Privacy Policy

Last updated: February 16, 2025

1. Introduction

decky ("we," "us," or "decky") operates the decky.dev website and platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, and your choices regarding your information. By using the Service, you consent to the practices described in this policy. If you do not agree, please do not use the Service. We may update this policy from time to time; we will notify you of material changes as described in Section 14.

2. Information We Collect

Information you provide

  • Account data: email address, password (hashed), name, and any profile or preference data you submit when registering or updating your account.
  • Content and site data: text, images, and other content you add to your websites; site descriptions, subdomains, and custom domain names; and any other data you input into the Service.
  • Payment and billing data: billing name, address, and payment method information (e.g., card brand and last four digits). Full payment card details are processed directly by our payment provider (Stripe) and are not stored on our servers.
  • Communications: messages you send to us (e.g., support requests) and any information you include in those messages.

Information collected automatically

  • Usage and device data: IP address, browser type and version, device type, operating system, referring URLs, pages viewed, features used, and approximate geographic location (e.g., country or region).
  • Log data: access times, request headers, and similar technical logs generated when you use the Service or when your published sites are accessed.
  • Cookies and similar technologies: we and our service providers may use cookies, local storage, and similar technologies as described in Section 6.

Information from third parties

If you sign in via a third-party provider (e.g., Google), we receive the account identifiers and profile information that the provider shares with us (e.g., email, name) in accordance with that provider's policies and your permissions.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service (including hosting your sites, processing payments, and managing domains and DNS).
  • Create and manage your account and authenticate you.
  • Generate and personalize content (e.g., AI-generated website content based on your inputs).
  • Process transactions and send related communications (e.g., receipts, subscription notices).
  • Send you service-related messages (e.g., security alerts, product updates, and support responses).
  • Send marketing communications if you have opted in; you may opt out at any time.
  • Analyze usage and trends to improve the Service, security, and user experience.
  • Detect, prevent, and address fraud, abuse, security issues, and technical problems.
  • Comply with legal obligations, respond to lawful requests from authorities, and enforce our Terms of Service.
  • For other purposes described at the time of collection or with your consent.

4. Legal Bases for Processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data based on: (a) performance of our contract with you (e.g., providing the Service); (b) your consent where we have asked for it (e.g., marketing); (c) our legitimate interests (e.g., security, analytics, improving the Service), where those interests are not overridden by your rights; and (d) compliance with legal obligations.

5. How We Share Your Information

We may share your information in the following circumstances:

  • Service providers: with vendors who perform services on our behalf (e.g., hosting, authentication, payment processing, email delivery, analytics). These providers are contractually required to protect your data and use it only for the purposes we specify.
  • Published content: content you choose to publish on your websites is publicly accessible; we do not control who views or shares it.
  • Legal and safety: when required by law, court order, or government request; to protect the rights, property, or safety of decky, our users, or the public; or to enforce our Terms.
  • Business transfers: in connection with a merger, sale of assets, financing, or acquisition; we will notify you and inform you of any choices regarding your information.
  • With your consent: we may share information for other purposes when you have given us clear consent.

We do not sell your personal information in the sense of exchanging it for money. We do not share your personal information with third parties for their own advertising purposes without your consent.

6. Cookies and Similar Technologies

We and our service providers use cookies, local storage, and similar technologies to remember your preferences, keep you signed in, understand how you use the Service, and improve performance and security.

Types we use

  • Strictly necessary: required for the Service to function (e.g., authentication, load balancing, security). These generally cannot be disabled.
  • Functional: remember your settings and choices (e.g., language, theme) to improve your experience.
  • Analytics and performance: help us understand usage patterns and fix issues (e.g., page views, errors). We may use first-party or third-party analytics in a way that minimizes identification of individuals.

You can control cookies through your browser settings (e.g., block or delete cookies). Blocking certain cookies may limit some features of the Service. We do not currently respond to "Do Not Track" signals; we treat the choices you make in your browser and any opt-outs we offer as controlling.

7. Third-Party Services

We use third-party service providers to operate the Service (e.g., for hosting, authentication, payment processing, and infrastructure). When we share your information with these providers, their use of it is governed by their own privacy policies and our agreements with them. Data may be stored or processed in the United States or other regions where our providers operate. If you sign in using a third-party provider (such as a social or identity provider), that provider may share account or profile information with us in accordance with your settings and their policies.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide you the Service, and thereafter as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for backup and operational purposes. For example, we may retain certain account and transaction data for tax and legal compliance; log data for security and debugging for a limited period; and backup copies of content for disaster recovery. When you delete your account or content, we will delete or anonymize your personal data within a reasonable period, except where retention is required by law or for legitimate business purposes.

9. Security

We implement administrative, technical, and physical measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS) and at rest where appropriate, access controls, and secure development practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security and are not responsible for circumvention of any safeguards beyond our control (e.g., unauthorized access to your device or account credentials).

10. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data (you can also update many details in your account settings).
  • Deletion: request deletion of your personal data, subject to legal and operational retention needs.
  • Portability: request a copy of your data in a structured, machine-readable format where applicable.
  • Restriction and objection: in certain circumstances, request that we restrict processing or object to processing (e.g., for direct marketing).
  • Withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Complaint: lodge a complaint with a supervisory authority in your country (e.g., in the EEA, your local data protection authority).

To exercise these rights, contact us at privacy@decky.dev. We will respond within the time required by applicable law. We may need to verify your identity before processing your request.

California residents: we do not sell personal information. We may disclose certain categories of personal information for business purposes (e.g., to service providers) as described in this policy. You may have the right to know, delete, correct, and limit use of sensitive personal information, and to non-discrimination. To submit a request, email privacy@decky.dev.

11. International Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers and we operate. These countries may have different data protection laws. Where we transfer personal data from the EEA or UK to a country not recognized as providing adequate protection, we implement appropriate safeguards (e.g., standard contractual clauses approved by the European Commission or UK authorities, or other mechanisms permitted by law) to protect your information.

12. Children

The Service is not directed to individuals under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at privacy@decky.dev and we will take steps to delete it.

13. Links to Other Sites

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. For material changes, we may also notify you by email or through the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

15. Contact Us

For questions about this Privacy Policy or our privacy practices, contact us at privacy@decky.dev. For general support, you may also use support@decky.dev.