Privacy Policy

1. Scope and Application

This Privacy Policy applies to all individuals who access or use SlideGMM's web-based platform, application programming interfaces (APIs), and any related services (collectively, the “Services”). This includes registered users, visitors, and any person whose personal information is processed in connection with the Services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy, which is incorporated into and forms part of our Terms of Service. If you do not agree with any part of this Privacy Policy, you must discontinue use of the Services immediately.

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked from our Services, each of which may have their own data collection and privacy practices. We encourage you to review the privacy policies of any third-party services before providing your information.

2. Data Controller

For the purposes of applicable data protection legislation (including, but not limited to, the EU General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR, and the California Consumer Privacy Act (“CCPA”)), the data controller of your personal information is:

If you have any questions or concerns about our processing of your personal information, or if you wish to exercise any of your data protection rights, please contact us using the details provided above or in Section 19 below.

3. Information We Collect

We collect and process personal information through various means when you interact with our Services. The categories of information we collect depend on how you use the Services and may include the following:

3.1 Information You Provide Directly

3.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain technical and usage information:

• Device Information: Hardware model, operating system and version, browser type and version, screen resolution, unique device identifiers (e.g., advertising ID, device fingerprint), and mobile network information.
• Log Data: IP address, access timestamps, pages viewed, referring/exit URLs, click-stream data, and system activity logs including error reports and crash diagnostics.
• Usage Analytics: Features accessed, session duration and frequency, interaction patterns (clicks, scrolls, navigation paths), content generated, and performance metrics.
• Location Data: Approximate geographic location derived from your IP address (country, region, and city level). We do not collect precise geolocation data.
• Cookies and Similar Technologies: Session identifiers, authentication tokens, persistent identifiers, and data collected through cookies, web beacons, pixels, and local storage as further described in Section 12.

3.3 Information from Third-Party Sources

We may receive personal information about you from the following third-party sources:

• Authentication Providers: When you sign in using Google OAuth or other third-party authentication services, we receive basic profile information as authorized by you.
• Payment Processor: Paddle may provide us with transaction confirmations, subscription status, billing country, and payment method type (but not full card details).
• Analytics Services: We may receive aggregated or pseudonymized data from analytics and advertising partners to help us understand usage trends and improve our Services.

4. Legal Basis for Processing

We process your personal information only when we have a valid legal basis to do so. Depending on the specific processing activity, we rely on one or more of the following legal grounds:

5. How We Use Your Information

5.1 Service Delivery and Operations

• Generating AI-powered presentations, diagrams, and visual content based on your inputs
• Processing and converting uploaded documents and media files into presentation formats
• Authenticating your identity and maintaining account security
• Processing subscription payments and managing billing cycles through Paddle
• Synchronizing your data across sessions and maintaining service continuity
• Providing technical support and responding to your inquiries
• Sending transactional communications (e.g., purchase confirmations, password resets, security alerts)

5.2 Service Improvement and Development

• Analyzing aggregated usage patterns to identify areas for enhancement
• Conducting A/B testing to evaluate new features and interface improvements
• Training and improving our AI models using aggregated, de-identified data (see Section 13)
• Monitoring system performance, diagnosing technical issues, and resolving bugs
• Developing new products, features, and services

5.3 Safety, Security, and Compliance

• Detecting, investigating, and preventing fraudulent transactions, abuse, and security threats
• Enforcing our Terms of Service, Acceptable Use Policy, and other applicable policies
• Complying with applicable legal requirements, including responding to lawful government requests
• Protecting the rights, property, and safety of SlideGMM, our users, and the general public
• Conducting audits and maintaining records as required by law

5.4 Marketing and Communications

• Sending promotional communications about new features, offers, and events (where you have opted in or as permitted by applicable law)
• Personalizing content recommendations and in-app experiences
• Measuring the effectiveness of our marketing campaigns
• Conducting user research, surveys, and feedback collection

You can opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email, updating your notification preferences in account settings, or contacting us at privacy@slidegmm.ai.

6. Information Sharing and Disclosure

We may share your personal information only in the following limited circumstances:

6.1 Service Providers and Sub-Processors

We engage carefully vetted third-party service providers who process personal information on our behalf and under our instructions. These providers are bound by data processing agreements that require them to implement appropriate technical and organizational security measures and to process your information only for the specified purposes. Our key sub-processors include:

• Cloud Infrastructure: For hosting, data storage, and content delivery
• Payment Processing: Paddle.com Market Limited (Merchant of Record)
• Authentication: Firebase Authentication by Google
• AI Services: AI model providers for content generation
• Analytics: Usage analytics and performance monitoring services
• Communications: Email delivery and customer support platforms

6.2 Legal Requirements and Protection of Rights

We may disclose your information where we reasonably believe such disclosure is necessary to:

