DEKREL

Policy draft

Privacy Policy

Preview draft, May 2026

This preview policy explains the privacy baseline for DEKREL before broad public launch. It is a product-readiness draft, not final legal advice.

What we collect

  • Account information such as email address when you sign in.
  • Project prompts, answers, uploaded or referenced material, generated project structure, outputs, revision history, and support metadata needed to operate the workspace.
  • Basic product analytics such as page views and interaction events so we can find broken or confusing flows. Analytics must not intentionally include raw prompts, hidden instructions, secret keys, or private project contents.

What stays protected

  • Hidden prompts, server secrets, raw model routing details, and internal troubleshooting records are not user-facing product data.
  • Sensitive project details should only be used to provide the requested workspace flow, safety checks, support, abuse prevention, and owner-approved operations.
  • External account actions require ownership checks, preview, and explicit confirmation before execution.

Model and provider handling

  • When production LLM providers are connected, the final policy must identify the relevant processors or subprocessors and explain how prompts, files, outputs, safety review records, and support data are handled.
  • The product must not promise that prompt or output data is excluded from model improvement unless the actual provider contracts and settings support that promise.
  • Users should have a clear support or privacy-request path for access, deletion, export, correction, objection, and related privacy requests where applicable.

Before launch

  • This draft must be reviewed against the final company location, production domain, support contact, payment provider, data retention rules, analytics behavior, and provider contracts.
  • A policy-change notice process and version/date history must be ready before broad public launch.

Final review checklist

This keeps the draft honest before public launch. It is a product/legal review checklist, not a claim that legal review is finished.

  • Final service name, company/legal entity, business address if required, and support contact.
  • Final production domain and every auth, policy, email, analytics, billing, and checkout URL that references it.
  • Confirmed processors and subprocessors for hosting, database, analytics, LLM providers, email, payments, and support tooling.
  • Model-provider data handling, prompt/output model-improvement controls, and whether user content is used to improve models.
  • Final data retention, deletion, export, correction, objection, appeal, and privacy request workflow.
  • High-risk-use boundary, human-review requirement, AI-disclosure requirement, refusal/review/appeal or rephrase path, and abuse-report workflow.
  • Cookie consent or analytics opt-out behavior by launch region.
  • Policy-change notice process and version/date history.
  • Payment provider, MoR/checkout flow, refund/cancellation terms, tax/invoice handling, and exact billing/support workflow once paid plans are enabled.