processing Agreement (DPA) describes our obligations as a data processor, sub-processor list, security measures, and breach notification procedures.

    11. Cookies

    We use cookies and similar technologies to operate the Service. For details on the types of cookies we use and how to manage them, please see our Cookie Policy.

    12. Changes to This Policy

    We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The "Effective" date at the top of this page indicates when the policy was last revised.

    13. Contact

    If you have questions or concerns about this Privacy Policy, please contact us at privacy@decisionledgerai.com.