DecisionLedger AI

    Privacy Policy

    Effective March 1, 2026

    DecisionLedger AI™ ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the DecisionLedger platform and related services.

    1. Information We Collect

    We collect information in the following categories:

    • Account Information: Name, email address, organization name, and role when you create an account
    • Usage Data: Pages visited, features used, session duration, and interaction patterns
    • Decision Data: Scenarios, model inputs, outputs, and configurations you create within the platform
    • Integration Data: Data synchronized from connected systems (HRIS, ERP, etc.) as configured by you
    • Payment Information: Billing details processed securely through Stripe; we do not store full card numbers
    • Device and Log Data: IP address, browser type, operating system, and access timestamps

    2. How We Use Your Information

    We use your information to:

    • Provide, maintain, and improve the Service
    • Process your decision models and deliver analytics results
    • Manage your account, subscriptions, and billing
    • Send service-related communications and updates
    • Monitor platform performance, uptime, and security
    • Comply with legal obligations and enforce our Terms of Service

    3. Data Sharing and Third Parties

    We do not sell your personal data. We share data only with the following categories of service providers, under strict contractual obligations:

    • Amazon Web Services (AWS): Cloud infrastructure, compute, storage, and database services (us-west-2 region)
    • AWS Cognito: Authentication and identity management
    • Stripe: Payment processing and subscription management
    • PostHog: Product analytics (anonymized usage data only)
    • AWS Bedrock: AI language model inference (Claude models via AWS Bedrock) for assistant, evaluation, and narrative features. All AI processing runs within our AWS VPC — no decision data, model inputs, or AI-generated outputs leave the AWS cloud boundary. No customer data is stored or used for model training.
    • Sentry: Application error monitoring and performance tracing. PII scrubbing enabled; only sanitized error metadata is transmitted.
    • Zoom: Video conferencing integration for committee meetings and board sessions. OAuth scope limited to meeting creation and participant management.

    If you configure external AI provider API keys (e.g., Anthropic, OpenAI) for optional cost reconciliation, the platform may contact those providers' usage APIs to retrieve aggregate token counts and billing metadata. No personal data, decision inputs, or model outputs are transmitted in these calls.

    We may also disclose information if required by law, subpoena, or governmental request, or to protect the rights and safety of DecisionLedger AI, our users, or the public.

    3.1 AI Model Training and Data Use

    We do not use customer data to train, fine-tune, or improve AI models. All AI inference is performed via Amazon Bedrock within our AWS VPC. No customer data — including decision inputs, model outputs, prompts, or completions — leaves the data boundary or is shared with model providers for training purposes. This applies to all AI features including the assistant, evaluator, narratives, and classification services.

    4. Data Security

    We implement industry-standard security measures to protect your data:

    • Encryption at rest: AES-256 encryption for all stored data
    • Encryption in transit: TLS 1.2+ for all data transfers
    • Row-Level Security (RLS): Tenant isolation at the database level across all tables
    • Immutable audit logs: S3 Object Lock ensures audit trails cannot be altered or deleted
    • Access controls: Role-based access control with multi-tier permission levels
    • PII scanning: Automated detection and classification of personal data in model inputs

    4.1 AI Assistant Data

    AI assistant conversations are stored encrypted at rest within your tenant's isolated data partition. Conversation content is subject to PII redaction before transmission to AI models. Users may apply per-conversation confidentiality policies:

    • Zero-Retention: Permanently deletes the conversation and all messages after the user-specified retention period (1–365 days)
    • Restricted Access: Limits access to the conversation owner only, with audit logging on every access

    No conversation content is used for AI model training. All AI inference runs via Amazon Bedrock within our VPC.

    5. Data Retention

    We retain your account information and decision data for the duration of your subscription. Following account termination, we retain data for 30 days to allow export, after which it is permanently deleted. Audit logs are retained according to your plan tier (30 days for Starter, 180 days for Professional, custom for Enterprise). Anonymized analytics data may be retained indefinitely for service improvement.

    AI assistant conversations are retained for the duration of your subscription unless you apply a per-conversation zero-retention policy, which permanently deletes the conversation and all messages after your specified retention period (1–365 days). Conversations marked with the "restricted" confidentiality policy are accessible only to the conversation owner and are excluded from any administrative access.

    6. Your Rights

    Depending on your jurisdiction, you may have the right to:

    • Access the personal data we hold about you
    • Request correction of inaccurate data
    • Request deletion of your personal data
    • Export your data in a portable format
    • Object to or restrict certain processing activities
    • Withdraw consent where processing is consent-based

    To exercise any of these rights, contact us at privacy@decisionledgerai.com.

    7. International Data Transfers

    Our Service is hosted in the United States (AWS us-west-2 region). If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We implement appropriate safeguards, including Standard Contractual Clauses where required, to ensure your data is protected in accordance with applicable law.

    8. Children's Privacy

    The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will take steps to delete it promptly.

    9. California Privacy Rights

    If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA). For details on your rights and how to exercise them, please see our California Privacy Rights page.

    10. Data Processing Agreement

    For customers who require a formal data processing agreement, our Data Processing Agreement (DPA) describes our obligations as a data processor, sub-processor list, security measures, and breach notification procedures. Administrators may sign the DPA electronically through the Confidentiality Settings in the admin dashboard.

    10.1 HIPAA and Protected Health Information

    DecisionLedger AI operates as a Business Associate under HIPAA when processing data for healthcare Covered Entities. Customers who are HIPAA Covered Entities or Business Associates may execute a Business Associate Agreement (BAA) through the admin dashboard.

    When a BAA is in effect and the healthcare domain is enabled for your tenant:

    • All plugin executions enforce strict PHI detection covering the HIPAA Safe Harbor 18 identifiers
    • Automated breach detection monitors for unauthorized access patterns and alerts administrators
    • HIPAA-specific audit events are generated for every plugin execution in healthcare mode
    • Minimum data retention of 6 years applies per 45 CFR §164.530(j)
    • Session idle timeout is configurable (recommended: 15 minutes)
    • All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)

    We do not use Protected Health Information to train AI models. All AI processing for healthcare tenants runs via Amazon Bedrock within our AWS VPC. For breach notification procedures, see our HIPAA Breach Notification Procedure document available upon request.

    11. Cookies

    We use cookies and similar technologies to operate the Service. For details on the types of cookies we use and how to manage them, please see our Cookie Policy.

    12. Changes to This Policy

    We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The "Effective" date at the top of this page indicates when the policy was last revised.

    13. Contact

    If you have questions or concerns about this Privacy Policy, please contact us at privacy@decisionledgerai.com.