• Comply with a legal obligation, regulation, court order, subpoena, or other lawful governmental request
• Enforce our Terms of Service, this Privacy Policy, or other applicable agreements
• Investigate, detect, or prevent fraud, security incidents, or technical issues
• Protect the rights, property, or personal safety of SlideGMM, our users, or the public as required or permitted by law

6.3 Business Transfers

In connection with any merger, acquisition, corporate restructuring, sale of assets, financing, or bankruptcy proceeding, your personal information may be disclosed during due diligence and transferred to a successor entity as part of the transaction. We will use reasonable efforts to ensure that the successor entity is bound by privacy obligations no less protective than those set forth in this Privacy Policy, and we will provide notice as required by applicable law.

6.4 Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify any individual. Such information is not considered personal information under applicable data protection laws.

6.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy only with your explicit, informed consent.

7. Payment Processing and Paddle

All payment transactions for SlideGMM subscriptions are processed by Paddle.com Market Limited, which acts as our Merchant of Record. This means that Paddle is the entity that processes your payment, handles billing, manages refunds, and collects applicable taxes on our behalf.

When you make a purchase through SlideGMM:

• Your payment information (such as credit card details) is collected and processed directly by Paddle in accordance with PCI-DSS Level 1 standards. SlideGMM does not have access to your full payment card details.
• Paddle processes your payment data as an independent data controller for payment-related purposes. Paddle's processing of your data is governed by Paddle's Privacy Policy.
• Paddle may collect billing information including your name, email address, billing address, and payment method details to process transactions and comply with tax obligations.
• We receive from Paddle: transaction confirmations, subscription status, billing country, payment method type, and customer identifiers necessary for us to provision and manage your subscription.

For any payment-related inquiries, including refund requests and billing disputes, you may contact Paddle directly or reach out to our support team at support@slidegmm.ai, and we will coordinate with Paddle on your behalf.

8. Data Security

We take the security of your personal information seriously and have implemented comprehensive technical, administrative, and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

Technical Measures

• TLS/SSL encryption for all data in transit
• Encryption of sensitive data at rest using industry-standard algorithms (AES-256)
• Secure password hashing using bcrypt with appropriate work factors
• Regular security assessments, penetration testing, and vulnerability scanning
• Network-level security controls including firewalls and intrusion detection systems
• Automated monitoring and alerting for anomalous activity

Administrative Measures

• Principle of least privilege for internal access to systems and data
• Mandatory security awareness training for all personnel
• Background checks for employees with access to personal information
• Documented incident response and data breach notification procedures
• Regular review and update of security policies and controls

Despite our efforts, no method of electronic transmission or storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for promptly notifying us of any suspected unauthorized access.

9. Data Retention

We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention practices consider the following criteria:

When personal information is no longer required, we securely delete or irreversibly anonymize it in accordance with our data retention policies and applicable legal requirements.

10. Your Privacy Rights

Subject to applicable law, you have the following rights regarding your personal information. Certain rights may be limited where we have a compelling legitimate interest or legal obligation to retain data.

10.1 Right of Access

You have the right to request confirmation of whether we process your personal information and, if so, to access that information along with supplementary details about our processing activities.

10.2 Right to Rectification

You have the right to request correction of inaccurate personal information and completion of incomplete personal information. You may update most information directly through your account settings.

10.3 Right to Erasure (“Right to Be Forgotten”)

You have the right to request deletion of your personal information in certain circumstances, including when the data is no longer necessary for its original purpose, when you withdraw consent, or when you object to processing and there are no overriding legitimate grounds.

10.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing pending verification.

10.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another controller, where technically feasible and where processing is based on consent or contract.

10.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease such processing without exception.

10.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

10.8 Right Not to Be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects concerning you, except where such processing is necessary for a contract, authorized by law, or based on your explicit consent.

10.9 Exercising Your Rights

To exercise any of these rights, you may:

• Email: privacy@slidegmm.ai
• In-App: Navigate to Profile → Settings → Privacy & Data
• Web: Submit a request at slidegmm.ai/privacy-request

We will verify your identity before processing your request and respond within the timeframes mandated by applicable law (typically 30 days under GDPR, 45 days under CCPA). If we require additional time, we will inform you of the reason and the expected timeline.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

11. International Data Transfers

SlideGMM operates globally, and your personal information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that are different from those of your jurisdiction.

When we transfer personal information outside the European Economic Area (EEA), the United Kingdom, or Switzerland, we ensure that appropriate safeguards are in place, including:

• Adequacy Decisions: Transfers to countries that the European Commission or relevant authority has determined provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses as a legal mechanism for data transfers where no adequacy decision exists.
• Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure an adequate level of protection for transferred data.

