Privacy Policy

Decisionly (“we”, “us”) operates decisionly.dev — a web application that picks the right statistical test for an uploaded dataset, runs it, and produces a PDF report. This page explains what data we collect, why we collect it, where it lives, and the rights you have over it.

To create and operate your account, we collect:

• Account info — first and last name, username, email address, and a hashed password. These are required to sign in and to attribute analyses to you.
• Uploaded datasets — CSV or Excel files you choose to upload, plus the column names and row counts the engine derives from them. We treat these files as your private content.
• Analysis results — the configuration of each analysis (which test was chosen, variable assignments, options) and the numeric output the engine produces, including the rendered PDF.
• Operational events — authentication events, error logs, and basic request metadata (timestamps, status codes) used to keep the service running and to diagnose issues.

We do not ask for, and do not want, special-category data (health, biometrics, political opinions, etc.). If your dataset contains such fields, treat it as your responsibility to have the legal basis to process it.

• To provide the analysis service you requested.
• To authenticate you, send transactional emails (account verification, password reset, important account changes), and surface in-app notifications when an analysis finishes rendering.
• To debug failures, monitor uptime, and protect the service from abuse.
• To improve the engine — but only by inspecting our own aggregate metrics. We do not read your dataset contents to train models.

Decisionly runs on a small set of well-known providers, each acting as a data processor on our behalf:

• Supabase — authentication, the Postgres database that holds account info and analysis records, and Storage for uploaded datasets and generated PDFs.
• Railway — hosts the Python API that runs the statistical engine and renders reports.
• Netlify — serves the web application (the pages you see in your browser).

Each provider has its own security, compliance, and data-processing terms. We rely on those programs and do not grant any other party access to your content.

We do not sell your data. We do not share it with advertisers. The only third parties that touch it are the processors above — each strictly as needed to operate the service. We may disclose information if we are legally required to (a valid court order, for example), and only to the minimum extent required.

We keep account information and analysis records for as long as your account is active. If you delete your account, we delete your datasets, analysis records, and rendered PDFs. We may keep a minimal record of the deletion event itself (timestamp and user ID) for audit purposes.

Operational logs are kept for a short window — typically up to 90 days — and then rotated out.

Under the EU GDPR and Turkey’s KVKK, you have the right to:

• Access the personal data we hold about you.
• Correct anything that is inaccurate or incomplete.
• Delete your account and the data associated with it.
• Receive a copy of your analyses and uploaded datasets in a portable format.
• Object to or restrict certain processing, and to withdraw any consent you previously gave.

To exercise any of these rights, email decisionlydev@gmail.com. We’ll respond within 30 days.

Decisionly does not use third-party advertising or analytics cookies. The application stores a small amount of data in your browser — the Supabase authentication session and your UI theme preference — to keep you signed in and to remember your settings. Clearing your browser storage logs you out.

All traffic between your browser, our API, and our providers is encrypted in transit (HTTPS / TLS). Stored data is encrypted at rest by our infrastructure providers. Passwords are hashed by Supabase Auth — we never see, store, or log them in plain text.

No system is perfect. If you believe you’ve found a security issue, please email us at decisionlydev@gmail.com before disclosing it publicly so we can fix it.

Decisionly is not intended for children under 13. If you believe a child has created an account, contact us and we will delete it.

If we change this policy in a material way, we’ll update the “last updated” date at the top and, where appropriate, send a notice to your account email.

Questions about this policy or how we handle your data? decisionlydev@gmail.com