Records you can point to when it matters

Governance records need to be trustworthy — not just stored. Decisio's security model is designed around the specific requirements of formal decision-making: immutability, attribution, and transparency. These properties are not add-ons. They are how the product works.

Resolutions cannot be changed after the fact

Once a resolution is recorded in Decisio, it becomes a permanent fixture. The decision text, the vote breakdown, the exhibits, the timestamps, the attribution — none of it can be edited, deleted, or backdated. This is enforced at the database level through append-only storage patterns and the removal of deletion operations on resolution data. It is not a policy. It is architecture.

When a decision needs to be reversed, the original resolution remains intact:

Voiding creates a new, timestamped record that references the original, captures the stated reason, and attributes the person who voided it. The original resolution — including its full text, votes, and exhibits — stays visible and unaltered.
Superseding links a new resolution to its predecessor, creating an explicit chain of decision evolution. Both records remain accessible. Neither is modified.

There is no “edit resolution” button. There is no way to quietly alter what was decided, who decided it, or when. The record reflects what actually happened.

Every action, timestamped and attributed

Decisio records every governance action automatically. There is no manual logging, no reliance on someone remembering to document what happened.

What gets recorded

Issue creation, edits, and status changes
Motion proposals, seconding, amendments, and outcomes
Every vote cast — who voted, how they voted, and when
Justifications — the written reasoning behind each submission
Exhibit uploads, withdrawals, and superseding
Resolution creation, voiding, and superseding
Participant invitations, additions, and access events
Comments and discussion threads

All timestamps are server-generated. Users cannot set or alter them.

What auditors can verify

That decisions were made through a defined process, not ad hoc
That every change to a decision is documented and explained
That no records have been tampered with, edited, or deleted
That the decision-making timeline is chronologically authentic
That every action traces back to an identified person

The audit trail is structured for review by legal counsel, compliance officers, board members, and external auditors. Records are accessible through the platform and can be exported for offline review.

Independent judgement with full accountability

Decisio's voting model is designed to prevent two problems that undermine governance: groupthink and unaccountability.

Before you vote — you can see who has submitted, but not how they voted or what they wrote. This prevents anchoring. Every participant forms their position independently.
After you vote — you see how everyone voted, including their written justification. The full picture is available once your own position is on record.
No anonymous voting — every submission is attributed to a specific person. Governance requires that decisions can be traced to the people who made them.

Submissions include an optional justification field. When used, the reasoning behind each vote becomes part of the permanent record — not just the outcome.

Every action tied to an identity

There are no anonymous actions in Decisio. Every event in the system is attributed to a specific, authenticated person.

Workspace members are authenticated via their account credentials. Role-based permissions (owner, admin, member) determine what each person can do.
External participants are identified by their email address and access the platform through a unique, per-person invite token. They do not need a Decisio account.
Timestamps are generated server-side at the moment an action occurs. They cannot be set, adjusted, or backdated by any user.
All records — votes, motions, comments, exhibits, resolutions, status changes — are attributed to the person who performed the action.

This means that for any record in the system, you can answer who did it and when — without relying on manual notes, email threads, or someone's memory.

The right people see the right things

Access in Decisio is scoped by role and by invitation, enforced at the database level through row-level security policies.

Role-based permissions — Owners, admins, and members have distinct capabilities. Owners manage billing and workspace settings. Admins manage governance operations — creating issues, configuring voting, recording resolutions. Members participate within the boundaries set by their role.
Participant scoping — External participants are invited to a specific issue and can only access that issue. They cannot see other issues, other projects, or any other workspace content. Each participant receives a unique invite token tied to their email address.
Private projects — Sensitive committee work can be placed in private projects visible only to project members and admins. Other workspace members cannot see these projects or their contents.

These controls are not application-level filters that could be bypassed. They are enforced by database-level security policies that govern every query.

Your governance data, properly handled

Australian data residency — All data is hosted in Sydney (AWS ap-southeast-2) via Supabase PostgreSQL. Your data remains within Australian jurisdiction and is subject to Australian privacy laws.
Encryption — Data is encrypted at rest in the database and encrypted in transit via TLS for all connections.
Data minimisation — Decisio collects only what is necessary to provide the service: account credentials, decision data, and basic session information. Payment details are handled by Stripe and never touch Decisio's servers.
No data selling — Decisio does not sell, rent, or trade your data to third parties. Your governance records are yours.
Export and portability — Resolution records, issue histories, and vote data can be accessed through the platform interface and exported for offline archival, legal discovery, or regulatory submissions. API access is available on professional plans for programmatic data retrieval.
Retention — Data is retained for the life of your subscription. After cancellation, data is retained for 90 days before scheduled deletion. Complete workspace exports are available on request.

