Effective date: May 8, 2026 · Last updated: May 8, 2026
This policy describes how Decko ("Decko", "we", "us") handles information when you use decko.dev and related beta services (the "Service"). We are typically the controller of personal information we collect to operate accounts and the product; you may act as a controller of business or end-user information you upload (for example query results saved into a deck), and you are responsible for having a lawful basis to process that data. If anything here conflicts with a signed agreement between you and us, the agreement controls.
This policy applies to visitors, registered users, and anyone who connects data sources or uses shared links. It does not apply to third-party sites or services that we do not operate.
We use information to:
If applicable law requires a legal basis, we rely on performance of a contract (providing the service you request), legitimate interests (for example security, reliability, and product improvement, balanced against your rights), and consent where required (for example certain cookies or marketing, if offered). You may withdraw consent where processing is consent-based, without affecting prior processing.
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising as that term is used in certain U.S. state privacy laws. We disclose information only as needed to operate the Service, including with service providers under confidentiality and security obligations, in connection with business transactions (such as a merger or acquisition) subject to appropriate safeguards, or when required by law. Decks are private by default; anyone with a public share link can view the content you chose to make public.
Service providers (subprocessors). We use vendors for infrastructure, authentication, database hosting, product analytics, and related functions. Depending on your use of the product, processing may occur with, for example, Supabase (authentication and data hosting), PostHog (analytics), and providers that support AI features when you use them. Vendor practices may change; we will update this policy for material changes when appropriate.
We may process and store information in the United States and other countries where we or our vendors operate. If we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards where required (for example standard contractual clauses or other mechanisms permitted by law).
We retain information for as long as your account is active, as needed to provide the service, and as required by law. Beta environments may have shorter backup windows or different retention practices; contact us if you need enterprise-grade retention terms.
We use commercially reasonable safeguards designed to protect information. No method of transmission or storage is completely secure. If we determine a breach of security requires notification under applicable law, we will notify you and regulators as required.
We may create aggregated or de-identified information that cannot reasonably be linked to you, and use it for analytics, benchmarking, product improvement, and other lawful purposes.
We use cookies and similar technologies for authentication, preferences, analytics, and fraud prevention. Our short Cookie notice summarizes categories and how you can opt out of non-essential analytics via the banner on decko.dev. You may control cookies through your browser settings, but some features may not work without them.
Decko is not directed to children under 13 (or under 16 where higher age thresholds apply under local law). We do not knowingly collect personal information from children.
Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing, or to export data or object to processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us using the email below. We may need to verify your request.
California residents may have additional rights under the CCPA/CPRA, including rights to know, delete, and correct personal information and to limit use of certain sensitive information, and to opt out of "sale" or certain "sharing" of personal information. We do not sell personal information. To exercise these rights, contact privacy@decko.dev. We will not discriminate against you for exercising applicable privacy rights. You may designate an authorized agent where permitted by law.
Beta and AI-assisted features may process prompts and context you provide to generate suggestions or edits. Do not submit secrets, regulated health data, or other categories of sensitive information unless you have a separate agreement permitting that processing.
We may update this policy from time to time. We will post the updated version on this page and update the effective date. For material changes, we will provide additional notice when appropriate (for example by email or in-product notice).
For privacy questions or requests, contact privacy@decko.dev.