Decision Lens
Home

Privacy Policy

Last updated: February 22, 2026

This policy explains what data we collect, why we collect it, and how we handle it when you use Decision Lens.

What We Collect

  • Account data such as your email address and basic profile details.
  • Workspace content you create, including sandboxes, graph versions, assumptions, constraints, and node notes.
  • Subscription and billing metadata (for example plan and status). Full payment details are processed by Stripe.
  • Basic service logs needed for security, troubleshooting, and abuse prevention.
  • AI feature requests and related context needed to generate responses.
  • Consent records (such as when terms were accepted, privacy was acknowledged, and marketing preferences).

How We Use Data

  • To authenticate your account and provide access to your workspace.
  • To save, sync, and restore your sandbox and graph history.
  • To enforce account limits and plan entitlements.
  • To generate AI-assisted outputs you request.
  • To improve reliability, usability, safety, and abuse prevention.
  • To maintain required records of legal and consent acknowledgments.

Cookies and Similar Technologies

We use essential cookies and similar technologies needed for secure authentication, abuse prevention, and core site functionality. We also use analytics cookies only after you opt in.

  • Essential: session/authentication and security controls needed to run the service.
  • Analytics (optional): Google Analytics to measure usage and improve product performance.
  • Abuse prevention: Cloudflare Turnstile on public demo flows to help block automated abuse.

You can accept all or reject all non-essential cookies at any time using the controls below.

Cookie controls
No cookie preference saved

AI Data Handling

We do not use your content to train our own AI models.

When you use AI features, relevant prompt and workspace context is sent to OpenAI to generate output. We also log AI usage metadata such as endpoint used, token counts, estimated cost, and timestamps for quota, billing, and service reliability operations.

Sharing and Processors

We do not sell your personal data. We share data with service providers only as needed to operate the product:

  • Supabase for authentication and database hosting.
  • Stripe for billing and subscription management.
  • OpenAI for AI generation APIs used by app features.
  • Google Analytics for optional product analytics when you consent.
  • Cloudflare Turnstile for bot and abuse mitigation on demo requests.
  • Upstash Redis (if enabled) for shared rate limiting and abuse controls.

Shared Links

If you create a share link, anyone with that link token can access the shared sandbox payload. Share links are designed to expire automatically (currently 30 days unless changed by product settings). Do not share links for sensitive decisions unless you intend that access.

Data Retention and Security

We retain account and workspace data while your account is active and for a limited period afterward where required for legal, security, backup, or dispute-resolution purposes. We use reasonable administrative and technical safeguards, but no system can be guaranteed 100% secure.

  • Stripe webhook event records are routinely pruned (currently after approximately 90 days).
  • Share link records include expiry handling and are invalid after expiration.

Your Rights and Choices

  • You can update sandbox content and profile information from your account.
  • You can delete sandboxes directly in the app.
  • You can export your data from Settings.
  • You can delete your account directly from Settings.
  • Where applicable, you may request access, correction, deletion, portability, or objection to processing.
  • You may request information about categories of data shared and processors used for your account.

International Transfers, Australia, and Children

Your information may be processed in countries other than your own, including jurisdictions where our providers operate. For users in Australia, we handle personal information consistent with applicable Australian privacy obligations, including requests to access and correct personal information where required by law. Decision Lens is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

Policy Changes

We may update this policy from time to time. If changes are material, we will post an updated date and provide notice where required by law.

Contact

For privacy questions or requests, contact: privacy@decisionlensapp.com

Help
Privacy Policy | Decision Lens