Never sold
Your data and decision logs are never sold or rented to anyone.
This policy explains what data 1D2A collects, why, how it is handled, and the choices and rights you have. 1D2A is built around deliberate, recorded decisions — the same care applies to your data.
Your data and decision logs are never sold or rented to anyone.
Logs stay private to you and invitees unless you choose to publish.
You can access, export, or request deletion of your data at any time.
Only what is needed to run the service — no tracking for advertising.
1D2A collects as little personal data as it can while still operating reliably. It does not use your data for advertising, does not sell or rent it, and does not track you across other websites.
This policy describes the data involved when you use 1D2A, why it is processed, and the rights you have over it. It forms part of the Terms of Use.
The short version: minimal data, no selling, no ad tracking — and clear rights for you over everything that is collected.
1D2A is a personal project operated by Ivan Jureta, who acts as the data controller for personal data processed through the service. 1D2A is not affiliated with or operated on behalf of any organization.
You can reach the controller at ivan@ivanjureta.com for any question or request relating to your data.
Three kinds of data are involved when you use 1D2A:
Account data — your name and email address from the sign-in method you choose (such as Google), used to create and secure your account.
Content you create — the decision logs, nodes, attachments, comments, and history you add to the service.
Technical and usage data — limited information such as log-in events, basic device and browser details, and error logs needed to keep the service secure and working.
Data is used to provide and secure the service: to create and authenticate your account, to store and display your decision logs, to preserve their immutable history, to operate AI-assisted features when you use them, and to diagnose and fix problems.
Data is not used for advertising or profiling, and is not combined with data from third parties to build a profile of you.
Where the GDPR applies, personal data is processed on the following bases: performance of the contract (providing the service you signed up for), legitimate interests (keeping the service secure and functioning), legal obligation (where the law requires it), and consent (for anything that specifically asks for it, which you can withdraw at any time).
When you use AI-assisted features, the relevant content from your log may be sent to a third-party AI provider solely to generate the assessment, risks, or options you requested, and then returned to you. This processing happens only when you trigger it.
Your content is not used to train third-party models, and AI features are not applied to your private logs unless you invoke them.
AI features only run when you ask. Your logs aren’t used to train anyone’s models.
Logs are private to you and the people you invite. If you choose to publish a log or template, the content you publish — including any names or details inside it — becomes readable by anyone, including signed-out visitors.
Only publish content you are comfortable making public, and avoid including personal data about others without a basis to do so.
Data is shared only with the service providers needed to run 1D2A, under agreements that limit them to that purpose:
Identity providers — to authenticate your sign-in (for example, Google).
Hosting and infrastructure — to store and serve your data securely.
AI provider — to process AI-assisted requests you initiate.
1D2A uses only the cookies and browser storage needed to keep you signed in and to remember basic preferences. It does not use advertising or cross-site tracking cookies.
Your account and content are kept for as long as your account is active. Because 1D2A preserves an immutable history of each log, earlier states are retained as part of that record until the log or account is deleted.
When you request that we delete your account, your personal data and logs are removed within a reasonable period and you are notified when this is executed, except where limited information must be kept to meet legal obligations. If you request the deletion of your data and we complete it, this cannot be undone.
Reasonable technical and organizational measures are used to protect your data, including encryption in transit and access controls. No service can guarantee absolute security, but access to your content is limited to what is needed to operate 1D2A.
Subject to applicable law, you have the right to:
Access — obtain a copy of the personal data held about you.
Rectify — correct data that is inaccurate or incomplete.
Erase — request deletion of your account and data.
Port — export your data in a usable format.
Object or restrict — object to certain processing or ask that it be limited, and withdraw consent where it was the basis.
Email ivan@ivanjureta.com to exercise any of these. You can also lodge a complaint with your local data-protection authority.
Some service providers may process data outside your country or the European Economic Area. Where that happens, appropriate safeguards — such as standard contractual clauses — are relied upon to protect your data.
1D2A is not directed at children and is not intended for anyone under 16. Personal data of children is not knowingly collected; if you believe a child has provided data, please get in touch so it can be removed.
This policy may be updated from time to time. When changes are material, the updated version and its effective date will be posted here, and reasonable notice will be given where practical.
For any question or request about this policy or your data, contact ivan@ivanjureta.com. Because 1D2A is a personal project, correspondence is handled directly by its author.
1D2A is a personal project, not affiliated with any organization. To exercise a privacy right or ask a question, reach out directly.