Last updated June 2026
BrightBoard AS (org. no. 935 969 034), Oslo, Norway. Decidian is a product of BrightBoard AS. Contact: privacy@decidian.io
Account data (email, name) — to provide the service. Legal basis: contract (GDPR Art. 6(1)(b)).
Analysis data (company names, URLs, chat conversations, decisions) — to deliver and improve analysis. Legal basis: contract.
Publicly available business data (financial reports, registry data, news) — to generate company analysis. Legal basis: legitimate interest (GDPR Art. 6(1)(f)). We only process data that is already public.
Usage data (pages visited, features used) — to improve the product. Legal basis: legitimate interest. We use PostHog with EU data residency.
Analysis is powered by Anthropic Claude. Decidian has a zero data retention arrangement with Anthropic: inputs are not retained after processing, subject to narrow legal and safety exceptions in Anthropic's terms. Your inputs are never used to train AI models. Decidian stores your analysis results in our database so you can return to them. AI-generated analysis can contain errors. It is decision support, not advice. Verify material facts against the linked sources.
Anthropic (AI inference, zero data retention, inputs never used for training).
Vercel (hosting).
Supabase (database and auth, EU region).
Resend (email delivery).
PostHog (analytics, EU instance).
Meta WhatsApp Business / Cloud API (WhatsApp messaging).
Twilio (legacy WhatsApp transport).
Replicate and OpenAI (voice note transcription).
Tavily, Exa, Firecrawl and Jina (public-web search and retrieval, only public company queries, never personal data).
Upstash (caching).
Data processing agreements or equivalent safeguards are in place with our sub-processors. An up-to-date list is available on request.
If you use Decidian on WhatsApp, your messages are processed via the Meta Cloud API and stored encrypted in our database. Voice notes are transcribed by our transcription processors and Decidian does not store the audio after transcription. Meta processes message metadata under Meta's own terms.
Documents you upload are encrypted and automatically deleted 30 days after upload. Access is restricted to your account and to the processing you ask for, such as analysis in chat. They are never used to train AI and are purged if you delete your account.
Primary storage is in the EU: Supabase Stockholm (eu-north-1). Some processors, including AI inference and messaging providers, may process data outside the EU under appropriate safeguards (EU-US Data Privacy Framework or standard contractual clauses). Encrypted in transit (TLS 1.3) and at rest (AES-256). Your conversations, on both web and WhatsApp, are stored encrypted at rest.
Account and analysis data: as long as your account is active, plus 30 days after deletion request. Usage analytics: 12 months. AI processing: not retained by the AI provider after processing, per our zero data retention arrangement.
Essential authentication cookies only. PostHog analytics with EU data residency. No third-party advertising cookies.
You have the right to access, correct, export, or delete your data at any time. Account deletion is self-service in your account settings and deletes your personal data, except minimal security and compliance logs we are required or legitimately need to keep, which are de-identified where possible. You can also email privacy@decidian.io. You can object to processing based on legitimate interest. You can withdraw consent where applicable. We respond within 30 calendar days. You may lodge a complaint with Datatilsynet, the Norwegian Data Protection Authority (datatilsynet.no).
Decidian uses AI to generate analysis and decision-support output. This is decision-support only — no automated decisions are made about you or on your behalf. You retain full control over all decisions.
BrightBoard AS (org. no. 935 969 034), Oslo, Norway — privacy@decidian.io