Decisions Lab Logo

Decisions Lab

Privacy & Security

Security, privacy, and compliance at Decisions Lab.

Overview

Decisions Lab (Almita Limited) is a company building AI-powered simulation tools for understanding human behavior.

Core application data is primarily hosted in Singapore on Supabase. Application execution uses Vercel (including Singapore and US regions). Some supporting services may process data outside Singapore, including in the United States.

Our stack includes Vercel, Supabase, StackAuth, Stripe, PostHog, OpenAI, and AWS (including Bedrock for product AI). Payments are handled by Stripe; we do not store full payment card details.

Authentication is managed by StackAuth. Customer-connected mailbox access may use supported Gmail OAuth or customer-configured SMTP and IMAP providers. All database access is protected by Row-Level Security (RLS) policies.

Documents
DocumentDescription
Privacy Policy
How we collect, use, and protect your dataView
Terms of Service
Rules and agreements for using our platformView

Security Highlights

Encryption

TLS 1.3 in transit, AES-256 at rest. SMTP credentials encrypted in database.

Row-Level Security

Supabase RLS policies enforce strict user-based data access controls.

AI providers

Product AI uses OpenAI and AWS Bedrock with zero data retention.

PCI Compliance

Payment processing via Stripe. We never store card details.

Compliance

Formal assessments

Decisions Lab does not currently have a completed SOC 2 report and is not yet formally in audit. Our roadmap targets SOC 2 Type I with an initial scope focused on Security criteria. Until then, we can share our security overview, subprocessors, data residency summary, and related diligence materials on request.

Subprocessors

Core providers support hosting, storage, authentication, payments, analytics, AI, and messaging. Connected mailbox flows (such as Gmail OAuth or your own email provider) depend on how you configure the product.

CompanyPurposeLocation
Vercel logo
Vercel
Application hosting and executionSingapore; United States
Supabase logo
Supabase
Core database and storageSingapore
StackAuth logo
StackAuth
Authentication and user managementUnited States
Stripe logo
Stripe
Payment processingUnited States
PostHog logo
PostHog
Product analytics and telemetryUnited States
Resend logo
Resend
Transactional email and notificationsUnited States
OpenAI logo
OpenAI
AI feature processingVendor-managed
AWS logo
AWS
AI and infrastructure (including Bedrock)United States

Have security questions?

Our team is here to help with any security or compliance inquiries.

Contact Security Team