Security
Last updated: 2026-07-10
Privatedec is designed to reduce risk when working with sensitive datasets. This page summarizes key security practices and governance controls used by the application.
Access controls
- Authentication is required to upload, process, view, or download results.
- Sessions are scoped to the creating user account.
Secure downloads
- Downloads can use time-limited signed URLs when supported by the storage backend.
- Signed URL lifetime is configurable by the deployment owner.
Data minimization
- Default retention is limited (original uploads: 7 days; results: 30 days).
- Users can delete sessions and associated files from the application.
Operational security
- Secrets are configured via environment variables.
- Storage access should follow least-privilege where possible.
Incident reporting
If you suspect a vulnerability or incident, contact the deployment owner.
Email [email protected] Privacy Retention