Privacy Policy
Last updated: April 4, 2026
Introduction
This Privacy Policy explains how Deckary ("we", "us", "our") collects, uses, and shares information when you use the Deckary add‑ins and supporting services such as deckary.com (collectively, the "Services"). We are based in the Netherlands and process personal data in accordance with the EU General Data Protection Regulation (GDPR).
Scope and Service Description
Deckary is a PowerPoint add‑in that runs inside Microsoft 365. Your slide content stays within your Microsoft environment — we don't access or store it. The add‑in communicates with our services only for authentication, subscription validation, AI features (when used), and optional features like Excel linking and slide library. The website provides account management, billing, and support.
Policies on Personal Information
Personal information is only collected for clearly defined purposes, stored using industry‑standard security practices, and deleted or anonymized when it is no longer required. We do not use personal information for advertising or sell it to third parties. Access to production data is restricted to staff who need it to operate Deckary or billing systems, and all processors are bound by written agreements.
Who We Are
Deckary is a productivity suite for consultants. For questions about this policy or your data, please contact us via the contact form at deckary.com/contact or email [email protected].
What We Collect
We collect information in the following contexts:
Website
- Contact details you submit via forms (e.g., name, email, message).
- Usage data such as pages viewed, device/browser information, and approximate location derived from IP address.
- Cookies and similar technologies to remember preferences and improve performance.
Add‑in
- Account identifiers to authenticate and authorize your access.
- Subscription status to determine feature access.
- Operational data such as feature usage events and error logs.
- AI prompts and instructions you provide when using AI features (not stored by Deckary — see AI Features section).
- Selected Excel cell data when using Excel linking (optional, 24‑hour retention — see Excel Linking section).
- Saved slide content when using the slide library (optional — see Slide Library section).
Helper Application
- The helper is a desktop app that registers keyboard shortcuts. It communicates with the add‑in via a WebSocket relay.
- Account identifiers for authentication.
- Diagnostics and error logs to maintain reliability and security.
Data Retention
| Data | Retention |
|---|---|
| Email address, subscription status | Duration of account |
| Basic usage analytics | 2 years |
| Saved slides (optional) | Duration of account |
| Excel link data (optional) | 24 hours (auto‑deleted) |
| AI prompts | Not stored by Deckary. 30‑day retention by Anthropic, then auto‑deleted |
AI Features
If you use AI features (Slide Builder, Text Rewrite), your prompts are sent to Anthropic (Claude) via encrypted connection. We do not store prompts or responses.
- No training on your data: Anthropic does not use API inputs or outputs to train models.
- 30‑day retention: Anthropic automatically deletes API inputs and outputs within 30 days.
- Certifications: Anthropic holds SOC 2 Type II, ISO 27001, and ISO 42001.
If you use AI image generation, your text prompt is sent to Google (Gemini) via encrypted connection. No slide content or presentation data is sent — only the text description you provide. Google does not use API data to train models.
Excel Linking (Optional)
If you use Excel‑to‑PowerPoint chart linking:
- Selected cell data is temporarily stored on our servers to sync between Excel and PowerPoint.
- Data is encrypted in transit (TLS) and at rest (AES‑256).
- Expires and becomes inaccessible after 24 hours.
- Only accessible to your account.
If your data policies prohibit this, you can use Deckary without Excel linking — charts can be created with manual data entry instead.
Slide Library (Optional)
Users can save slides to a personal library for reuse across presentations. If you use this feature:
- Slide content (shapes, text, images) is stored on our servers linked to your account.
- Data is encrypted in transit (TLS) and at rest (AES‑256).
- Only accessible to your account.
If your data policies prohibit this, the slide library feature can be disabled. All other Deckary features work without it.
Purposes of Processing
- Provide, operate, and improve the Services.
- Authenticate users and secure accounts.
- Process payments and manage subscriptions.
- Deliver AI‑powered features you request.
- Communicate with you, including support and service notices.
- Analyze usage to improve performance and usability.
- Detect, prevent, and investigate fraud, abuse, and security incidents.
- Comply with legal obligations.
Legal Bases (GDPR)
- Performance of a contract (to provide the Services you request).
- Legitimate interests (to secure, improve, and market our Services in a proportionate manner).
- Consent (for optional cookies/analytics or certain AI processing where required).
- Legal obligation (to meet compliance and tax requirements).
Cookies
We use necessary cookies to operate the site and, where consented, optional cookies for analytics and performance. You can manage cookie settings in your browser and, where applicable, in our cookie banner.
Analytics
We use Google Analytics to understand aggregate usage and improve the product. Analytics collects pseudonymous information such as page views, referrers, device types, and general geography derived from IP addresses.
Data Sharing and Subprocessors
We share data with trusted service providers who process data on our behalf:
| Provider | Purpose | Data processed |
|---|---|---|
| Auth0 (Okta) | Authentication | Email, login credentials |
| Supabase | Database and file storage | Account data, subscriptions, saved slides, Excel link data |
| Vercel | Website and API hosting | Request data, server logs |
| Stripe | Payment processing | Payment details, billing info |
| Anthropic | AI text processing (Claude) | Prompts when AI features are used |
| Google (Gemini) | AI image generation | Text prompts when image generation is used |
| Railway | WebSocket relay hosting | Auth tokens, relay messages |
| Brevo | Transactional email | Email address |
These providers are engaged under data processing agreements and are obligated to handle data securely and only according to our instructions. We do not sell your personal data.
International Transfers
Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and implement additional measures where necessary.
Your Rights (GDPR)
- Access your personal data and obtain a copy.
- Rectify inaccurate or incomplete data.
- Erase data (right to be forgotten) where applicable.
- Restrict or object to certain processing.
- Data portability.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a supervisory authority, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
To exercise your rights, contact us via the form at deckary.com/contact or email [email protected]. We may need to verify your identity before responding to your request.
Security
We implement technical and organizational measures designed to protect personal data, including encryption in transit (TLS 1.2+) and at rest (AES‑256), OAuth 2.0 authentication, and access controls based on the principle of least privilege. For more details, see our Security page.
Children
Our Services are not directed to children under 16. If you believe a child has provided personal data to us, please contact us to request deletion.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via the website or by email where appropriate.
Contact
Questions or requests? Contact us via the form at deckary.com/contact or email [email protected].