Radix Art Inc. ("Radix Art," "we," "us," or "our") operates the Decidia decision-support application at decidia.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information, and describes your rights and choices. By creating an account or using the Service, you agree to the practices described in this Privacy Policy.
1 Who We Are
For users in the European Union or United Kingdom, Radix Art Inc. acts as the data controller for your personal information.
2 Information We Collect
2.1 Account Information
When you create a Decidia account, we collect:
| Data | Required | Notes |
|---|---|---|
| Email address | Yes | Used for authentication and communications |
| Password | No | Only if registering directly; stored as a secure one-way hash. Not collected if you sign in via Google. |
| Full name | No | If you choose to provide it |
| Profile avatar image | No | If you choose to upload one |
If you sign in using Google, we receive your name, email address, and profile picture from Google in accordance with the permissions you grant during that sign-in flow.
2.2 Decision Content
Decidia stores the decisions, criteria, priorities, alternatives, scores, and any other content you create within the Service ("Decision Content"). This content belongs to you and is treated as private by default. See Section 4 for our specific commitments regarding Decision Content.
2.3 Usage and Technical Data
We automatically collect certain technical data when you use the Service:
- IP address and approximate location (country or region level)
- Browser type and version, device type and operating system
- Pages and features accessed, time spent, and actions taken within the Service
- Referring URLs
- Error logs and diagnostic data
2.4 Payment Information
We do not collect or store credit card numbers, bank account information, or other payment credentials. All subscription payments are processed by Polar.sh, an independent payment processor. You are also subject to Polar.sh's Privacy Policy when making payments. We receive from Polar.sh only:
- Your subscription plan and tier
- Subscription status (active, canceled, past due)
- Renewal and billing dates
- Email address (for account matching)
3 How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Creating and managing your account | Performance of contract |
| Providing the Service (storing and displaying your decisions) | Performance of contract |
| Sending transactional emails (confirmation, password reset, billing notices) | Performance of contract |
| Responding to support requests | Performance of contract / Legitimate interest |
| Detecting and preventing fraud, abuse, and security incidents | Legitimate interest |
| Analyzing aggregate, anonymized usage to improve the Service | Legitimate interest |
| Sending product announcements and updates (opt-out available) | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We do not:
- Sell your personal information to third parties
- Use your Decision Content for advertising or marketing
- Use your Decision Content to train, fine-tune, or evaluate AI or machine learning models
- Share your personal information for third-party direct marketing
4 Decision Content and Sensitive Information
We recognize that the decisions you create in Decidia may touch on deeply personal matters — including health conditions, financial situations, family circumstances, or other sensitive topics. A user might create a decision such as "Choose an oncologist for upcoming treatment" or "Decide whether to change careers," which could reveal sensitive personal information.
Our commitments regarding Decision Content:
- Private by default. Your decisions are visible only to you.
- We do not read your decisions. Decidia employees and contractors do not access or review your Decision Content except: (a) at your explicit request when seeking technical support, or (b) when required by a valid legal obligation.
- No profiling. We do not use Decision Content to build profiles, serve advertising, draw inferences about you, or make automated decisions about you.
- No sharing. Decision Content is never disclosed to third parties, except to our database infrastructure provider (Supabase) solely for the purpose of storing it securely and returning it to you.
- No AI training. Decision Content is not used to train, fine-tune, or benchmark any machine learning or AI systems, now or in the future.
5 Sharing of Information
5.1 Service Providers (Subprocessors)
We share personal data only with service providers who process it on our behalf and under our instructions:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database storage and user authentication | Account data, Decision Content |
| Polar.sh | Subscription billing and payment processing | Email address, subscription status |
| OAuth sign-in (only if you choose to use it) | Email address, name, avatar | |
| Google Analytics | Aggregate usage analytics | Usage data, anonymized IP address |
All service providers are contractually prohibited from using your data for their own purposes and are required to protect it appropriately.
5.2 Legal Requirements
We may disclose personal information if required by law, subpoena, court order, or other governmental process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Radix Art Inc., our users, or the public.
5.3 Business Transfers
If Radix Art Inc. is acquired by, merged with, or transfers substantially all its assets to another entity, your personal information may be transferred as part of that transaction. We will provide advance notice via email and/or a prominent in-app notice before your information becomes subject to a different privacy policy.
5.4 With Your Consent
We may share your information for any other purpose with your prior explicit consent.
