Security

Last updated: 2026-07-10

Privatedec is designed to reduce risk when working with sensitive datasets. This page summarizes key security practices and governance controls used by the application.

Access controls
  • Authentication is required to upload, process, view, or download results.
  • Sessions are scoped to the creating user account.
Secure downloads
  • Downloads can use time-limited signed URLs when supported by the storage backend.
  • Signed URL lifetime is configurable by the deployment owner.
Data minimization
  • Default retention is limited (original uploads: 7 days; results: 30 days).
  • Users can delete sessions and associated files from the application.
Operational security
  • Secrets are configured via environment variables.
  • Storage access should follow least-privilege where possible.
Incident reporting

If you suspect a vulnerability or incident, contact the deployment owner.

Email [email protected] Privacy Retention