Security is not a feature we add later. It is a constraint we build around from the start. Here is how we protect data on the Decked platform.
All data transmitted between your browser and Decked is encrypted using TLS 1.2 or higher. This applies to homeowner consultations, contractor accounts, uploaded photos, and all API traffic. We do not serve content over unencrypted HTTP.
Consultation data, photos, and account information are stored on encrypted infrastructure. Encryption keys are managed separately from the data they protect. Backups are encrypted at rest and tested regularly.
Contractor account access is protected by password authentication. We enforce minimum password strength requirements. Access to production systems is restricted to engineering staff who require it and is logged. We use the principle of least privilege throughout our infrastructure.
Room photos uploaded during consultations are transmitted directly to encrypted storage. They are accessible only to the contractor associated with the consultation and to Decked staff for support purposes. Photos are not used for any purpose other than delivering the consultation package.
We do not store credit card numbers. Payment processing is handled by a PCI-compliant third-party provider. Decked never has access to your full card details.
Consultation data used to generate visualizations is transmitted to AI providers under data processing agreements that restrict its use to generating your output. Consultation content is not used to train models.
If you discover a security vulnerability in Decked, please report it to [email protected]. We ask that you give us reasonable time to investigate and address the issue before public disclosure. We do not pursue legal action against good-faith security researchers.
In the event of a security incident that affects your data, we will notify affected account holders within 72 hours of confirming the incident. Notifications will include what happened, what data was affected, and what steps we have taken.
Security questions or concerns? Email [email protected].