Privacy Policy

PRIVACY POLICY Effective Date: May 9, 2026 Last Updated: May 9, 2026 Delib.io ("we," "us," or "our") operates the Delib.io platform and BoardRm AI service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully. By creating an account or using the Service, you agree to the terms of this Privacy Policy. 1. INFORMATION WE COLLECT 1.1 Account Information When you register, we collect: Full name Email address Password (stored as a one-way cryptographic hash — we cannot read your password) Account creation date and last login timestamp 1.2 Usage Data When you use the Service, we log: Questions submitted to the deliberation board Mode used (Freethinkers, API Only, Full Board) Which AI models responded Timestamp of each deliberation Monthly question count against your plan quota 1.3 Billing Information If you subscribe to a paid plan: Subscription plan and status Billing period dates Invoice amounts and payment dates Stripe Customer ID and Subscription ID We do not store credit card numbers, bank details, or full payment credentials. All payment processing is handled directly by Stripe, Inc. 1.4 Communications We store your email address to send: Account verification codes (OTP) Password reset links Billing receipts and subscription notifications We do not send marketing emails without your explicit consent. 2. HOW WE USE YOUR INFORMATION We use the information we collect to: Create and manage your account Process and fulfill your subscription Deliver deliberation results through third-party AI models Track your monthly usage against your plan quota Send transactional emails (verification, billing, account changes) Detect and prevent fraud or abuse Improve the reliability and performance of the Service Comply with applicable legal obligations We do not sell, rent, or trade your personal information to any third party for marketing purposes. 3. THIRD-PARTY AI PLATFORMS Delib.io routes your questions to one or more of the following AI providers depending on the mode you select. By using paid modes, you acknowledge that your question text is transmitted to these platforms under their respective terms: Anthropic (Claude) Your questions may be sent to Anthropic, PBC for processing by the Claude model. Privacy Policy: https://www.anthropic.com/privacy OpenAI (ChatGPT) Your questions may be sent to OpenAI, LLC for processing by the GPT-4o model. Privacy Policy: https://openai.com/privacy xAI (Grok) Your questions may be sent to xAI Corp for processing by the Grok model. Privacy Policy: https://x.ai/privacy Groq (Freethinker A — Llama) Your questions may be sent to Groq, Inc. for processing by the Llama model hosted on Groq infrastructure. Privacy Policy: https://groq.com/privacy-policy Google (Freethinker B — Gemini) Your questions may be sent to Google LLC for processing by the Gemini model. Privacy Policy: https://policies.google.com/privacy Each of these providers processes your input under their own privacy policies and terms of service. We use these platforms solely to generate responses to your submitted questions. We do not share your account details, name, or email address with any AI provider — only the text of your question is transmitted. We strongly advise against submitting personally identifiable information, confidential business data, financial information, health records, or any sensitive personal data in your questions. 4. PAYMENT PROCESSING — STRIPE All subscription payments are processed by Stripe, Inc. When you subscribe: You are redirected to a Stripe-hosted checkout page Stripe collects and stores your payment method details We receive only your Stripe Customer ID, Subscription ID, and invoice records Stripe is PCI DSS compliant. We never access, store, or transmit your full card details. Stripe Privacy Policy: https://stripe.com/privacy 5. EMAIL DELIVERY — RESEND Transactional emails (verification codes, password resets, billing receipts) are delivered via Resend, Inc. Your email address is transmitted to Resend solely for the purpose of delivering these messages. Resend Privacy Policy: https://resend.com/legal/privacy-policy 6. HOSTING AND INFRASTRUCTURE — RAILWAY The Service is hosted on Railway Corp infrastructure in the United States. Your data, including account information, usage logs, and billing history, is stored on Railway's servers. Railway maintains physical and network-level security for the infrastructure we operate on. Railway Privacy Policy: https://railway.app/legal/privacy 7. DATA RETENTION We retain your data for as long as your account remains active. Specifically: Account data — retained until you request deletion Usage logs — retained for up to 12 months on a rolling basis Billing history — retained for 7 years to comply with financial recordkeeping requirements OTP verification codes — invalidated immediately after use or after 10 minutes, whichever comes first Password reset tokens — invalidated immediately after use or after 1 hour Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law. 8. DATA SECURITY We implement the following security measures to protect your information: Passwords are hashed using bcrypt with a work factor designed to resist brute-force attacks Authentication tokens (JWT) expire after 7 days All data in transit is encrypted via TLS/HTTPS API keys and secret credentials are stored encrypted in the database and never returned in plain text to any client Admin access requires separate authentication and role verification on every request No method of electronic transmission or storage is 100% secure. While we take commercially reasonable steps to protect your data, we cannot guarantee absolute security. 9. YOUR RIGHTS Depending on your jurisdiction, you may have the following rights regarding your personal data: Right to Access — You may request a copy of the personal data we hold about you. Right to Correction — You may update your name, email address, or password at any time through your Account settings. Right to Deletion — You may request that we delete your account and associated personal data. Contact us at privacy@delib.io. Right to Portability — You may request an export of your account and usage data in a machine-readable format. Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting prior processing. California Residents (CCPA) — You have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. European / UK Residents (GDPR / UK GDPR) — Our lawful basis for processing your data is: (a) contract performance for account and subscription management, (b) legitimate interests for security and fraud prevention, and (c) legal obligation for financial records. You have the right to lodge a complaint with your local supervisory authority. 10. ARTIFICIAL INTELLIGENCE — SPECIFIC DISCLOSURES 10.1 No Training on Your Data We do not use your question content to train, fine-tune, or improve any AI model operated by Delib.io. Whether third-party AI providers use API inputs for their own model training is governed by their individual policies. As of this writing, Anthropic, OpenAI, xAI, Groq, and Google each state that API inputs are not used for training by default — however, we recommend reviewing their current policies directly. 10.2 AI Outputs Are Not Advice The verdicts and responses generated by the AI models on this platform do not constitute legal, financial, medical, or professional advice of any kind. You are solely responsible for how you interpret and act upon AI-generated content. 10.3 Content Moderation We reserve the right to terminate accounts that use the Service to generate illegal content, content that violates the acceptable use policies of our AI providers, or content intended to harm others. 10.4 Automated Processing The deliberation and verdict synthesis features of this Service constitute automated processing of your input. No human at Delib.io reviews the content of your questions or the AI responses generated during a session. 11. CHILDREN'S PRIVACY The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will delete it promptly. 12. CHANGES TO THIS POLICY We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of the Service after any changes constitutes acceptance of the updated policy. For material changes, we will notify registered users by email. 13. CONTACT US If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: Delib.io Email: privacy@delib.io Website: https://www.delib.io © 2026 Delib.io. All rights reserved.