This Privacy Policy explains how Slidiant ("we", "us", or "our") collects, uses, and protects your personal data when you use our website and services. We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and applicable national data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
Slidiant Inc.
123 Innovation Street
San Francisco, CA 94105
United States
Email: privacy@slidiant.com
For EU/EEA users, we have appointed a Data Protection Representative in the European Union. You may contact them at dpo@slidiant.com.
2. Data We Collect
We collect the following categories of personal data:
2.1 Data you provide to us
- Account data: your first name, last name, and email address when you register for an account.
- Payment data: billing name and payment method details, processed securely by our payment provider (Stripe). We do not store full card details.
- Presentation content: files you upload to Slidiant, including any personal data they may contain. We do not use your presentation content to train AI or machine learning models without your explicit written consent.
- Communications: messages you send us via the contact form or by email.
2.2 Data we collect automatically
- Usage data: pages visited, features used, actions taken within the platform, and timestamps.
- Device & technical data: browser type and version, operating system, device type, and screen resolution.
- View Events: when any person views a presentation hosted on Slidiant, we automatically record a View Event. This captures time spent on each slide, slides visited, completion percentage, device type, browser, and approximate country (derived from IP address via a third-party geolocation service — see Section 5.1). The IP address itself is not stored. A random session identifier (not linked to your identity unless you are logged in) is generated per browser tab and stored in your browser's sessionStorage for the duration of that session only. View Event data is made available to the presentation owner via their analytics dashboard.
- Cookies and similar technologies: see Section 6 for full details.
2.3 Data about your viewers
When you share a presentation, we may collect data about the people who view it, including:
- Approximate country of origin, derived from IP address using a third-party geolocation service (ipapi.co). IP addresses are not stored.
- Email address, if you have enabled the email gate feature.
- Viewer identity (name, Slidiant UID), if the viewer is logged in and you are on the Thought Leader plan.
- Viewing behaviour: slides viewed, time spent per slide, completion percentage, and drop-off point.
As the presenter, you are a data controller in respect of your viewers' data. You are responsible for ensuring you have an appropriate legal basis to collect and process that data, and for informing your viewers accordingly. Please see our Terms of Service (Section 8 — Analytics & Activity Tracking) for further detail.
3. Legal Basis for Processing
Under the GDPR, we rely on the following legal bases to process your personal data:
← Swipe to view full table →
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b) GDPR) |
| Processing payments | Performance of a contract (Art. 6(1)(b) GDPR) |
| Providing the Slidiant platform and features | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails (e.g. password reset, view notifications) | Performance of a contract (Art. 6(1)(b) GDPR) |
| Recording View Events for presentation analytics | Legitimate interests (Art. 6(1)(f) GDPR) — core service feature disclosed to all viewers |
| Improving our services and platform analytics | Legitimate interests (Art. 6(1)(f) GDPR) |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
4. How We Use Your Data
We use your personal data for the following purposes:
- To create, maintain, and secure your Slidiant account.
- To provide, operate, and improve our presentation hosting and sharing services.
- To process payments and manage your subscription plan.
- To provide you with analytics and insights about your shared presentations, including View Event data.
- To send you service-related notifications, such as view alerts or link expiry reminders.
- To respond to your support requests and enquiries.
- To send you marketing communications, where you have given us consent to do so.
- To detect, investigate, and prevent fraudulent activity and security incidents.
- To comply with legal and regulatory obligations.
- To enforce our Terms of Service.
We will never: sell your personal data to third parties, use your presentation content to train or fine-tune AI or machine learning models without your explicit written consent, or display advertisements to you within our products.
5. Sharing Your Data
We do not sell your personal data. We may share your data with the following categories of third parties, only to the extent necessary to provide our services:
5.1 Service providers (data processors)
- Firebase / Google Cloud (Google LLC): authentication, database (Firestore), and file storage (Cloud Storage). Your presentations, account data, and View Events are stored on Google Cloud infrastructure.
- Stripe, Inc.: payment processing and subscription management. Stripe processes payment data as an independent data controller under its own privacy policy.
- SendGrid (Twilio Inc.): transactional email delivery, including view notifications, password resets, and account communications.
- CloudConvert GmbH: presentation file conversion (PPTX/PDF/Keynote to slide images). Uploaded files are transmitted to CloudConvert for processing and deleted from their servers after conversion.
- ipapi.co: client-side IP geolocation, used to determine the approximate country of presentation viewers. Only the country-level result is stored; IP addresses are not retained by Slidiant.
