1) Who We Are
Decode is operated by Decode LLC ("Decode," "we," "our," or "us").
Contact: support@decodeapp.io
2) Key Points (Short Version)
- Scenario content is stored locally on your device and is not stored on our servers by default.
- When you request AI analysis or message generation, we send the text you submit to Anthropic (Claude API) to generate results.
- We process account information (email + password login today) and subscription status (via Apple/RevenueCat).
- We use PostHog Cloud for pseudonymous product analytics using custom event counts only (no session replay, no autocapture, no feature flags, and no intentional device identifiers).
- We use Sentry for error/crash reporting to improve reliability.
- We do not sell personal information and do not use data for advertising "tracking" as Apple defines it.
3) Information We Collect
A) Information You Provide
Account information (Supabase Auth)
- Email address and password (passwords are stored by our auth provider in hashed form).
- Used for authentication, account recovery, and support.
Scenario content
- The text you enter describing situations, context, and draft messages ("Scenario Content").
- Stored locally on your device.
- Transmitted to Anthropic only when you request analysis or generation.
B) Information Collected Automatically
Subscription and purchase information
- If you subscribe, Apple processes payments and manages subscription billing.
- RevenueCat receives subscription status/entitlement information from Apple to enable paid features.
Product analytics (PostHog Cloud)
We collect pseudonymous analytics using custom events such as:
- subscribed
- analyzed
- generated_message
and other simple feature-use counters.
Configuration notes:
- Session replay is not enabled
- Autocapture is not enabled
- Feature flags are not used
- We do not intentionally send Scenario Content to PostHog.
- We do not intentionally collect device identifiers for analytics.
Error/crash reporting (Sentry)
We use Sentry to collect diagnostic information to help us detect, investigate, and fix app errors. This may include:
- error messages, stack traces, and crash signals
- app version and OS version
- device model class and performance signals (as part of diagnosing crashes)
We configure error reporting to minimize collection of personal data and do not intentionally include Scenario Content in error reports.
Diagnostics (general)
We may also process limited operational data to maintain and improve the App.
C) Information We Do Not Intentionally Collect
- Precise location
- Sensitive identifiers like SSNs, driver's license numbers, or financial account numbers
4) How We Use Information
We use information to:
- Provide core app features (authentication, subscriptions, AI analysis/generation on request)
- Improve and maintain the App (analytics, debugging, performance, security)
- Provide support and respond to requests
- Enforce our Terms and comply with legal obligations
5) AI Processing (Anthropic / Claude)
When you request analysis or message generation, the text you submit is sent to Anthropic's Claude API to generate output. We do not intentionally include direct identifiers (like your email) inside prompts.
Important: Do not submit sensitive personal information (e.g., health information, passwords, financial account numbers) or confidential third-party information you do not have the right to share.
6) Service Providers
We use:
- Anthropic (AI processing for requested analysis/generation)
- Supabase (authentication)
- RevenueCat (subscription status/entitlements)
- PostHog Cloud (product analytics)
- Sentry (error/crash reporting)
These providers process information on our behalf to operate the App.
7) Sharing of Information
We share information only:
- With the service providers listed above to operate the App
- To comply with law or protect rights, safety, and security
- In connection with a business transfer (merger/acquisition), with notice where required
We do not sell personal information.
8) Data Retention
- Scenario Content: stored on-device until you delete it or uninstall the App.
- Account information (Supabase): retained while your account is active. If you request deletion, we delete or anonymize account data within 30 days, subject to limited retention for security, fraud prevention, or legal compliance (typically up to 90 days).
- Analytics (PostHog): retained for 180 days and then deleted or aggregated/anonymized.
- Error/crash reports (Sentry): retained for 90 days (or a similar standard retention period) to support debugging and reliability improvements.
- Subscription records (Apple/RevenueCat): retained per provider policies and as necessary for accounting/tax/compliance.
9) Your Choices
- Delete on-device content: remove entries in the App (where available) or uninstall the App.
- Disable analytics: we provide an in-app option to disable analytics collection: Settings → Privacy → Disable Analytics
- Account deletion: email support@decodeapp.io. We process requests within 30 days.
10) Security
We use reasonable security measures to protect information. No system is 100% secure.
11) Children's Privacy
Decode is not intended for children under 13. If we learn we have collected personal information from a child under 13, we will delete it.
12) International Users
Your information may be processed in countries where our service providers operate, including the United States.
13) Your Rights
Depending on where you live, you may have rights such as access, correction, deletion, and portability.
California (CCPA/CPRA)
We do not sell or share personal information for cross-context behavioral advertising. You may request access, deletion, or correction by contacting support@decodeapp.io.
EEA/UK (GDPR)
You may have rights including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority.
14) Changes
We may update this Policy from time to time. We will update the "Last updated" date and post changes on our website and/or in the App.
15) Contact
support@decodeapp.io
Decode LLC