Privacy Policy
Last updated: May 13, 2026
This Privacy Policy describes how DecimalAI LLC(“DecimalAI,” “we,” “us”) collects, uses, and shares information when you use the DecimalAI platform, our website at decimal.ai, and our APIs and SDKs (collectively, the “Service”).
If you have questions or want to exercise any of the rights described below, email us at hello@decimal.ai.
1. Information we collect
1.1 Account information
When you sign up, our authentication provider (Clerk) collects your email address, name, and profile image from your chosen OAuth provider (Google, GitHub, etc.). We sync this information to our database to attribute traces, manage workspace membership, and send transactional emails.
1.2 Workspace and billing
We store the name of your organization, your plan tier, billing contact email, and Stripe customer identifier. Payment card information is collected and stored by Stripe and is never visible to us.
1.3 Agent traces and platform usage
Our core product ingests agent execution traces from your applications via our SDK. These traces may include:
- Prompts and responses from large language model (LLM) calls
- Tool invocations, span metadata, error messages
- Manifest versions (prompts, model identifiers, skill references)
- Evaluation scores and verdicts
You decide what to send to DecimalAI. We recommend redacting personally identifiable information from prompts and outputs before ingestion when possible. We provide a sample redaction utility in our SDK documentation.
1.4 Logs and diagnostics
We collect server-side request logs (IP, user agent, endpoint, response code, latency) and, if enabled, error events via Sentry. These are used to operate and improve the Service.
2. How we use information
- To operate the Service — ingest, store, and display your traces; run evaluations; detect regressions.
- To bill — meter usage against your plan and process subscription payments via Stripe.
- To communicate — send transactional emails (receipts, quota warnings, security alerts) and lifecycle emails (welcome, activation tips). You can opt out of non-essential lifecycle emails at any time.
- To improve the Service — analyze aggregated, de-identified usage patterns. We do not train AI models on your trace contents.
- To meet legal obligations — tax records, fraud prevention, lawful requests.
3. AI model training
We do not train DecimalAI models on customer trace contents.When you enable LLM-judge evaluations, prompt and response text from your traces is sent to the LLM provider you have configured (OpenAI, Anthropic, Google Gemini, etc.) under that provider’s terms. Each provider has its own policy on training; you should review and configure those providers’ accounts to opt out of training where applicable.
4. Subprocessors
We share data with the following third-party services to operate the platform. Each is contractually bound to data-protection terms and processes data only on our behalf.
| Subprocessor | Purpose | Data shared |
|---|---|---|
| Google Cloud Platform | Hosting (Cloud Run, Cloud SQL, Cloud Storage, Secret Manager) | All platform data, encrypted at rest |
| Clerk | Authentication | Email, name, OAuth identifiers |
| Stripe | Payment processing | Billing contact, plan, subscription state |
| Resend | Transactional email delivery | Recipient email, message content |
| Sentry (optional) | Error tracking | Server-side error context, sanitized |
| LLM providers you configure | Eval-judge calls | Prompt/response text from your traces, only when LLM-judge eval is enabled |
We will give 30 days’ notice via this page before adding a new material subprocessor.
5. Data retention
- Traces and platform data — retained per the retention window of your plan. Free plans default to 30 days; paid plans default to longer windows. See your billing page for the exact value.
- Account and workspace records — kept until you delete your account, then deleted within 30 days.
- Billing records — retained for 7 years to comply with US tax law.
- Server logs — retained for 90 days then deleted.
6. Your rights
Depending on where you live, you may have the following rights:
- Access — request a copy of the personal information we hold about you.
- Correction — ask us to fix inaccurate data.
- Deletion — ask us to delete your account and associated data.
- Portability — receive your trace data in a machine-readable format.
- Opt-out — unsubscribe from non-essential email at any time.
To exercise any right, email hello@decimal.ai. We respond within 30 days.
7. Security
We use industry-standard practices to protect your data: TLS for all traffic, encryption at rest for customer LLM provider credentials (Fernet AES-128-CBC + HMAC-SHA256), least-privilege IAM for our cloud resources, and audit logging of consequential mutations. See our Security page for our vulnerability disclosure policy.
8. International transfers
Our infrastructure is hosted in the United States on Google Cloud Platform. If you access the Service from outside the US, you understand that your information will be processed in the United States.
9. Children
The Service is not directed to children under 16. We do not knowingly collect personal information from anyone under 16.
10. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email to the workspace billing contact and posted here with a new “Last updated” date. The prior version will be available on request.
11. Contact
DecimalAI LLC
1209 North Orange Street
Wilmington, DE 19801
Email: hello@decimal.ai