You may request a copy of the safeguards we have in place for international data transfers by contacting us at privacy@slidegmm.ai.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide, secure, and improve our Services. The technologies we use fall into the following categories:

Managing Your Cookie Preferences

You can manage your cookie preferences through the following methods:

• Browser Settings: Most browsers allow you to block or delete cookies through their settings. Note that blocking essential cookies may affect the functionality of the Services.
• Do Not Track: We honor Do Not Track (DNT) browser signals where technically feasible.
• Third-Party Opt-Outs: You may opt out of third-party analytics and advertising cookies through the relevant provider's opt-out mechanism.

For more information about cookies and your choices, visit www.allaboutcookies.org.

13. Artificial Intelligence and Automated Processing

Our Services use artificial intelligence and machine learning technologies to generate presentations, analyze content, and deliver personalized experiences. We are committed to responsible AI practices and transparency about how AI interacts with your data.

13.1 How We Use AI

When you use the Services, your inputs (text prompts, uploaded documents, outlines) are processed by AI models to generate presentation content, suggest layouts, and produce visual elements. These inputs are processed in real-time to deliver the requested output and are not used to train our models without appropriate safeguards.

13.2 AI Model Training

We may use aggregated, de-identified, and anonymized data derived from usage of the Services to train, evaluate, and improve our AI models and algorithms. We implement the following safeguards:

• Personal information is stripped from training data through rigorous de-identification processes
• We conduct regular assessments to ensure that training data does not contain identifiable personal information
• We do not use individually identifiable user content to train third-party AI models

13.3 Automated Decision-Making

We do not currently use automated decision-making processes that produce legal effects or similarly significantly affect you. Our AI systems are used to assist content creation, not to make decisions about individuals. If we implement such processes in the future, we will provide clear notice and obtain any required consent.

14. Children's Privacy

Our Services are not directed to children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect, solicit, or process personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@slidegmm.ai.

Upon becoming aware that we have collected personal information from a child without verified parental consent, we will take prompt steps to delete that information from our systems. If applicable, we will also notify the relevant supervisory authority.

15. Third-Party Links and Services

Our Services may contain links to or integrations with third-party websites, applications, or services that are not operated or controlled by SlideGMM. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices, content, or data handling.

We encourage you to review the privacy policies of any third-party service before providing your information. The inclusion of a link or integration does not imply our endorsement of the third-party service.

16. Data Breach Notification

We maintain a comprehensive incident response plan for handling personal data breaches. In the event of a breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR and other applicable laws
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
• Document all breaches, including their nature, effects, and remedial actions taken
• Provide clear information about the nature of the breach, the data affected, likely consequences, and measures taken or recommended to mitigate potential harm

If you become aware of or suspect any unauthorized access to your account or a security vulnerability, please contact us immediately at security@slidegmm.ai.

17. Region-Specific Provisions

17.1 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you benefit from the protections of the GDPR (or UK GDPR), and the following additional provisions apply:

• You have all the rights outlined in Section 10, enforceable under the GDPR
• You have the right to lodge a complaint with your national data protection supervisory authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany)
• We process your data in accordance with a valid legal basis as described in Section 4
• International transfers are protected by appropriate safeguards as described in Section 11
• Our Data Protection Officer can be reached at dpo@slidegmm.ai

17.2 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for processing, and the categories of third parties with whom we share information.
• Right to Delete: You may request deletion of your personal information, subject to certain statutory exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use and disclosure of sensitive personal information to purposes necessary for providing the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, submit a verifiable consumer request by emailing privacy@slidegmm.ai or using the methods described in Section 10.9. We will verify your identity before processing your request and respond within 45 days (with one 45-day extension if reasonably necessary).

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require written proof of the agent's authorization and verify your identity directly.

17.3 Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to confirmation of processing, access, correction, anonymization, portability, deletion, and information about sharing with third parties.

17.4 Other Jurisdictions

If you are located in any other jurisdiction with specific data protection or privacy laws, please contact us at privacy@slidegmm.ai to learn more about your rights and how we comply with applicable local requirements.

18. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will provide prominent notice through one or more of the following methods:

• Posting the revised Privacy Policy on our website with an updated effective date
• Sending an email notification to the address associated with your account
• Displaying a prominent in-app banner or notification

We encourage you to periodically review this Privacy Policy. Material changes will not be applied retroactively. Your continued use of the Services after the effective date of the revised Privacy Policy constitutes your acknowledgment and acceptance of the updated terms. If you do not agree with any changes, you should discontinue use of the Services and may request deletion of your account and personal information.

19. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

We will acknowledge receipt of your inquiry within 2 business days and provide a substantive response within 30 days, or within such shorter timeframe as required by applicable law.