Privacy by design.

Effective 2026-05-26 · DELIDEC Corp. · Delaware C-Corporation

This privacy policy describes how DELIDEC Corp. ("DELIDEC", "we", "us") collects, uses, and protects information when you visit delidec.com or use the DELIDEC AI boardroom product. We treat your data the way our council treats a board memo: cited, audit-logged, and minimal.

What we collect from website visitors

If you accept analytics in our cookie modal, we collect anonymous, aggregated page-view counts via Plausible Analytics — an EU-hosted, cookieless analytics provider. Plausible does not use cookies, does not collect personal data, does not fingerprint devices, and is fully GDPR/CCPA/PECR compliant by default.

If you reject analytics, we collect nothing beyond what your browser sends to the server to render the page (IP, user agent — standard HTTP).

What we collect from waitlist + contact submissions

Email address — to send The Verdict newsletter and reply to your inquiry.
Name + company — if you fill in the data-room request form on the home page.
Self-supplied context — any message you write in a contact form.

We use this to: (a) send you the data room, (b) send you DELIDEC product updates if you opt in, (c) respond to questions. We do not sell, rent, or share this with third parties.

What the DELIDEC product collects from customers

If you sign up for the DELIDEC AI boardroom (delidec.ai), the documents you upload (the "Company DNA") and the questions you submit are stored encrypted at rest (AES-256) and in transit (TLS 1.3+).

0% training-data retention. Your data is never used to train any model, ours or any vendor's. The Anthropic Claude calls underlying DELIDEC deliberations carry a contractual no-training term.

You can request deletion of your data at any time via boris@delidec.com. Deletions complete within 30 days. The signed memo seal manifest (SHA-256 hash + timestamp + signing chain) is retained as an audit-trail necessity unless you also request retraction from the public wall — in which case the memo entry is marked "retracted" but the seal hash itself remains for historical audit verification.

Cookies

See our cookies policy for the full breakdown. In summary: we set one technical cookie in localStorage to remember your consent choice. Analytics, when opted-in, runs cookieless via Plausible. We do not use third-party tracking cookies.

Sharing your data

We share data only with:

Plausible Analytics — anonymous traffic stats (only if you opt in).
Anthropic — the LLM provider behind DELIDEC's deliberation engine. Customer data passed to Anthropic carries no-training, no-retention contractual terms.
Beehiiv — if you subscribe to The Verdict newsletter. They process your email address solely for the purpose of delivering that newsletter.
Stripe — if you become a paying customer. Stripe processes payment data under their own PCI-compliant policy.
Government authorities — only when legally compelled by subpoena, court order, or applicable law. We attempt to notify the affected user unless prohibited.

We never sell or rent personal data. We never share data with advertising networks. We never use data for behavioural ad targeting.

Your rights (GDPR / CCPA / CPRA)

Right to access — ask what data we have about you.
Right to deletion — ask us to delete your data.
Right to correction — ask us to fix data we hold.
Right to portability — ask us to export your data in machine-readable format.
Right to object — ask us to stop processing your data.
Right to non-discrimination — we will never penalise you for exercising any of these rights.

Email boris@delidec.com. We respond within 30 days.

Data retention

Anonymous analytics — retained 30 days, then aggregated and deleted (Plausible default).
Contact + waitlist email addresses — retained until you unsubscribe or request deletion.
Customer Company DNA — retained while you're a customer, plus 30 days after termination for export.
Signed memo audit-trail (hash + timestamp + signing chain) — retained indefinitely for verifier integrity, unless tied to a memo whose retraction has been requested.

Security

AES-256 encryption in transit and at rest. SOC 2 Type I attestation in flight (target: Q3 2026). Vanta-managed evidence pipeline. EU AI Act risk-classification dossier published. Anthropic Solution Partner candidate. Full security posture →

Where DELIDEC is in compliance with the EU AI Act: we self-classify as a limited-risk AI system (transparency obligations only), per Article 113 staggered application. High-risk obligations bind 2026-08-02; we ship audit-ready earlier than required.

Changes to this policy

We will revise this document as we add functionality. We'll post the new version with an updated effective date. Material changes will be announced via email to subscribers and on the home page.

Contact

Questions, requests, or compliance inquiries — boris@delidec.com. We read everything.