Privacy Policy

The short version

• We will never sell your personal data. This is a permanent commitment.
• We do not show ads, and we will not start.
• Voting needs no account, no install, and no email address.
• Product analytics are anonymous. We do not link them to an account or to the cookie that identifies your votes.
• If you create an account, you can delete it and your data at any time by emailing [email protected].

Who we are

Decide is operated by Contemplative Software LLC (in formation), based in Kansas City, Missouri, United States. In this policy, "we", "us", and "Decide" refer to that entity. "You" means the person using the service, whether you are voting in a poll, creating one, or browsing the marketing pages.

This policy covers groupdecide.app and any subdomain we operate. It does not cover sites we link to. Read their policies before you trust them with your data.

What we collect

When you vote

When you open a poll, we set a small, server-only cookie called decide_voter. It contains a random identifier with no information about you. It lets us count your vote once, let you change it, and show you the results without making you log in.

If a poll creator asks voters for a display name, we store the name you type. We do not ask for your email, your phone number, or any other identifier in order to vote.

We do not fingerprint your device, and we do not gate voting by IP address.

When you create an account

You can create an account if you want to keep a list of polls you own, watch results across devices, or unlock paid features. Accounts use a magic-link email sign-in. We store your email address and the standard session metadata our identity provider (Supabase Auth) returns. We do not store a password because we do not use one.

Polls and votes

We store the polls you create, the options on them, and the votes cast. Votes are linked to the random voter cookie above, not to an account, an email, or an IP address.

Product analytics

On the production site we send anonymous product-usage events to Mixpanel. We never call Mixpanel's identify function, which means events are not linked to an account. Sensitive URL parameters (poll join codes, vote tokens, dashboard tokens) are stripped before any event is sent. Analytics only run after you accept our consent banner. If your browser sends the Global Privacy Control signal, we treat that as an opt-out and never load Mixpanel for your session, even if you have not seen the banner. You can also opt out at any time by clearing your choice in our banner.

Error reporting

We use Sentry to catch crashes and server errors. Our Sentry integration includes a privacy-critical scrubber that removes the decide_voter cookie before any report is sent. Any change to that scrubber gets a privacy review.

Server logs

Our hosting providers (Fly.io for the API, Cloudflare for the edge) log standard request metadata including IP addresses. We use these logs to investigate abuse and outages. We do not mine them for product analytics or marketing.

What we do with what we collect

• Run the service: count votes, sync results, send magic links.
• Keep the service safe: investigate abuse, debug crashes, prevent fraud against paid plans.
• Improve the product: read anonymous, aggregate analytics.
• Send transactional email (magic-link sign-in, billing receipts, rare service notices). We do not send marketing email without a separate opt-in.

What we never do

• Sell, rent, or trade your personal data.
• Show advertising.
• Link product analytics to your account or your votes.
• Fingerprint your browser or device.
• Sell or share votes with the creator at vote-level identity (creators see counts and free-text answers, not the voters behind them).

Cookies and similar storage

We use a small number of cookies and one localStorage value:

• decide_voter (HttpOnly cookie): the anonymous identifier described above. Required for voting.
• Supabase session cookies: standard sign-in cookies for account holders. Required for the dashboard.
• decide_cookie_consent (localStorage): your choice on the analytics banner.

Third parties we use

We share data with infrastructure providers only as needed to run the service. None of them get permission to use your data for their own purposes.

• Supabase: Postgres database, file storage, magic-link auth.
• Fly.io: hosting for the backend API.
• Cloudflare: hosting for the frontend and edge protection.
• Mixpanel: anonymous product analytics (production only).
• Sentry: error reporting (with voter cookie scrubbed).
• Resend: transactional email delivery.
• Google Places: option enrichment for restaurant polls. Only the search query you type gets sent.
• Stripe (when paid plans launch): payment processing.

Your rights

You can ask us to access, correct, export, or delete the personal data tied to your account at any time. Email [email protected] from the address on the account. We will respond within 30 days.

Because votes are tied to an anonymous cookie and not to an account, we cannot locate individual votes you cast as a guest. You can clear the cookie from your browser to break the link between this device and any vote it has cast.

If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction with data-protection laws, the rights granted to you under those laws apply. The same email address handles those requests.

Global Privacy Control and opt-out signals

We honor the Global Privacy Control browser signal as a valid opt-out request under the California Consumer Privacy Act and analogous state laws. When your browser advertises GPC, we treat your visit as an opt-out of analytics: we do not load Mixpanel and we do not record any analytics events for your session, even if you have not interacted with our banner. An explicit "Accept" in our banner is treated as you affirmatively overriding the signal for this device.

We do not sell personal data and we do not share personal data for cross-context behavioral advertising, so the CCPA "Do Not Sell or Share" link does not apply. If that ever changes we will publish the link before the change takes effect.

Data retention

We keep account data for as long as the account is active. After you delete your account, we remove your personal data within 30 days, except where we are required to keep records for tax or fraud-prevention purposes.

Polls and the votes on them stay available for as long as the creator wants them up. Creators can delete a poll at any time; deleting a poll deletes its votes.

Children

Decide is not directed to children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided us personal data, please contact us and we will delete it.

International transfers

We operate from the United States and our infrastructure providers process data in the United States. If you use the service from another country, you understand and consent to your data being transferred to and stored in the United States.

Changes to this policy

When we make a meaningful change, we will update the effective date at the top of this page and, where the change affects account holders, send an email notice. Continued use of the service after a change means you accept the new policy.

Contact

Privacy questions, deletion requests, and abuse reports go to [email protected]. For acceptable-use questions, see our Acceptable Use Policy.