Back to home

Privacy Policy

Last updated: February 2025

1. Introduction

Qdeck ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered HTML5 presentation generator platform, including our website, applications, and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you register for an account, we collect your name, email address, and password. If you sign up via Google OAuth, we receive your name, email address, and profile picture from Google.
  • Presentation Content: The text, images, descriptions, and other content you provide when creating and editing presentations, including prompts submitted to our AI generation features.
  • Payment Information: When you subscribe to a paid plan (Pro or Max), payment processing is handled by Stripe. We do not store your full credit card number on our servers. Stripe may collect and store your payment details in accordance with their own privacy policy.
  • Communications: When you contact our support team, we collect the content of your messages, your email address, and any attachments you provide.

2.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the Service, including pages visited, features used, presentation creation and editing activity, and time spent on the platform.
  • Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Presentation Analytics: For shared presentations, we collect anonymized view counts, viewer IP hashes (not full IP addresses), user agent strings, and view timestamps.

2.3 Information from Third Parties

  • Google OAuth: If you authenticate using Google, we receive your basic profile information (name, email, profile picture) as authorized by you through Google's consent flow.
  • Stripe: We receive confirmation of payment status, subscription plan details, and billing-related events from Stripe. We do not receive or store your full card number.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To create and manage your account, generate and store your presentations, process AI generation requests, and enable collaboration and sharing features.
  • AI Content Generation: Your prompts and presentation context are sent to Google Gemini AI (via Google Vertex API) to generate presentation content, slides, and images. We send only the information necessary for generation.
  • Payment Processing: To process subscription payments, manage billing, and handle refund requests via Stripe.
  • Analytics and Improvement: To understand usage patterns, improve our features, fix bugs, and develop new functionality.
  • Communication: To send you service-related notices, security alerts, and support responses. We may also send product updates, which you can opt out of at any time.
  • Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Third-Party Services

We integrate with the following third-party services, each governed by their own privacy policies:

Google Gemini AI (Vertex API)

Used for AI-powered content generation. Your prompts, presentation context, and style preferences are transmitted to Google's servers for processing. Google's use of this data is governed by their Cloud Data Processing terms. We use Gemini 3 Flash for text generation and Imagen for image generation.

Google OAuth

Used for authentication. We access only the scopes you authorize (typically email and basic profile). Governed by Google's Privacy Policy.

Stripe

Used for payment processing. All payment card data is handled directly by Stripe and never touches our servers. Stripe is PCI-DSS Level 1 certified. Governed by Stripe's Privacy Policy.

S3-Compatible Storage

Used for storing uploaded images and presentation assets. Files are stored securely with access-controlled URLs. Storage providers operate under their respective privacy and security policies.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled as they are necessary for the Service to function.
  • Functional Cookies: Store your preferences, such as theme settings, editor layout preferences, and language selection.
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve it. These are anonymized and aggregated.

You can control cookie preferences through your browser settings. Disabling essential cookies may impair the functionality of the Service.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • Service Providers: With third-party vendors who assist us in operating the Service (hosting, AI processing, payment processing, analytics), subject to confidentiality obligations.
  • Collaboration: When you invite collaborators to a presentation, they will have access to the presentation content and can see your name and email as the owner.
  • Public Sharing: When you enable a public share link for a presentation, the presentation content becomes accessible to anyone with the link.
  • Legal Requirements: When required by law, subpoena, or other legal process, or to protect the rights, property, or safety of Qdeck, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Secure password hashing using industry-standard algorithms
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for internal systems
  • Redis-based session management with secure token handling

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods include:

  • Account Data: Retained until you delete your account. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
  • Presentation Data: Retained until you delete the presentation or your account. Version history diffs are retained for the life of the presentation.
  • Analytics Data: Presentation view analytics are retained for up to 24 months and then automatically deleted.
  • Log Data: Server logs are retained for up to 90 days for security and debugging purposes.
  • Payment Records: Billing records are retained for up to 7 years as required by applicable tax and accounting regulations.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data under applicable data protection laws (including the GDPR and CCPA):

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete data. You can also update most of your information directly through your account settings.
  • Right to Erasure: You may request deletion of your personal data. You can delete your account at any time through the settings page.
  • Right to Restrict Processing: You may request that we limit the processing of your data under certain circumstances.
  • Right to Data Portability: You may request a copy of your data in a structured, machine-readable format. Presentations can be exported as HTML at any time.
  • Right to Object: You may object to the processing of your personal data for certain purposes, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at support@qdeck.app. We will respond to your request within 30 days.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (such as Google Cloud and Stripe) operate data centers. We ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, and other legally recognized transfer mechanisms.

11. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@qdeck.app.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Service: Qdeck

Email: support@qdeck.app

Data Protection Inquiries: support@qdeck.app

If you are located in the European Economic Area and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.