Privacy Policy

1. Controller

The controller responsible for the processing of your personal data within the meaning of Art. 4(7) GDPR is:

SlideWizard Inh. Constantin Sobotta
c/o Postflex #9464
Emsdettener Str. 10
48268 Greven
Germany

Email: info@slidewizard.ai

2. Data Protection Officer

We are currently not legally required to appoint a Data Protection Officer. You may contact the controller directly using the contact details above for all questions regarding data protection.

3. Purposes and Legal Bases of Processing

We process your personal data for the following purposes and on the following legal bases:

• Providing the Service and fulfilling the contract (creating and managing your account, generating slides based on your prompts, providing support and troubleshooting). Legal basis: Art. 6(1)(b) GDPR.
• Operating our website and ensuring IT security (log files, monitoring, prevention of abuse and attacks). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure and reliable service).
• Billing and fulfilling legal retention obligations in connection with paid subscriptions. Legal basis: Art. 6(1)(c) GDPR in conjunction with German commercial and tax law and Art. 6(1)(b) GDPR.
• Marketing, conversion tracking and advertising optimisation(LinkedIn Insight Tag, Google Ads, measurement of sign-up conversions, storage of advertising click identifiers such as gclid/gbraid/wbraid). Legal basis: Art. 6(1)(a) GDPR (your consent via the cookie banner).
• Email communication and in-house email marketing (service-related emails and, where you have consented, product updates, tips and offers). Legal basis: Art. 6(1)(b) GDPR for necessary service emails and Art. 6(1)(a) GDPR for marketing emails.
• Compliance, enforcement and defence of legal claims. Legal basis: Art. 6(1)(f) GDPR (our legitimate interests) and, where applicable, Art. 6(1)(c) GDPR.

4. Categories of Personal Data

Depending on how you use the Service, we may process in particular the following categories of data:

• Account and identification data, such as name, email address, Auth0 user ID, login provider information (e.g. "Google", "Apple", "Microsoft").
• Usage and service data, such as generated slide jobs, your text prompts, chosen slide style and persona, timestamps, technical error logs, slide previews and exported slide files (e.g. image previews and PPTX files).
• Communication data, such as messages you send to us and any content you provide in support requests.
• Billing data, such as plan type, duration, billing status and VAT information. Payment processing is handled by our payment provider Paddle; their terms and privacy policy apply in addition.
• Device and log data, such as IP address, browser type and version, operating system, referrer URL, date and time of the request, and similar information that is transmitted by your browser when accessing the Service, as well as approximate location information (e.g. country, region, city) derived from your IP address.
• Marketing and consent data, such as your cookie and marketing preferences (e.g. consent or refusal to marketing cookies), LinkedIn and Google Ads identifiers, recorded conversions and our records of your consent to email marketing.

Please do not upload or enter special categories of personal data within the meaning of Art. 9 GDPR (e.g. health data, political opinions, religious beliefs) into the Service unless this is strictly necessary and you are allowed to do so under applicable law.

5. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service and, with your consent, for marketing and advertising purposes. You can manage your preferences via the cookie banner that is shown when you first visit the site (and later via your browser settings or by contacting us).

• Essential cookies are necessary to provide the Service (e.g. authentication cookies from Auth0, session identifiers, security tokens, and cookies storing your basic settings). These cookies are required for technical reasons and are set on the basis of Art. 6(1)(b) and (f) GDPR.
• Marketing and conversion cookies are used only with your consent (Art. 6(1)(a) GDPR). They include, in particular, identifiers placed by the LinkedIn Insight Tag and Google Ads, as well as advertising click IDs such as gclid, gbraid and wbraid, which may be stored in cookies for up to 90 days to attribute sign-ups to advertising campaigns.

You can withdraw or change your consent at any time with effect for the future by adjusting your browser settings, deleting cookies, or contacting us. This does not affect the lawfulness of processing based on consent before its withdrawal.

