Skip to content
decantr
Log inSign up
Privacy

Privacy Policy

Decantr keeps the source repositories MIT licensed while also publishing a service-level privacy policy for the hosted registry experience.

Effective date: May 11, 2026

Open Source And Hosted Service Boundary

The Decantr source repositories are available under the MIT License. This policy applies to the hosted registry service, not to your rights under the open-source license for code we distribute separately.

Scope

This Privacy Policy explains how Decantr handles information collected through the hosted registry and related Decantr services. It governs the service relationship for hosted use and does not change the MIT license terms that apply to Decantr source code distributed separately.

Information We Collect

When you use the hosted registry, Decantr may process account details such as your email address, profile metadata, authentication provider identity, organization membership, billing state, and content or package metadata you choose to publish or manage through the service.

Operational Data

We may collect operational and security data such as request logs, rate-limit events, moderation actions, audit history, and basic usage diagnostics needed to run, secure, and improve the hosted service.

Opted-In Product Telemetry

Decantr CLI product telemetry is off unless a project opts in. When enabled, it sends aggregate lifecycle metadata such as command outcome, duration, workflow mode, analyze counts, Project Health status, finding counts, CI gate outcome, Studio usage, and remediation prompt request outcome. It does not send source code, prompt text, local file paths, repository names, emails, secrets, raw route names, private package slugs, health report bodies, or finding evidence.

Telemetry Identity Linking

Users may run decantr telemetry link after logging in to attach opaque install and project ids to their Decantr account or organization. The link improves customer attribution for opted-in CLI usage without collecting project names, local paths, source content, prompts, or private registry slugs.

How We Use Data

Decantr uses service data to authenticate users, render dashboard and registry experiences, enforce plan entitlements, power collaboration and governance workflows, prevent abuse, investigate incidents, and improve product reliability.

Sharing

We do not treat your account or organization data as public by default. Publicly published registry content and profile information may be visible to other users, while private packages and organization-only workflows are handled according to their configured visibility and entitlement model.

Retention

We retain service data for as long as necessary to operate the hosted product, meet security and compliance needs, preserve audit history, and resolve billing or support issues. Different data classes may have different retention windows based on operational need.

Changes

Decantr may update this Privacy Policy as the hosted product evolves. Material changes should be reflected on this page with an updated effective date before they take effect.

Your Choices

  • Use public or private visibility controls when publishing content.
  • Review organization membership and governance settings before sharing collaborative content.
  • Run decantr telemetry explain to inspect CLI telemetry fields before opting in.
  • Set telemetry to false in .decantr/project.json to opt out of CLI product telemetry.
  • Use the contact channels published on decantr.ai for service privacy questions or requests.