Privacy Policy - Decipon

Introduction

Decipon is a manipulation detection service that analyzes content to surface influence tactics and verification gaps. This privacy policy explains what information we process, how we use it, and your rights regarding your data.

This policy applies to all Decipon services including the web application, the REST API, the Chrome browser extension, the Public Good Pool free tier, and the donation system.

Data We Process

B2C: Extension & Free Tier

Zero personal data collected. The browser extension sends only content text and content type to our API for analysis. The free endpoint (/v1/analyze/free) requires no authentication and collects no user identifiers.

No browsing history, cookies, account credentials, or tracking identifiers are collected from extension or free-tier users.

B2B: API Customers

For billing and account management, we collect: email address, name, and Stripe customer IDs. Usage logs track endpoint and token counts, not the content you analyze.

API keys are stored as SHA-256 hashes—we cannot retrieve your plaintext key after issuance.

Analysis Results

All analysis results are addressed by a SHA-256 content hash. Results are not linked to any user. Any authenticated API customer can retrieve a result by its content hash. There is no per-user analysis history.

Content Analyzed

All content analyzed by Decipon is already publicly available: news articles, social media posts, YouTube transcripts, and other public web content. Decipon does not analyze private messages, emails, or non-public content.

Research Interviews

Decipon conducts opt-in qualitative research interviews with media professionals (editors, AI leads, fact-checkers, regulators, journalists) to inform public research reports such as the Nordic Media Tactics Report. Participation is strictly by invitation link and is entirely voluntary. This section applies only to participants who have accepted an interview invitation; all other Decipon users are unaffected.

Lawful basis

GDPR Art 6(1)(a) — explicit consent, captured through the consent form at the start of each interview. The form records your choice of attribution level (named quote, anonymous quote, or aggregate-only) and whether you consent to a 30-minute follow-up. You can withdraw consent at any time by emailing privacy@decipon.com.

Data we collect during interviews

Self-reported profile: role, organisation type, country, years of experience.
Interview transcript: your responses and the AI interviewer's questions.
Inferred profile: LLM-extracted role/seniority enrichment, constrained by a 7-key allow-list with schema validation (extra='forbid') — no free-form enrichment possible.
Telemetry: model identifier, input/output tokens, response latencies. Not personal data.

We do not collect Art 9 special-category data (health, political opinion, religion, sexual orientation, etc.). The interviewer's system prompt instructs the AI to honour Norwegian kildevern (source protection) and not to probe for identifying source details.

Retention

Interview transcripts + inferred profile: hard-deleted 12 months after the last interview in a study, via scripts/research_purge.py. Every delete is logged in an audit trail retained indefinitely for GDPR accountability.
Aggregate synthesis: retained indefinitely after anonymisation (no back-link to individual sessions); may appear in the final research report.

Your rights

You have the right to access, rectification, erasure, data portability, and to object to processing of your interview data. You can also lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority). To exercise these rights, contact privacy@decipon.com.

International transfer

Interview transcripts are processed by Anthropic PBC (US) under the EU–US Data Privacy Framework and Standard Contractual Clauses. Anthropic's API terms exclude customer API data from model training. Processing is inference-only.

Documentation

A full Data Protection Impact Assessment (DPIA) is available on request at privacy@decipon.com. The research project is notified to Sikt (Kunnskapssektorens tjenesteleverandør) under its Meldeskjema framework for low-risk research data.

How We Use Data

Influence scoring: Analyzing submitted content across 20 influence tactic categories to generate manipulation scores and evidence.
Service improvement: Understanding aggregate usage patterns to improve accuracy, performance, and user experience.
Product analytics: Tracking anonymous usage events (page views, analysis counts, error rates) to understand feature adoption and improve the service. See the Analytics section below for details.
Abuse prevention: Detecting and blocking automated abuse, SSRF attempts, and rate limit circumvention.
Billing: Processing payments and managing API access tiers for B2B customers.

Data Retention

Analysis results: Retained indefinitely, keyed by content hash. These contain no personal data.
B2B billing data: Retained while your account is active and for the period required by applicable tax and accounting regulations.
API request logs: Rotated periodically and not retained indefinitely. Logs contain endpoint, timestamp, and token counts—not analyzed content.
Redis cache: Ephemeral. Cached data expires automatically.

Chrome Extension

The Decipon Chrome extension operates on 28+ supported news sites, Twitter/X, and YouTube. It extracts page content and sends it to the Decipon API for analysis only. Specifically:

Content text and content type are sent to our API for influence scoring.
No browsing history is collected or transmitted.
No tracking cookies are set by the extension.
No user identifiers are collected or transmitted.
The extension does not run on pages outside its supported site list.
Your API key is stored locally in browser storage and is never sent to third parties.

Analytics

We use PostHog (EU-hosted instance) for anonymous, server-side product analytics. All analytics events are captured server-side—no tracking scripts run in your browser.

