Privacy Policy

1. Introduction

SlideCraft Pro ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered medical presentation platform at slidecraftpro.app and any related services (collectively, the "Service").

By accessing or using SlideCraft Pro, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

We collect the following categories of information to provide and improve the Service:

Account Data — When you create an account, we collect your email address and display name through Supabase Auth. You may also authenticate via third-party OAuth providers (e.g., Google), in which case we receive only the profile information you authorize.

Presentation Content — Topics, prompts, and generated slide decks you create are stored in our Supabase PostgreSQL database so you can access, edit, and export them at any time.

Usage Data — We use Plausible Analytics, a privacy-friendly analytics service that does not use cookies and does not collect personal data. Plausible provides aggregate statistics such as page views, referral sources, and device types.

Payment Information — Payments are processed entirely by Stripe. We never receive, store, or have access to your full credit card number. Stripe may share with us a transaction ID, the last four digits of your card, and billing details necessary for invoicing.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service — authenticate your identity, store your presentations, and deliver core functionality.
• Generate AI Content — send your topics and prompts to our AI provider to generate slide content on your behalf.
• Improve Service Quality — analyze anonymized, aggregated usage patterns to enhance features and performance.
• Process Payments — facilitate subscription billing, upgrades, and refunds through Stripe.
• Service Communications — send transactional emails such as account verification, password resets, billing receipts, and important policy updates.

4. AI Processing

When you request slide generation, the topic and any additional context you provide are sent to the Google Gemini API for processing. Google processes this data in accordance with their own AI privacy policy and terms of service.

We do NOT use your content to train AI models. Your presentation topics, prompts, and generated content are never used by SlideCraft Pro or shared with third parties for the purpose of training, fine-tuning, or improving machine learning models.

We recommend that you avoid including protected health information (PHI) or personally identifiable patient data in your prompts. While SlideCraft Pro is designed for medical professionals, it is a presentation tool and not a HIPAA-covered entity.

Medical Data & Protected Health Information (PHI)

5. Data Storage and Security

Your data is stored in a Supabase-managed PostgreSQL database hosted on Amazon Web Services (AWS). We employ the following security measures:

• Encryption at rest — all data stored in PostgreSQL is encrypted using AES-256.
• Encryption in transit — all connections between your browser and our servers use TLS 1.2 or higher.
• Row Level Security (RLS) — database-level policies ensure that each user can only access their own data.
• SOC 2 compliant infrastructure — Supabase and AWS maintain SOC 2 Type II certification, ensuring robust organizational controls over data security.

While we take commercially reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Cookies and Local Storage

We use a minimal set of cookies and browser storage:

• Session Cookies — Supabase Auth sets session cookies to maintain your authenticated state. These are strictly necessary for the Service to function.
• localStorage— We store non-sensitive user preferences in your browser's localStorage, including theme settings, onboarding progress, and cookie consent status. This data never leaves your device.
• No Analytics Cookies — Plausible Analytics does not use cookies. It does not track individual users or collect personal information.

7. Third-Party Services

SlideCraft Pro integrates with the following third-party services, each governed by their own privacy policies:

• Supabase — database hosting, authentication, and real-time subscriptions. Privacy Policy
• Stripe — payment processing, subscription management, and invoicing. Privacy Policy
• Google Gemini — AI content generation for slide decks. Terms of Service
• Plausible Analytics — privacy-friendly, cookieless website analytics. Data Policy

8. Data Retention

We retain your information according to the following schedule:

• Account Data — retained for as long as your account remains active. If you delete your account, all associated data is permanently removed within 30 days.
• Presentations — retained until you delete them or close your account. Individual presentations can be deleted at any time from your dashboard.
• Backups — automated database backups may retain copies of deleted data for up to 30 days, after which they are permanently purged.
• Payment Records — Stripe retains payment and transaction records in accordance with their own retention policy and applicable financial regulations.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of any inaccurate or incomplete data.
• Deletion — request deletion of your account and all associated data.
• Data Portability — export your presentations in JSON format from the dashboard at any time.
• Opt Out — unsubscribe from marketing communications using the link provided in each email.
• Lodge a Complaint — if you are in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority under the GDPR.

To exercise any of these rights, please contact us at privacy@slidecraftpro.app. We will respond to verified requests within 30 days.

10. Children's Privacy

SlideCraft Pro is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@slidecraftpro.app.

11. International Transfers

Your data may be processed and stored in the United States or other countries where Supabase AWS regions operate. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in a jurisdiction with different data protection laws than your own.

Where required by law (e.g., GDPR), we rely on standard contractual clauses and other approved transfer mechanisms to ensure your data receives an adequate level of protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you at least 30 days in advance via the email address associated with your account. The updated policy will also be posted on this page with a revised effective date.

Your continued use of SlideCraft Pro after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree with the revised policy, you may close your account at any time.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@slidecraftpro.app

We aim to respond to all inquiries within 30 business days.