Trust & Responsible AI

We Decode Communication Without Archiving It

Decodeme reads text to surface risk, then discards it. No facial or voice biometrics, no message archive, no AI trained on your data. Privacy is the architecture — which is also what keeps the model legal where camera- and voice-based tools are not.

Book a pilot Read the privacy policy

Four Principles, Built In — Not Bolted On

Every principle below is an architectural decision, not a setting you have to find. Privacy by design is what lets an organization monitor communication risk without becoming the thing employees fear.

Ephemeral by default

Text is processed in isolated sessions and discarded. We read content to produce a signal, then let it go — we do not build a searchable archive of employee messages.

No biometrics, ever

Decodeme infers signals from written text only. No facial expression, no voice tone, no physiological data — the categories that carry the heaviest legal and ethical risk.

Your data never trains our models

AI models are never trained on customer communication. Your messages are inputs to a signal, never training data for someone else's product.

Aggregated, consented, controlled

Organizational reporting is anonymized to the team level. Individuals consent, control their own data, and access is role-based.

Why Text-Only and Ephemeral Is a Legal Advantage

The EU AI Act prohibits emotion recognition in the workplace — but Article 5 limits that prohibition to biometric data. Text-based analysis falls outside it. Camera- and voice-based emotion tools do not.

Decodeme (text, ephemeral)
Camera / voice emotion tools
Data type
Written text only
Facial, vocal, physiological biometrics
EU AI Act Art. 5 workplace prohibition
Outside scope (non-biometric)
Within scope — prohibited
Retention
Ephemeral — read and discarded
Often recorded and stored
Employee perception
Signal, not surveillance
Always-on recording

Anchored in Recognized Standards

ISO 45003
  • International standard for psychosocial risk at work
  • Every Decodeme risk report is mapped to it
  • A recognized framework that does not depend on a local mandate
Data protection
  • GDPR (EU) and CCPA (California) controls built in
  • LGPD-compliant consent for Brazil (NR-1 programs)
  • Explicit, disclosed monitoring — never covert
Security
  • SOC 2 Type II infrastructure standards
  • End-to-end encryption (TLS 1.3 + AES-256)
  • Isolated, ephemeral session processing

Frequently Asked Questions

Does Decodeme store employee messages?

No. Text is processed in isolated, ephemeral sessions to produce a risk signal and then discarded. Decodeme does not build a searchable archive of employee communication. Organizational reporting is aggregated to the team level so individuals are not exposed.

Is Decodeme legal under the EU AI Act?

Yes for its core text-based model. The EU AI Act's Article 5 prohibition on workplace emotion recognition is limited to biometric data — facial, vocal, physiological. Decodeme infers signals from written text only, which falls outside that prohibition. Note that text-based analysis embedded in consequential HR decisions can fall under the Act's high-risk (Annex III) obligations, which we treat as a separate compliance track.

How is this different from employee surveillance?

Surveillance records and retains everything for later inspection. Decodeme produces an aggregated risk signal from communication that already happens, with consent and team-level anonymization, and discards the content. The goal is to catch psychosocial risk early — not to monitor individuals.

Monitor Communication Risk Without Crossing the Line

Privacy by design, no biometrics, and a legal posture that holds globally — the foundation under every Decodeme deployment.

Book a pilot Enterprise platform →

Related Resources

Psychosocial Risk MonitoringEnterprise PlatformPrivacy PolicyDecodeme vs. Surveys