1. Information We Collect

Account Information

When you sign in with Google, we receive and store your email address, display name, and profile photo URL. We do not receive or store your Google password.

Deck Content

We store the HTML presentation files you upload, along with metadata: deck name, slug, visibility setting, file size, and slide count. Deck HTML is stored in our PostgreSQL database.

View Analytics

When someone views one of your decks, we record the view timestamp and, for private decks, the viewer's email address (used for access control verification).

API Tokens

If you create API tokens, we store a SHA-256 hash of the token, the token name, and usage timestamps. We do not store raw API tokens after initial creation.

Activity Log

We log user actions (deck creation, updates, deletions, login events, token operations) for platform administration and security purposes.

Google Drive Tokens

If you connect Google Drive to export decks as Google Slides presentations, we store OAuth access and refresh tokens in our database. These tokens are used solely to create presentations in your Google Drive on your behalf. We request two scopes:

We only access files that DeckDrop creates. We do not read, modify, or delete any other files in your Google Drive. You can disconnect Google Drive at any time from your dashboard, which revokes our access and deletes your stored tokens.

Billing Information

If you subscribe to a paid plan, we store your Stripe customer ID, subscription ID, plan status, and billing period. We do not store credit card numbers, bank account details, or other payment credentials — Stripe handles all payment data directly.

2. How We Use Your Information

3. Third-Party Services

Google OAuth 2.0 & Google APIs

We use Google's OAuth service for authentication (sign-in) and for the optional Google Drive integration (Slides export). When you sign in, Google shares your email, name, and photo with us. When you connect Google Drive, we use the Google Slides API and Drive API to create presentations on your behalf. Google's privacy policy governs how Google handles your data.

DeckDrop Pro's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Stripe

Paid subscriptions are processed by Stripe. When you upgrade to a paid plan, you interact directly with Stripe's checkout. Stripe's privacy policy governs how they handle your payment information. We only receive subscription metadata (plan, status, billing period) — never your card details.

Render

Our application and PostgreSQL database are hosted on Render's infrastructure. Render's privacy policy applies to infrastructure-level data handling.

4. Cookies and Local Storage

Session Cookie

We use a single session cookie (connect.sid) to keep you signed in. This cookie is:

Local Storage

We store a single preference in your browser's localStorage:

No Tracking Cookies

We do not use Google Analytics, advertising cookies, or any third-party tracking on DeckDrop Pro.

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Render's managed infrastructure. We implement the following security measures:

6. Payment Processing

All payment processing is handled by Stripe. When you subscribe to a paid plan, you are redirected to Stripe's checkout page. We never see, process, or store your credit card number or payment method details. We only store:

7. Viewer Data

When someone views a private deck, they must sign in with Google. We check their email address against the deck owner's viewer whitelist. We record the viewer's email and view timestamp in our analytics. Viewer emails are visible to the deck owner in their analytics dashboard.

Public decks can be viewed without signing in. We record anonymous view counts for public decks.

8. Data Retention and Deletion

We retain your account data and deck content for as long as your account is active. View analytics and activity logs are retained indefinitely for platform administration.

To request deletion of your account and all associated data, contact us at privacy@deckdrop.live. Upon deletion:

9. Children's Privacy

DeckDrop Pro is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

10. Your Rights

You have the right to:

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@deckdrop.live.