---

Privacy Policy

Effective Date: January 1, 2026
Last Updated: December 26, 2025
Version: 1.4

MOTO Technology, LLC d/b/a DeeCee.ai ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you use our AI-powered decision support Service (the "Service").

By using the Service, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account details (name, email, encrypted password, profile picture)
  • Uploaded files (PDFs, DOCX, PPTX, images, spreadsheets, etc.)
  • Decision queries, metadata, framework selections, and notes
  • Payment and billing information (processed securely via Stripe; we do not store full card numbers)

1.2 Information Collected Automatically

  • Usage and performance data (pages visited, features used, response times, user demographics and interests)
  • Device and browser information, IP address, approximate location
  • Cookies and analytics (Google Analytics, Vercel Analytics, essential session cookies)

1.3 Information from Third Parties

  • Authentication data from Clerk
  • AI processing metadata from Anthropic/OpenAI (strictly no-training contracts)

We do not collect personal information unless you voluntarily provide it. Certain features require it (e.g., account registration, payments).

2. How We Use Your Information

We use your data solely to:

  • Deliver and improve the Service (including RAG retrieval, embeddings, multimodal analysis)
  • Provide decision-support outputs and citations
  • Detect and prevent security threats, fraud, or abuse
  • Comply with legal obligations
  • Conduct anonymized, aggregated analytics (never re-identifiable)

Analytics and Performance

We use Google Analytics to understand how users interact with our platform. This includes:

  • Page views and navigation patterns
  • Feature usage and engagement metrics
  • Demographic and interest data (when available)
  • Device and browser information

Google Analytics uses cookies to track user sessions. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

User Identification

We use Google Analytics with User ID tracking to measure user engagement across sessions and devices. This uses your DeeCee.ai account ID (not your email or name) to link activity across sessions. This helps us:

  • Improve features based on actual user behavior
  • Measure the effectiveness of new features
  • Understand user retention and engagement

Your account ID is not personally identifiable information. You can opt out of this tracking using the Google Analytics Opt-out Browser Add-on linked above.

Cookie Consent Management

We respect your privacy choices and provide granular control over analytics cookies through our cookie consent banner.

Cookie Categories:

  • Necessary Cookies: Essential for the website to function (authentication, session management). These cannot be disabled.
  • Analytics Cookies: Google Analytics tracking cookies. You can accept or reject these cookies.
  • Marketing Cookies: Reserved for future use (currently not implemented).

Your Choices:

When you first visit our site, we'll show a cookie consent banner with the following options:

  • Accept All: Enable all cookies (necessary + analytics)
  • Reject All: Only enable necessary cookies (analytics disabled)
  • Customize: Choose which cookie categories to enable

Do Not Track: If your browser has "Do Not Track" enabled, we automatically disable analytics cookies by default. You can still enable them via the cookie consent banner if you choose.

Managing Consent:

  • Your consent preferences are stored in your browser's localStorage
  • You can change your preferences at any time via Settings → Privacy
  • Your consent applies to all devices/browsers where you've made a choice
  • Clearing your browser data will reset your consent preferences

What Happens When You Opt Out:

  • Google Analytics scripts will not load
  • No tracking cookies will be set
  • We will not collect analytics data about your browsing behavior
  • The Service will continue to function normally (analytics are not required for core features)

We do NOT use your uploaded documents or decision content to train any AI models — ours or third-party.

3. Data Security & File Upload Protections

3.1 Comprehensive Upload Security

Every uploaded file is subjected to multi-layered security validation:

Quick Security Check (< 50ms):

  • Magic byte verification (file headers match claimed type)
  • Executable signature detection (Windows PE, Linux ELF, macOS Mach-O)
  • Double-extension blocking (e.g., file.pdf.exe)
  • Suspicious pattern scanning (first 10MB)

Full File Validation (< 200ms):

  • Deep file structure inspection (ZIP, Office formats, PDFs)
  • File type spoofing detection (ensures file matches MIME type)
  • Embedded executable scanning
  • Content integrity verification

Audit Logging:

  • All upload attempts logged (success/failure/security violations)
  • Security violations logged with HIGH severity
  • IP address and User-Agent tracking for suspicious activity

Supported File Types:

  • Documents: PDF, DOCX, PPTX, XLSX, CSV, TXT
  • Images: JPEG, PNG, GIF, WebP
  • Maximum size: 25MB per file

Rejected files are never stored and are immediately discarded. We do NOT send your files to third-party antivirus services—all security checks run on our infrastructure.