- Cloudflare, Inc.: content delivery, DNS, and DDoS protection. Cloudflare may process IP addresses as part of traffic handling.
All service providers are bound by data processing agreements and are required to process data only on our instructions and in accordance with applicable data protection law.
5.2 Presentation owners
View Event data collected when someone views a presentation is shared with the presentation owner via their analytics dashboard. This may include device type, browser, approximate country, time per slide, and — for logged-in viewers on Thought Leader plan accounts — viewer identity. This sharing is a core feature of the Service and is disclosed to viewers by this policy.
5.3 Legal disclosures
We may disclose your data if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5.4 Business transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you by email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
6. Cookies & Tracking Technologies
We use cookies and similar technologies to operate and improve our services. You can control cookies through your browser settings and our cookie consent banner.
← Swipe to view full table →
| Category | Purpose | Basis |
|---|---|---|
| Strictly necessary | Authentication, session management, security. Required for the service to function. | Legitimate interest / contract |
| Functional | Remembering your preferences (e.g. language, plan selection). | Consent |
| Analytics | Understanding how users interact with the platform to improve it. We do not share this data with advertising networks. | Consent |
| Product communications | Personalising in-app messages and feature announcements based on your usage. No third-party advertising is involved. | Consent |
You may withdraw your consent to non-essential cookies at any time by clicking "Cookie settings" in the footer of our website.
No advertising cookies: Slidiant does not serve advertisements and does not use advertising or retargeting cookies of any kind.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
- Account data: retained for the duration of your account, plus 30 days after deletion to allow for recovery.
- Presentation files: retained while your account is active. Deleted within 30 days of account deletion.
- View Events and analytics data: retained for 24 months from the date of collection, then aggregated and anonymised. Anonymised aggregate data may be retained indefinitely.
- Payment records: retained for 7 years to comply with financial regulations.
- Support communications: retained for 2 years from the date of resolution.
When data is no longer required, we delete it securely or anonymise it so that it can no longer be associated with you.
8. Your Rights
Depending on where you are located, you may have the following rights in relation to your personal data:
Right of access
Request a copy of the personal data we hold about you.
Right to rectification
Ask us to correct inaccurate or incomplete data.
Right to erasure
Request deletion of your personal data ("right to be forgotten").
Right to restriction
Request that we limit how we process your data in certain circumstances.
Right to portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent
Withdraw consent at any time where processing is based on consent.
Right to lodge a complaint
Complain to your local supervisory authority if you believe we have mishandled your data.
To exercise any of these rights, please contact us at privacy@slidiant.com. We will respond within 30 days. We may need to verify your identity before fulfilling your request.
EU/EEA users (GDPR): You have all of the rights listed above. You may lodge a complaint with your local data protection authority. A list is available at edpb.europa.eu.
UK users (UK GDPR): You may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
California residents (CCPA): You have the right to know what personal data we collect and how it is used, the right to request deletion, the right to opt out of the sale of personal information (we do not sell personal information), and the right not to be discriminated against for exercising these rights. To submit a CCPA request, contact privacy@slidiant.com.
9. International Data Transfers
Slidiant is based in the United States. When we transfer personal data from the EU/EEA or UK to the US or other countries outside the European Economic Area, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Transfers to countries with an adequacy decision by the European Commission.
- The UK International Data Transfer Agreement (IDTA) for transfers from the UK.
You may request a copy of the relevant safeguards by contacting us at privacy@slidiant.com.
10. Children's Privacy
Slidiant is not directed at children under the age of 16 (or the applicable age of digital consent in your country). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@slidiant.com and we will delete it promptly.
11. Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:
- Encryption of data in transit using TLS 1.2 or higher.
- Encryption of data at rest using AES-256 (via Google Cloud).
- Access controls ensuring only authorised personnel can access personal data.
- Regular security reviews and vulnerability assessments.
- Firebase Authentication for secure identity management.
- Firestore security rules restricting client-side access to data by authenticated owner.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify you directly without undue delay.
No system is completely secure. While we work hard to protect your data, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you by email at least 14 days before the changes take effect.
- Where required by law, seek your consent before applying the changes.
We encourage you to review this policy periodically. Continued use of Slidiant after the effective date constitutes acceptance of the updated policy.
13. Contact & Data Protection Officer
If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
Privacy enquiries: privacy@slidiant.com
Data Protection Officer: dpo@slidiant.com
Postal address: Slidiant Inc., 123 Innovation Street, San Francisco, CA 94105, USA
We aim to respond to all privacy-related requests within 30 days of receipt. For complex requests, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it within the initial 30-day period.