This Privacy Policy explains our practices regarding the collection, use, and disclosure of your information when you access our Service. It also outlines your privacy rights and the protections afforded to you under applicable law. By using the Service, you consent to the practices described in this Privacy Policy.
Contents
1. Interpretation and definitions
Interpretation
The following capitalized terms have defined meanings as set forth below. They shall apply equally in singular or plural form.
Definitions
- You: The individual or entity using the Service.
- Company: Refers to DECK.SUPPORT PTE. LTD. For GDPR purposes, the Company acts as the Data Controller.
- Affiliate: Any entity that controls, is controlled by, or is under shared control with a party.
- Account: The unique account created for you to access our Service.
- Website: Refers to https://deck.support.
- Service: The Company's Google Slides add-on available on the Google Workspace Marketplace, along with the Website.
- Country: Refers to Singapore.
- Service Provider: Third-party companies or individuals that assist in delivering or analyzing the Service, or perform related tasks. For GDPR purposes, Service Providers act as Data Processors.
- Personal Data: Any information that can be used to identify an individual, such as name, email address, or other identifying factors.
- Cookies: Small files stored on your device to track browsing behavior.
- Device: Any means of accessing the Service, such as a computer, smartphone, or tablet.
- Usage Data: Data collected automatically when you interact with the Service, such as IP addresses, browser types, pages visited, and other diagnostic information.
2. Types of data collected
We collect personal data necessary to provide and improve our Service. The specific data collected depends on the type of user account:
For prosumer users
We may collect your email address, first and last name, phone number, and physical address (state, ZIP/postal code, city). We also automatically collect Usage Data, which may include IP addresses, browser types, pages visited, and similar device-related diagnostics.
For enterprise users
Enterprise accounts are managed by a designated account administrator. In these cases, deck.support collects only the minimal data required for service delivery — typically, the user's email address and account status — to facilitate secure login and billing. No additional personal data is collected from enterprise users.
For teams users
For Teams accounts, we collect all billing details of the account holder. In addition, we collect the email addresses and account statuses of the team members designated by the account holder. This ensures proper subscription management and secure access for team members.
3. Use of your personal data
The Company uses your Personal Data for the following purposes:
- Service delivery: To provide and maintain the Service, including account creation and management.
- Account management: To register and manage your account, including authentication through Google Workspace.
- Contractual performance: To fulfill contractual obligations related to your subscription and services provided.
- Communications: To communicate with you via email, SMS, or push notifications regarding service updates, support, or promotions (unless you opt out).
- Customer support: To address and respond to inquiries and support requests.
Data sharing and third-party disclosure
deck.support does not sell, rent, or share Google user data with third parties except in the following cases:
1. AI-powered features (prosumer users only)
- When a user clicks the AI button in deck.support, the content of the current slide is shared with OpenAI's ChatGPT API for processing.
- deck.support only records the number of tokens used; the content itself is not stored by deck.support.
- OpenAI handles this data in accordance with their Terms of Service and Privacy Policy.
2. Enterprise users
- Enterprise customers determine their own approach to AI integration.
- No data is shared outside the enterprise environment unless explicitly configured by the enterprise.
3. Legal compliance and security
- If required by law, we may disclose information to comply with legal obligations, enforce our policies, or respond to government requests.
4. Google API limited use
deck.support's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In plain terms: we only use information accessed through Google APIs for the purpose of providing the deck.support add-on's user-facing features. We do not use it for advertising, we do not transfer it except as needed to provide the add-on, we do not allow humans to read it (except when you ask us to for support, when you give consent, or where required by law), and we do not use it to develop, improve, or train generalized AI or machine learning models.
5. Data security and protection
deck.support implements industry-standard technical, administrative, and physical safeguards to protect your personal data and any sensitive data accessed through Google APIs (including Google Slides content) against unauthorized access, alteration, disclosure, or destruction.
Encryption
- In transit: All data transmitted between your device, Google's servers, deck.support, and any third-party processors is encrypted using TLS 1.2 or higher (HTTPS). This includes OAuth tokens, slide content sent for AI processing, and account information.
- At rest: Account data, OAuth refresh tokens, and operational records are stored in encrypted databases hosted on reputable cloud providers (Google Cloud Platform), where data is encrypted at rest using AES-256 or equivalent.
- Tokens and secrets: Google OAuth tokens are stored encrypted, scoped to the minimum permissions required for the add-on's stated features, and never exposed to client-side code or third parties.
Access controls
- Access to production systems and user data is restricted to a small number of authorized personnel on a least-privilege basis.
- All administrative access requires multi-factor authentication (MFA) and is logged.
- Employees and contractors with potential access to user data are bound by written confidentiality obligations.
- We do not allow human review of Google user data except (a) with your explicit consent, (b) when necessary for security investigations or to address a support request initiated by you, or (c) where required by law — consistent with the Google API Services User Data Policy.
Handling of slide content
- Slide content is only read from a Google Slides document when you actively invoke a deck.support feature within that document.
- Slide content sent to OpenAI for AI-powered features is transmitted over TLS, is not retained by deck.support after the request completes, and is not used by deck.support to train or improve any AI or machine learning model.
- OpenAI's API is configured under terms that prohibit the use of submitted content for model training.
Infrastructure and monitoring
- Production infrastructure is hosted with providers that maintain SOC 2 and/or ISO 27001 certifications (Google Cloud Platform, Vercel).
- System activity is monitored for anomalous behavior and unauthorized access attempts.
- Application dependencies are regularly reviewed for known vulnerabilities and patched in a timely manner.
- Backups are encrypted and retention is limited to what is required for service continuity.
Incident response
If we become aware of a security incident that affects your personal data or Google user data accessed through the Service, we will notify affected users and, where applicable, the relevant data protection authorities, in accordance with applicable laws (including GDPR's 72-hour notification requirement where it applies). Notifications will describe the nature of the incident, the data involved, the steps we have taken, and any recommended actions on your part.
Your role
No system is perfectly secure. You can help protect your account by using a strong, unique password on your Google account, enabling two-step verification with Google, and promptly reporting any suspicious activity to admin@deck.support.
6. Exercising your data rights
If you wish to exercise your rights under GDPR, CCPA, or other applicable privacy laws, you may submit a Data Subject Request (DSR).
To submit a request, please email admin@deck.support with the subject line: "Data Subject Request – [Your Name]" (this is required for automated processing).
Processing timeline
- We will acknowledge receipt within 5 business days.
- Requests will be processed within 30 days, unless complexity requires an extension.
- You may be required to verify your identity before we proceed with processing.
For enterprise customers, requests regarding managed user accounts should be submitted by the designated account administrator.
6. Retention of your personal data
Your Personal Data is retained only as long as necessary to fulfill the purposes outlined in this Privacy Policy and in compliance with legal obligations.
- For enterprise users: In enterprise agreements, specific contractual terms may dictate when user data (such as email addresses and account statuses) must be purged. These terms ensure that data is only kept as long as needed and is purged upon termination of service or as otherwise agreed.
- For teams users: Billing details of the account holder are retained as needed for subscription management. The email addresses and account statuses of designated team members are maintained only for the purpose of secure access and proper billing.
7. Changes to this Privacy Policy
We may update this Privacy Policy periodically. When significant changes are made, we will notify you via email and/or through a prominent notice on our Service. The updated Privacy Policy will be effective immediately upon posting.
8. Contact us
If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at:
Email: admin@deck.support
Postal: DECK.SUPPORT PTE. LTD., 160 Robinson Road #14-04, Singapore 068914