What we track:

Page views (page name and referrer domain only—not full URLs)
Analysis events (started, completed, cached—with bucketed scores like "low/medium/high", never exact values)
Billing funnel events (checkout started/completed, product type—never exact amounts)
Error counts (exception type and endpoint, never content or stack traces)

What we do NOT track:

No analyzed content or URLs
No IP addresses (GeoIP is disabled at the SDK level)
No email addresses, usernames, or account identifiers
No exact scores, amounts, or financial data
No browser fingerprints or cookies
No cross-session user tracking (person profiles are disabled)

All distinct IDs are SHA-256 hashed values that cannot be reversed to identify individuals. PostHog person profiles are disabled at the SDK level, meaning no user identification is possible even within PostHog itself.

Analytics can be fully disabled by the server operator via the POSTHOG_ENABLED=false environment variable. Analytics data is retained according to PostHog's EU data retention policies.

Third-Party Services

Stripe

Payment processing for B2B API billing and anonymous credit purchases. Subject to Stripe's Privacy Policy.

LLM Providers (xAI, OpenAI, Groq, Google)

Receive public content text for context-dependent analysis scoring. No personal data is included in prompts sent to these providers.

Anthropic (research interviewer + synthesis)

Used only for the opt-in research interview programme described in the Research Interviews section above. Anthropic PBC (US) conducts the AI interview and generates post-interview synthesis under SCCs + EU–US Data Privacy Framework; inference-only, no training on API data per Anthropic's terms. Subject to Anthropic's Privacy Policy.

HuggingFace

Model downloads only. No content or user data is sent to HuggingFace during analysis.

PostHog

EU-hosted product analytics. Receives only anonymous, server-side events (no PII, no content). Person profiles are disabled. Subject to PostHog's Privacy Policy.

Infrastructure (PostgreSQL, Redis)

Persistent storage and caching. Hosted on infrastructure we control; not shared with third parties.

Donations

Email: Providing an email address when donating is optional. If provided, it is used only to send a receipt.
Amount: Donation amounts are tracked for Public Good Pool accounting and transparency.
Logging: Donor email addresses are masked in system logs.

Data Security

HTTPS: All communication between clients and the Decipon API is encrypted in transit.
Hashed identifiers: Content is identified by SHA-256 hashes, not stored as plaintext URLs or titles.
No plaintext credentials: API keys are stored as cryptographic hashes.
SSRF protection: URL-based analysis requests are validated against SSRF attacks to prevent abuse.
Atomic financial operations: All billing and credit transactions use database-level atomic operations to prevent data inconsistency.
Prompt injection filtering: Content sent to LLM providers is filtered to prevent prompt injection attacks.
Access controls: Database and infrastructure access is restricted to authorized personnel.

Your Rights

Your rights depend on how you use Decipon:

Extension & free-tier users: No personal data is collected, so there is no personal data to access, correct, or delete.
B2B API customers: You may request export of your billing data or deletion of your account by contacting us. Under GDPR, you have the right to access, rectification, erasure, data portability, and to object to processing of your personal data.
Extension users: You can clear your local analysis cache at any time via the extension popup and uninstall the extension to stop all data transmission.

To exercise these rights, contact us at the address below.

Training Data

To improve our ML models, we sample approximately 10% of analyses for training purposes (opt-in).

Training data contains public content text only—no user identifiers or personal data.
Training samples are not linked to any user, API key, or account.
This data is used solely to improve the accuracy of Decipon's manipulation detection models.

AI Content Usage

Decipon publishes an explicit, machine-readable policy for how AI systems may use the content on this site. The same policy is declared in /robots.txt as a Content-Signal directive under every User-agent: group.

Our position

search=yes — Traditional search-engine indexing is permitted. Decipon's analysis, methodology, and insights are intended to be discoverable.
ai-input=yes — AI inference-time retrieval is permitted. Agents like ChatGPT, Claude, Perplexity, and Grok may fetch and cite Decipon content in real time. This is how the product is consumed by modern AI assistants.
ai-train=no — Training AI models on Decipon's scoring rubric, category definitions, methodology docs, perspective-synthesis content, or analysis outputs is not permitted. These are the product's differentiation and we reserve all rights over them.

What this means in practice

Content-Signal is a preference signal, not an access control. Compliance is the crawler operator's responsibility and varies by vendor. Combining the signal with explicit rights reservation in our Terms of Use gives the position contractual weight; we reserve the right to add non-compliant crawlers to an explicit Disallow: / block.

This policy is separate from, and stricter than, the Training Data section above, which describes how we use submitted content to improve our own detection models. AI Content Usage controls how third parties may use the pages we publish.

Cookies & Local Storage

Decipon uses minimal cookies for session management only.

No third-party tracking cookies are set.
No advertising or remarketing pixels are used.
Local storage may be used for UI preferences but not for tracking.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via an update notice on this page and, where applicable, via email to registered API users. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact

For privacy inquiries, data access requests, or questions about this policy:

privacy@decipon.com