---

Privacy Policy

Effective Date: 2025-12-02
Last Updated: 2025-12-03
Version: 1.2

Introduction

DeeCee.ai ("we", "us", "our") is committed to protecting your privacy and the confidentiality of business information you entrust to us. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information — including highly sensitive uploaded documents, decision context, and AI-generated outputs — when you use our AI-powered decision support Service.

By using the Service, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account details (name, email, encrypted password, profile picture)
  • Uploaded files (PDFs, DOCX, PPTX, images, spreadsheets, etc.)
  • Decision queries, metadata, framework selections, and notes
  • Payment and billing information (processed securely via Stripe; we do not store full card numbers)

1.2 Information Collected Automatically

  • Usage and performance data (pages visited, features used, response times)
  • Device and browser information, IP address, approximate location
  • Cookies and analytics (Vercel Analytics, essential session cookies)

1.3 Information from Third Parties

  • Authentication data from Clerk
  • AI processing metadata from Anthropic/OpenAI (strictly no-training contracts)

2. How We Use Your Information

We use your data solely to:

  • Deliver and improve the Service (including RAG retrieval, embeddings, multimodal analysis)
  • Provide decision-support outputs and citations
  • Detect and prevent security threats, fraud, or abuse
  • Comply with legal obligations
  • Conduct anonymized, aggregated analytics (never re-identifiable)

We do NOT use your uploaded documents or decision content to train any AI models — ours or third-party.

3. Data Security & File Upload Protections

3.1 Comprehensive Upload Security

Every uploaded file is subjected to:

  • Full-file malware scanning using ClamAV + heuristic rules
  • File-type validation via magic bytes and deep structure inspection
  • Blocking of executables, scripts, macros, and known malicious payloads
  • PII and sensitive data redaction (Enterprise plans)
  • Rate limiting and session-based upload caps

Rejected files are never stored and are immediately discarded.

3.2 Technical & Organizational Safeguards

  • End-to-end TLS 1.3 encryption
  • AES-256 encryption at rest
  • Regular penetration testing and vulnerability scanning
  • Strict access controls and employee background checks
  • Incident response plan with mandatory 72-hour breach notification

No system is 100% secure, but we employ industry-leading protections appropriate for a high-stakes decision-support platform.

4. Data Retention & Deletion

Scenario Retention Period Deletion Timeline
Active accounts As long as needed to provide Service N/A
Paid plan cancellation 60 days (for recovery) Permanent deletion after 60 days
Account deletion request Immediate soft-delete; hard-delete within 30 days Backups purged after 90 days
Legal or compliance hold Only as strictly required by law Deleted immediately upon release

You may export or delete your data at any time via Account Settings.

5. International Data Transfers & EU AI Act Compliance

Your data is primarily processed in the United States and/or EU (your choice at signup).
Transfers outside the EEA are protected by:

  • EU Standard Contractual Clauses (2021 module)
  • UK International Data Transfer Addendum
  • Binding Corporate Rules (where applicable)

EU AI Act Transparency Notice
DeeCee.ai is classified as a limited-risk AI system. Upon request, we provide documentation on our RAG pipeline, framework orchestration logic, and LLM usage.

6. Your Privacy Rights

You have the right to:

  • Access, export, correct, or delete your data
  • Restrict or object to processing
  • Withdraw consent (where applicable)
  • Lodge a complaint with your local supervisory authority

Requests: support@deecee.ai (verified within 30 days; most fulfilled in ≤7 days).

California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other state-law rights are fully supported.

We do not and will never sell your personal information.

7. Changes to This Policy

Material changes will be notified via email and in-app banner at least 30 days in advance (except for security updates). Continued use constitutes acceptance.

8. Contact Us

General Privacy Questions / Data Requests / DPO
Email: support@deecee.ai

Enterprise DPA Requests
Email: support@deecee.ai

Last Updated: 2025-12-03
Version: 1.2