Governance records you can defend

Immutable resolutions. Complete audit trails. Attributed actions. Transparent voting. These are not features you enable — they are how every decision is recorded from the start.

Get started free

Resolutions cannot be changed after the fact

When a decision needs to be reversed, the original resolution remains intact:

Voiding creates a new, timestamped record that references the original, captures the stated reason, and attributes the person who voided it. The original resolution — including its full text, votes, and exhibits — stays visible and unaltered.
Superseding links a new resolution to its predecessor, creating an explicit chain of decision evolution. Both records remain accessible. Neither is modified.

There is no “edit resolution” button. There is no way to quietly alter what was decided, who decided it, or when. The record reflects what actually happened.

Every action, timestamped and attributed

Decisio records every governance action automatically. There is no manual logging, no reliance on someone remembering to document what happened.

What gets recorded

Issue creation, edits, and status changes
Motion proposals, seconding, amendments, and outcomes
Every vote cast — who voted, how they voted, and when
Justifications — the written reasoning behind each submission
Exhibit uploads, withdrawals, and superseding
Resolution creation, voiding, and superseding
Participant invitations, additions, and access events
Comments and discussion threads

All timestamps are server-generated. Users cannot set or alter them.

What auditors can verify

That decisions were made through a defined process, not ad hoc
That every change to a decision is documented and explained
That no records have been tampered with, edited, or deleted
That the decision-making timeline is chronologically authentic
That every action traces back to an identified person

Independent judgement with full accountability

Decisio's voting model is designed to prevent two problems that undermine governance: groupthink and unaccountability.

Before you vote — you can see who has submitted, but not how they voted or what they wrote. This prevents anchoring. Every participant forms their position independently.
After you vote — you see how everyone voted, including their written justification. The full picture is available once your own position is on record.
No anonymous voting — every submission is attributed to a specific person. Governance requires that decisions can be traced to the people who made them.

Submissions include an optional justification field. When used, the reasoning behind each vote becomes part of the permanent record — not just the outcome.

Every action tied to an identity

There are no anonymous actions in Decisio. Every event in the system is attributed to a specific, authenticated person.

Workspace members are authenticated via their account credentials. Role-based permissions (owner, admin, member) determine what each person can do.
External participants are identified by their email address and access the platform through a unique, per-person invite token. They do not need a Decisio account.
Timestamps are generated server-side at the moment an action occurs. They cannot be set, adjusted, or backdated by any user.
All records — votes, motions, comments, exhibits, resolutions, status changes — are attributed to the person who performed the action.

This means that for any record in the system, you can answer who did it and when — without relying on manual notes, email threads, or someone's memory.

The right people see the right things

Access in Decisio is scoped by role and by invitation, enforced at the database level through row-level security policies.

Role-based permissions — Owners, admins, and members have distinct capabilities. Owners manage billing and workspace settings. Admins manage governance operations — creating issues, configuring voting, recording resolutions. Members participate within the boundaries set by their role.
Participant scoping — External participants are invited to a specific issue and can only access that issue. They cannot see other issues, other projects, or any other workspace content. Each participant receives a unique invite token tied to their email address.
Private projects — Sensitive committee work can be placed in private projects visible only to project members and admins. Other workspace members cannot see these projects or their contents.

These controls are not application-level filters that could be bypassed. They are enforced by database-level security policies that govern every query.

Your governance data, properly handled

Australian data residency — All data is hosted in Sydney (AWS ap-southeast-2) via Supabase PostgreSQL. Your data remains within Australian jurisdiction and is subject to Australian privacy laws.

Encryption — Data is encrypted at rest in the database and encrypted in transit via TLS for all connections.

Data minimisation — Decisio collects only what is necessary to provide the service: account credentials, decision data, and basic session information. Payment details are handled by Stripe and never touch Decisio's servers.

No data selling — Decisio does not sell, rent, or trade your data to third parties. Your governance records are yours.

Export and portability — Resolution records, issue histories, and vote data can be accessed through the platform interface and exported for offline archival, legal discovery, or regulatory submissions. API access is available on professional plans for programmatic data retrieval.

Retention — Data is retained for the life of your subscription. After cancellation, data is retained for 90 days before scheduled deletion. Complete workspace exports are available on request.