6. Third-Party Services and Recipients

We use carefully selected service providers who act as processors or, in some cases, as independent controllers. In particular:

• Auth0 (authentication and login): We use Auth0 to securely manage logins and identity. When you sign in, Auth0 processes your email address and authentication data. The provider is generally Auth0, Inc. and its EU affiliates. Data may be transferred to countries outside the EU/EEA.
• Hosting and infrastructure: Our frontend is hosted by Vercel and our backend by Heroku (a Salesforce company). We may also use Amazon Web Services (AWS) for file storage (e.g. storing slide previews and PPTX files in S3). These providers process the data necessary to deliver the Service (e.g. IP address, log data, uploaded files) under our instructions.
• IP geolocation (ipinfo.io): To determine your approximate location (for example, whether a request originates from the EU/EEA) and apply the correct consent and tax handling, we use the IP geolocation service ipinfo.io. For this purpose, your IP address and approximate location data (country, region, city) are processed by IPinfo, Inc. under its own terms and privacy policy.
• Payments and subscriptions (Paddle): We use Paddle to handle payments, subscription billing and tax calculation. When you purchase a paid plan, Paddle processes billing data (such as your name, email address, billing address, VAT information and payment method details) as well as technical data like your IP address and device/location information to detect fraud, comply with legal obligations and determine the correct taxes. Paddle acts under its own terms and privacy policy.
• Generative AI / Google Gemini: To generate slides from your text prompts, we use the Google Gemini (genai) API. This means that your prompts, slide templates and related content are transmitted to Google for processing and generation of slide content. We configure the integration so that it is used only to provide the Service; for details on how Google processes such data, please refer to Google's own documentation and privacy notices.
• LinkedIn Insight Tag: With your consent, we use the LinkedIn Insight Tag to understand how effective our LinkedIn advertising campaigns are. For this purpose, LinkedIn may process information such as your IP address, device and browser characteristics, and the fact that you visited our pages or completed a registration. The main provider is LinkedIn Ireland Unlimited Company, with data transfers to LinkedIn Corporation in the USA possible.
• Google Ads (gtag and conversion tracking): With your consent, we load the Google Ads tag (gtag.js) to measure conversions (for example, when a new user signs up after clicking an ad). For this purpose, we may process and send hashed identifiers and advertising click IDs (gclid, gbraid, wbraid) to Google. The provider is Google Ireland Limited (for users in the EU/EEA), with data transfers to Google LLC in the USA possible.

When you interact with these services via our website or app, the respective providers typically receive your IP address and basic technical information (such as browser type, operating system, referrer URL and time of access) as this is necessary to deliver the requested content, ensure security and prevent fraud.

Separately from these third-party services, we also send our own email marketing campaigns (for example product updates, usage tips and special offers) directly from our own infrastructure without using external email marketing platforms. We only send such marketing emails if you have explicitly consented, typically after your initial login. You can withdraw your consent at any time, for example by using the unsubscribe link in our emails or by contacting us.

In addition, we may share data with professional advisers (e.g. tax advisors, lawyers) and public authorities if we are legally obliged to do so or to protect our rights.

7. International Data Transfers

Some of the above-mentioned providers are located in, or process data in, countries outside the European Union (EU) and the European Economic Area (EEA), in particular the United States. Where such countries do not provide an adequate level of data protection according to the European Commission, we take appropriate safeguards to protect your personal data, such as entering into Standard Contractual Clauses (SCCs) approved by the European Commission and, where necessary, implementing additional technical and organisational measures.

8. Storage Periods

We process and store your personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by statutory retention obligations.

• Account and contract data are generally stored for the duration of your contractual relationship with us and thereafter for the periods required by German commercial and tax law (usually up to 10 years).
• Slide content, generated slides and related files are stored as long as your account exists and you do not delete them or request deletion. We may also implement automatic clean-up mechanisms for older generated content.
• Log files and technical data are typically stored for a short period (usually a few weeks) and then either deleted or anonymised, unless longer storage is necessary for security or evidence purposes.
• Marketing-related data (such as conversion events and advertising identifiers) are stored as long as necessary for campaign analysis and reporting, typically up to 24 months or as specified by the respective provider, unless you withdraw your consent earlier.

9. Your Rights

As a data subject, you have the following rights under the GDPR, subject to the applicable legal requirements:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)

To exercise your rights, you can contact us at info@slidewizard.ai. We may need to verify your identity before fulfilling your request.

10. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (Art. 77 GDPR).

The supervisory authority responsible for our place of business is, for example:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestr. 2-4
40213 Düsseldorf
Germany