Security

Your decisions are some of the most personal data you can record. Here’s how we protect them — and where we’re honest about our limits.

Encrypted in transit

All traffic between you and Decize runs over HTTPS/TLS. Your data is hosted on Supabase, which encrypts stored data at rest.

Isolated to your account

Every record is scoped to your account with database row-level security. Other users can't read your data, even by accident.

Secure sign-in

Accounts use email and password, managed by our authentication provider. Passwords are hashed — never stored in plain text — and your session lives in a secure, http-only cookie.

Private file storage

Images, voice memos, and documents are kept in a private store scoped to your account, and download links expire after one hour.

Content-blind operations

The internal tools we use to run Decize show only metadata — counts, status, and timestamps. They can't read the text of your decisions, reflections, or insights.

No third-party tracking

No analytics services, no advertising trackers, no cross-site cookies. We don't profile you and we don't sell your data.

What we send to AI

To generate analysis and “similar decisions” recall, we send the content a feature needs — typically a decision’s title, the values you’ve chosen, and short summaries of related past decisions — to third-party AI and embedding providers. We don’t send your whole account. We can’t yet promise those providers never use inputs to improve their models, so treat a decision’s contents as something a trusted third party may read. There’s more detail in our Privacy Policy.

Your control

  • Export any decision to a portable Markdown file at any time.
  • Edit or delete any decision yourself — deleting also removes its related data.
  • Email support@decize.app to delete your entire account and its data.

Reporting a vulnerability

Found a security issue? We’d genuinely like to hear from you. Email support@decize.appwith the details and steps to reproduce, and please give us a reasonable chance to fix it before disclosing publicly. We don’t have a paid bug-bounty program yet, but we’re grateful for responsible reports.

Honest limits

Decize is an early-stage product built by a small team. We follow the practices above, but no online service can promise perfect security. We’ll keep hardening Decize and will update this page as our practices evolve.