6 Cookies and Tracking
6.1 Types of Cookies We Use
| Type | Purpose |
|---|---|
| Essential | Required for authentication and security. The Service cannot function without these. |
| Analytics | Help us understand how the Service is used in aggregate (Google Analytics). |
6.2 Google Analytics
We use Google Analytics to understand aggregate usage patterns such as pages visited, features used, and general geographic location (country level). We have enabled IP anonymization so full IP addresses are not retained by Google. For more information, see Google's Privacy Policy and the Google Analytics opt-out browser add-on.
6.3 Your Cookie Choices
You can manage or disable cookies through your browser settings. Disabling essential cookies will prevent you from logging in to the Service. Disabling analytics cookies will not affect your use of the Service.
Users located in the EU/EEA will be asked for consent before non-essential cookies are placed.
7 Data Retention
| Data | Retention Period |
|---|---|
| Account information (email, name, avatar) | Retained while your account is active |
| Decision Content | Retained while your account is active |
| Usage and analytics data | Up to 26 months (Google Analytics default) |
| Billing records | As required by applicable law (typically 7 years) |
When you delete your account, all personal information and Decision Content will be permanently deleted from our systems within 90 days. Aggregate, anonymized data that cannot identify you may be retained indefinitely for product improvement purposes.
8 Data Security
We implement industry-standard technical and organizational security measures to protect your personal information:
- All data in transit is encrypted using TLS (HTTPS)
- Passwords are stored as secure one-way hashes and are never stored or transmitted in plain text
- Access to personal data is restricted on a least-privilege basis to personnel who need it to provide the Service
- Our infrastructure provider, Supabase, maintains SOC 2 Type II compliance
No method of transmission over the internet or electronic storage is completely secure. If you suspect your account has been compromised, please contact us immediately at hello@decidia.app.
9 International Data Transfers
Radix Art Inc. is based in the United States. If you access the Service from the European Union or European Economic Area, your personal data will be transferred to and processed in the United States.
For EU/EEA users, we rely on the following safeguards:
- Standard Contractual Clauses (SCCs) with our service providers (Supabase, Google) as approved by the European Commission
- The applicable data transfer mechanisms of Polar.sh for payment data
10 Your Rights
10.1 All Users
You have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Update your account information at any time through account settings
- Deletion: Close your account and request erasure of your personal data
- Opt out of marketing communications: Use the unsubscribe link in any marketing email, or contact us at hello@decidia.app
10.2 EU/EEA Users (GDPR)
In addition to the rights above, you have the right to:
- Data portability: Receive your personal data in a structured, commonly used, machine-readable format
- Restriction of processing: Request that we restrict processing of your data in certain circumstances
- Object to processing: Object to processing based on legitimate interests
- Withdraw consent: Where we process data based on consent, withdraw that consent at any time without affecting prior processing
- Lodge a complaint: With your national supervisory authority (e.g., the CNIL in France, the ICO in the UK, the Datenschutzbehörde in Austria)
We will respond to rights requests within 30 days.
10.3 California Residents (CCPA/CPRA)
As a California resident, you have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information we collect, our purposes for collecting it, and any parties with whom we share it
- Delete: Request deletion of your personal information, subject to certain legal exceptions
- Correct: Request correction of inaccurate personal information
- Opt out of sale or sharing: We do not sell personal information or share it for cross-context behavioral advertising
- Non-discrimination: We will not treat you differently for exercising your CCPA rights
Categories of personal information we collect (per CCPA):
- Identifiers: email address, IP address
- Personal information under Cal. Civ. Code § 1798.80: name
- Internet or other electronic network activity: usage data
- We do not sell any of the above categories
To submit a CCPA request, contact us at hello@decidia.app with "CCPA Request" in the subject line. We may need to verify your identity before processing your request.
11 Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13. If we learn that a user is under 13, we will immediately suspend the account and delete all associated personal data within 30 days.
Users between the ages of 13 and 15 may only use the Service with the prior review and consent of a parent or legal guardian. By creating an account, users in this age group represent that their parent or guardian has reviewed these Terms and our Privacy Policy and consents to their use of the Service.
If you are a parent or guardian and believe your child has created an account without your knowledge, please contact us at hello@decidia.app and we will promptly investigate and, if appropriate, close the account and delete the associated data.
12 Changes to This Policy
We may update this Privacy Policy periodically. For material changes, we will notify you by:
- Emailing the address associated with your account, and/or
- Displaying a prominent notice within the Service
The updated policy will be effective as of the date shown at the top of this page. Your continued use of the Service after that date constitutes acceptance of the updated policy.
13 Contact Us
For questions, concerns, or rights requests related to this Privacy Policy, please contact:
EU/EEA users who are not satisfied with our response have the right to contact their national data protection authority.