Security & Data

Our commitment

Decision Memos is designed around a simple principle: your decisions are yours. We treat every question and memo as confidential by default.

Encryption

• In transit — all traffic is encrypted with TLS 1.2+. API endpoints enforce HTTPS.
• At rest — database storage is encrypted using AES-256 via our infrastructure provider.

Infrastructure

We use a SOC 2–compliant database and authentication provider on a major cloud, with row-level security (RLS) enforced on every table. Each user can only access their own data at the database level — not just the application level.

Data isolation

• User data is logically isolated via RLS policies. There is no shared access between accounts.
• API keys are hashed before storage. We never store plaintext secrets.
• BYOK (Bring Your Own Keys) credentials are encrypted at rest and only decrypted in-memory during deliberation.

AI provider data handling

When you run a memo, your question is sent to AI providers (OpenAI, Anthropic, Google, xAI) to generate advisor perspectives. We use API-only access with data processing agreements — these providers do not retain your data beyond the API request and do not use it for model training.

Access control

• Production database access is restricted to essential personnel only.
• All access is logged and auditable.
• No customer data is used in development or testing environments.

Reporting a vulnerability

If you discover a security issue, please contact us via our contact page. We take all reports seriously and will respond within 48 hours.