Terms and Conditions

Open-source license

Decoder is a free and open-source project released under the MIT License. The full text is in the LICENSE file shipped with the software. The project is maintained collectively by contributors ("Decoder contributors"). The entire relationship between user and author is governed by the MIT License, which expressly excludes warranties and liability to the maximum extent permitted by applicable law.

What you can do

• Use it for personal or commercial purposes
• Modify the source code and build custom versions
• Distribute the original or modified software to others
• Develop new features and contribute them back

What you cannot do

• Claim to be the creator of Decoder or its original author
• When forking or redistributing, fail to clearly state that it is a modified version, not affiliated with the original Decoder project

Copyright

Copyright on original contributions remains with the respective authors and contributors. The MIT License grants you the permissions listed above without transferring copyright. There is no registered trademark holder: "Decoder" is the informal name of the open-source project.

Code analyzed through Decoder

Any source code uploaded or analyzed via Decoder remains the property of its respective owners. Decoder does not acquire any rights over your code or the generated documentation.

Contributions

Contributions submitted to the Decoder project (pull requests, issues, code patches, documentation) may be reviewed, merged and included in future releases at the discretion of the maintainers. By submitting a contribution you agree to license it under the same terms as the project (MIT License).

Minors

This demo is not directed at persons under 16. Do not create an account if you are below that age.

Data processed

The data listed below is processed strictly to the extent necessary to operate the demo:

• Account: email, display name and creation timestamp (managed by the auth module).
• Content: uploaded files kept in the server's private storage (owner-only access enforced via RLS) with an indicative 60-day retention from last activity, metadata (path, size, sha256, language, repository source — zip or GitHub) and AI explanations.
• User API keys: encrypted at rest with AES-256-GCM and never returned to the browser. Decoder does not provide any server-managed AI: to use a cloud provider you must configure your own key (BYOK).
• Usage metadata: AI provider and model used for each explanation, preferred language and proficiency level, application role (e.g. admin). No behavioural profiling, no third-party tracking.
• No advertising trackers, no third-party analytics, no profiling. The only cookie set is technical (sidebar UI preference) and requires no consent under the Italian DPA decision of 10 June 2021.

GDPR (EU Reg. 2016/679)

Processing of personal data needed to run the demo is set up consistently with the GDPR, taking into account the project's non-professional nature.

• Lawful basis: pre-contractual measures taken at the data subject's request and legitimate interest in the technical operation of the demo (art. 6.1.b and 6.1.f); explicit consent (art. 6.1.a) when you choose an external AI provider.
• Data subject rights: access, rectification, erasure, portability, objection and restriction. Export or delete your data from Settings → Account, or by opening a GitHub request.
• Non-EU transfers: only when you choose a cloud AI provider hosted outside the EU using your own API key (e.g. OpenAI, Anthropic). The provider is always shown before the request runs.
• Retention: data is kept until you delete your account or individual items, or until the demo is decommissioned.
• The data controller is the author of the project as a private individual acting in a non-professional capacity, reachable solely through GitHub Issues or, for sensitive data, GitHub private Security Advisories. The conditions for mandatory DPO appointment (art. 37 GDPR) are not met and the exemption from the records of processing for entities with fewer than 250 employees that do not carry out risky/systematic processing applies (art. 30.5 GDPR). The right to lodge a complaint with the Italian DPA (Garante per la protezione dei dati personali) remains unaffected.

EU AI Act (EU Reg. 2024/1689)

Decoder is an open-source application that calls third-party AI models. As a project released under a free license (MIT) and not placed on the market as a GPAI model, it benefits from the exclusion set out in art. 2(12) of the Regulation. Formal obligations for AI system providers (technical documentation art. 11, quality management system art. 17, CE marking) do not apply. The transparency obligation under art. 50 still applies.

• Positioning: limited-risk downstream application. No automated decisions about people, no worker scoring, no user profiling; not among the high-risk systems in Annex III.
• Transparency (art. 50): every generated output is labelled as AI-generated content and must always be verified by a competent person.
• Prohibited uses (art. 5): no biometric inference, social scoring, subliminal manipulation or exploitation of vulnerabilities.
• Human oversight: you stay in full control of when to call the AI, which provider to use and whether to accept the output.