Skip to content

Security & privacy

Last updated 26 June 2026

Two things matter when you trust a tool with a real decision: that your data is held carefully, and that the “debate” is genuine rather than theatre. This page answers both, directly and without spin.

Is my data private and secure?

Yes. Your data travels over TLS (encrypted in transit) and is stored encrypted at rest in the EU. Decidi stores only what it needs, never sells your content, and never uses your work to train AI models. We are also upfront about what we don’t yet have — there are no formal certifications like SOC 2 to imply.

Part one

Data security & privacy posture

Encryption

Everything you send to Decidi travels over TLS, so it is encrypted in transit. At rest, your account records, decision history and uploaded files are stored encrypted by our hosting provider. There is no point in the flow where your brief crosses the network in the clear.

Where your data lives

Account data, debates and credit ledgers are stored in Supabase, hosted in the European Union region. We deliberately keep what we store narrow — your email, the decisions you run, the resulting transcripts, and the usage needed to meter credits accurately.

Files you upload

Files you attach — photos, screenshots, documents — are used only to inform the active debate you attached them to. They are not repurposed, not shared, and not used for anything beyond generating that council’s response. You can delete uploaded files, and we will remove them on request independently of the rest of your account.

We do not train on your data

Decidi does not use your prompts, files, transcripts or verdicts to train any model. We do not sell your content. When your debate is sent to the underlying providers, we instruct them not to retain it for training where their API allows that instruction, and provider handling is governed by their enterprise/API data terms — which, for API traffic, process your content to return a response rather than to improve a consumer-facing model.

Who else touches your data

We keep our supplier list deliberately short and use established providers under their data-protection terms. The services that may process your data, and the only reason each one does:

  • Frontier-model providers— OpenAI, Anthropic, Google and xAI, reached through the FastRouter gateway. They receive the brief and work you submit only to return each council member’s response, and process it to answer rather than to train (see above).
  • Supabase — stores your account, decisions, transcripts and uploaded files, in the European Union region.
  • Vercel — hosts and serves the application, and provides privacy-friendly, cookieless usage analytics (no tracking cookies).
  • Paystack — processes payments; it handles your card and billing details so we never do.
  • Resend — delivers transactional email (receipts, sign-in codes and account notices) to your email address.

We do not sell or share your content with anyone else, and we use no third-party advertising or cross-site tracking networks.

Access controls

Access to production data is restricted to the small number of people who operate the service, and only when needed to run or support it. Authentication protects your account, and your data is isolated from other users at the data layer.

Payment security

Payments are processed by Paystack, a PCI-DSS Level 1 compliant payment provider. Your card details are entered with Paystack, not with us — full card numbers, CVV and PIN never touch Decidi’s servers. We receive only confirmation that a payment succeeded and the associated reference and amount.

Requesting deletion

You can delete individual decisions from your history at any time. To delete your whole account, your decisions and your uploaded files, email support@decidi.ai. We retain only the minimal billing records the law requires.

Data retention

Your decisions and their transcripts are kept in your account so you can reopen and download them until you delete them — they are yours to keep or remove. Uploaded files are retained only as long as needed for the debate you attached them to and are removable on request. We hold the minimal billing records required by law, and nothing more than we need to run the service.

What we don’t yet claim

We’d rather be honest than impressive. Decidi is an early-stage product and does not currently hold formal security certifications — no SOC 2, no ISO 27001, no HIPAA. We will not imply compliance we don’t have. Formal certification and features like customer-managed retention and audit logging are on the roadmap as the product and customer base grow. If your use genuinely requires a specific certification today, tell us and we’ll be straight with you about where we are.

Part two

Model transparency

A debate is only worth something if the minds are actually distinct. Here is exactly how the council works under the hood.

Multiple distinct, live models

A council can include several different underlying models — real, live API models, not one model wearing different hats. They are accessed through the FastRouter gateway and assigned round-robin, so an N-mind debate genuinely spans different providers: OpenAI, Anthropic, Google and xAI. When four minds argue, you are typically hearing four different frontier models reason independently.

Every contribution is attributed

Each contribution shows which model produced it. Nothing is anonymised into a single voice — when GPT, Claude, Gemini or Grok speaks, the debate names it, so you can weigh a point knowing where it came from.

Personas are a lens, shown alongside the model

Personas are distinct expert system-prompts — a security red-teamer, a CFO, a devil’s advocate — layered onto a model to give it a deliberate point of view. The persona shapes the lens; the model does the reasoning. Both are shown together, so you always know that a given argument is, for example, the CFO lens running on one specific model.

The three levels map to model tiers

The depth you choose selects the calibre of models in the pool:

  • Quick — fast, lively, low-cost models for brainstorms and first passes.
  • Standard — strong reasoning models for everyday rigour, the sensible default.
  • Deep — the flagship frontier models at full depth, for decisions that genuinely matter.

Higher levels draw from more capable (and more expensive) models, which is why a Deep council costs more than a Quick one.

Cost is metered from real usage

We do not invent a price. Cost is metered from the real token usage of the models that actually contributed, with a transparent markup applied, and it is shown live as the debate runs. You see an estimate before you commit, and the final charge reflects what was genuinely consumed — failed model calls are not charged.

When a model is unavailable

If a model is briefly unavailable, the debate says so and continues with the rest of the council, rather than fabricating a response on that model’s behalf. A missing voice is shown as missing — we would rather give you an honest four-mind debate than a faked five-mind one.

Model outputs may contain errors, even when several models agree. Decidi is built to surface disagreement rather than hide it — where the minds diverge, you see the divergence, because that tension is often the most useful part of the decision. The verdict is a synthesis to think with, not a guarantee to act on.

Security & privacy questions

Is my data private and secure?

Yes. Your data travels over TLS (encrypted in transit) and is stored encrypted at rest in the EU. We store only what we need — your email, the decisions you run, the transcripts, and the usage required to meter credits — and we do not sell your content or use it to train models.

Does Decidi train AI models on my work?

No. Decidi never uses your prompts, files, transcripts or verdicts to train any model. When a debate is sent to the underlying providers it is processed via their API to return a response — not to improve a consumer model — and we instruct them not to retain it for training where their API allows.

Where is my data stored?

Account data, decisions and credit ledgers are stored in Supabase in an EU region (eu-north-1). Payments are processed by Paystack, a PCI-DSS Level 1 compliant provider; full card details never touch Decidi’s servers.

Does Decidi have SOC 2 or ISO 27001 certification?

Not yet. Decidi is an early-stage product and does not currently hold formal security certifications such as SOC 2, ISO 27001 or HIPAA. We say so plainly rather than implying compliance we don’t have. Formal certification is on the roadmap as the product matures.

How do I delete my data?

You can delete individual decisions from your history at any time. To delete your whole account, decisions and uploaded files, email support@decidi.ai. We retain only the minimal billing records the law requires.

Decidi is decision support, not regulated professional advice. For decisions that genuinely require a licensed lawyer, accountant or other professional, Decidi will tell you so — it is built to surface issues and sharpen your thinking, not to replace qualified advice where the law requires it.

See it for yourself

Put your work to a council of frontier AI models — free to try, no card required.