3.2 Technical & Organizational Safeguards

  • End-to-end TLS 1.3 encryption
  • AES-256 encryption at rest
  • Regular penetration testing and vulnerability scanning
  • Strict access controls and employee background checks
  • Incident response plan with mandatory 72-hour breach notification

No system is 100% secure, but we employ industry-leading protections appropriate for a high-stakes decision-support platform.

3.3 User Content Responsibility & Regulated or Sensitive Data

You are solely responsible for the content you upload or provide to the Service, including ensuring it complies with all applicable privacy, data protection, and regulatory laws.

The Service is not compliant with HIPAA, PCI-DSS, GDPR (as a processor/controller), GLBA, FCRA, or other frameworks for handling regulated or sensitive data (e.g., protected health information, payment card data, biometric data, or government-controlled information). We do not assess content sensitivity and make no representations about regulatory compliance.

You bear full responsibility for any consequences of uploading sensitive, private, or regulated data. We disclaim all liability for claims, fines, penalties, or damages arising from your content or its use in the Service.

4. Data Retention & Deletion

Scenario Retention Period Deletion Timeline
Active accounts As long as needed to provide Service N/A
Paid plan cancellation 60 days (for recovery) Permanent deletion after 60 days
Account deletion request Immediate soft-delete; hard-delete within 30 days Backups purged after 90 days
Legal or compliance hold Only as strictly required by law Deleted immediately upon release

You may export or delete your data at any time via Account Settings.

5. California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Details on collected, used, and shared personal data
  • Right to Delete: Delete personal data (subject to exceptions)
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out: Opt out of sale/sharing for advertising (we do not sell data)
  • Right to Restrict Sensitive Data Use: Limit use of sensitive information
  • Right Against Retaliation: No discrimination for exercising rights

To exercise these rights, contact support@deecee.ai. We will respond within 45 days (extendable by 45 days if needed).

Exceptions to deletion include: completing transactions, security/debugging, legal compliance, research (with consent), and internal uses compatible with the context provided.

6. International Data Transfers & EU AI Act Compliance

Your data is primarily processed in the United States and/or EU (your choice at signup). Transfers outside the EEA are protected by:

  • EU Standard Contractual Clauses (2021 module)
  • UK International Data Transfer Addendum
  • Binding Corporate Rules (where applicable)

EU AI Act Transparency Notice
DeeCee.ai is classified as a limited-risk AI system. Upon request, we provide documentation on our RAG pipeline, framework orchestration logic, and LLM usage.

7. Your Privacy Rights (Global)

You have the right to:

  • Access, export, correct, or delete your data
  • Restrict or object to processing
  • Withdraw consent (where applicable)
  • Lodge a complaint with your local supervisory authority

Requests: support@deecee.ai (verified within 30 days; most fulfilled in ≤7 days).
California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other state-law rights are fully supported.

We do not and will never sell your personal information.

8. Email Communications

We may contact you via email for announcements, service updates, promotional offers, or support. You can opt out of promotional emails at any time via the unsubscribe link.

9. Changes to This Policy

Material changes will be notified via email and in-app banner at least 30 days in advance (except for security updates). Continued use constitutes acceptance.

10. Contact Us

General Privacy Questions / Data Requests / DPO
Email: support@deecee.ai

Enterprise DPA Requests
Email: support@deecee.ai

MOTO Technology, LLC d/b/a DeeCee.ai
c/o Registered Agents Inc.
202 N. Cedar Ave STE 1
Owatonna, MN 55060
Phone: (612) 389-6994

Last Updated: December 26, 2025
Version: 1.4