Effective August 8, 2025
Last updated: August 8, 2025
This Privacy Policy explains how Tersho Inc. (d/b/a "Slidely AI") ("Slidely AI," "we," "us") collects, uses, and shares personal data when you: (i) visit www.slidely.ai (the "Site"); (ii) use the Slidely AI PowerPoint add-in (the "Software"); or (iii) otherwise interact with us (together, the "Services").
Scope: This Policy does not apply to third-party services we don't control, including Microsoft's services, accounts, or stores; please review their privacy statements.
Roles: We act as controller for personal data we collect via the Site and direct relationships (see Section A — Controller and Data Protection Officer). When your use of the Software is provisioned by an organization, we generally act as a processor and your organization is the controller; see Section G — Personal Data collected by Slidely AI, IX. Use of Slidely AI's Products, and especially item 5 ("AI-powered features…") for processing context.
Regional notices: Additional disclosures for residents of the EEA/UK and certain US states (e.g., California) appear in Section J — Your rights and Section K — California Privacy Rights.
Children: The Services are not directed to children under 13 (or under 16 in the EEA/UK); see Section I — Children.
AI features: Some features use AI to generate content. We describe what is sent and to whom, and your choices, in Section G — Personal Data collected by Slidely AI → IX. Use of Slidely AI's Products → 5. AI-powered features (slide rewrite, image generation, etc.).
Changes: We may update this Policy from time to time. The "Last updated" date shows the effective date, and we will provide additional notice of material changes as described in Section L — Changes to this Privacy Policy.
Controller. The data controller for your personal data is Tersho Inc. (d/b/a "Slidely AI"), a Delaware corporation, with its registered business address at: 16192 Coastal Hwy, Lewes, DE 19958, USA.
How to contact us. For any questions or requests about this Privacy Policy or our handling of your personal data, contact privacy@slidely.ai
Our Privacy Officer can be reached at privacy@slidely.ai
Where we act as a processor. When your use of the Slidely AI PowerPoint add-in is provisioned by your organization, we generally act as a processor and your organization is the controller. In those cases, please direct data-rights requests to your organization. See Section G — Personal Data collected by Slidely AI and Section IX — Use of Slidely AI's Products for details.
EEA/UK contacts. If you are located in the EEA or the UK, you may contact our EU/UK representative for data-protection matters; see Section B — Representative for Data-Protection Matters for contact details. Until appointment details are posted, please contact us directly at privacy@slidely.ai. You also have the right to lodge a complaint with your local supervisory authority (see Section J — Your rights).
If you are located in the EEA or the UK, you may contact us directly at privacy@slidely.ai for data-protection matters. We are in the process of appointing our EU and UK representatives pursuant to Article 27 GDPR and UK GDPR; once appointed, we will update this Section with their contact details and physical addresses. You can also find our controller information in Section A — Controller and Data Protection Officer and information on your rights in Section J — Your rights.
We may process your personal data in the United States and in other countries where we or our service providers operate, specifically in the United States and India.
For U.S. vendors that are certified under the EU-US Data-Privacy Framework (DPF) we rely on Art. 45 GDPR adequacy; for all other transfers (including India) we use the Standard Contractual Clauses (and, where applicable, the UK International Data-Transfer Addendum) under Art. 46 GDPR.
Copies of these safeguards are available on request at privacy@slidely.ai
We may transfer and otherwise make available your personal data to Tersho India Private Limited, a wholly-owned subsidiary incorporated in India (registered office: 11-A Panchwati Colony, Near JDA Park, Jaipur, Rajasthan 302019, India)
Tersho India receives only the information that is strictly necessary to carry out the following business-critical functions for us:
| Purpose | Typical data elements involved | Legal basis (GDPR*) |
|---|---|---|
| Provision, maintenance and improvement of the Websites and cloud Products | user IDs, log files, configuration data, telemetry | Art 6 (1)(b) – contract performance |
| Hosting, DevOps, cybersecurity monitoring and disaster-recovery | IP addresses, session identifiers, security event logs | Art 6 (1)(f) – legitimate interest in secure service |
| Customer support & professional services | contact details, ticket content, diagnostic files you choose to upload | Art 6 (1)(b) or (f) |
| Billing & collections | name, company, invoice details, payment status (no full card numbers) | Art 6 (1)(b) – contract performance |
| Marketing operations & account-based communications (B2B) | business e-mail address, role, usage metrics, marketing preferences | Art 6 (1)(a) – consent (where required) or Art 6 (1)(f) – legitimate interest |
* For UK GDPR and other local laws, we rely on the equivalent provisions.
Tersho India may not use your data for its own independent purposes; it acts strictly under our documented instructions and is subject to regular audits.
Because India has not been deemed to provide an "adequate" level of protection under EU/UK data-protection law, we have put in place intra-group Data-Transfer and Processing Agreements that:
You can request a copy of the relevant SCCs (with commercially sensitive clauses redacted) by contacting us at the details in Section A.
Data handled by Tersho India is stored only for as long as needed to fulfil the purposes listed above, after which it is deleted or irrevocably anonymised in accordance with our corporate retention schedule (max. 7 years for financial records; shorter operational logs as specified in Section E — Technical & Organisational Security Measures (TOMs) (currently 2-year log retention).
The transfer does not affect any of your statutory rights. In particular, you retain the right to access, rectify, erase, restrict or object to the processing, and to lodge a complaint with a supervisory authority. If you wish to exercise these rights in relation to data processed by Tersho India, please contact us; we will coordinate the request internally and respond within the applicable legal timeframe. We generally respond within one month (extendable by two months for complex or numerous requests). See Section J — Your rights for details.
We apply the following controls across the Site and the PowerPoint add-in:
We use the following Sub-processors to deliver parts of the Site and PowerPoint add-in. They process limited data only for the purposes described and are bound by contractual and transfer safeguards (see Section C — International Transfers).
Change notifications. We will provide at least 30 days' notice before adding or replacing a Sub-processor, by email to admin contacts or by updating this Section and our Sub-processor page. If you object on reasonable data-protection grounds, you may do so under the process in our Data Processing Addendum.
Transfers. International transfers to these providers are protected by the safeguards described in Section C (International Transfers).
Slidely AI may only collect and process your personal data in accordance with this Privacy Policy. The collection, storage, use and any other form of processing of personal data by Slidely AI occurs exclusively if there is a legal basis allowing this processing. Slidely AI will not sell, transmit, disseminate or else disclose personal data without Your consent or another legal basis.
Categories: name, business email, password/SSO identifier, org/workspace details.
Source: you. Purpose: create/administer your account. Legal basis: Art. 6(1)(b).
Recipients: auth/DB providers (see Section F). Retention: life of account + backups per Section E.
Tech: web forms, auth SDK/API, session cookies/localStorage, server logs. Required? Email + password/SSO required. Transfers: see Section C.
Categories: name, email, message content, attachments; chat transcript/metadata.
Source: you. Purpose: respond and provide support. Legal basis: Art. 6(1)(b)/(f).
Recipients: support desk/live-chat provider (Section F). Retention: per support policy (Section E).
Tech: web forms, email, chat widget, server logs. Required? Contact details needed for a response. Transfers: see Section C.
Categories: name, email, role/company; meeting details; recordings/transcripts only with consent.
Source: you. Purpose: schedule demos/manage opportunities. Legal basis: Art. 6(1)(b)/(f); recordings Art. 6(1)(a).
Recipients: scheduling/meeting tools/CRM (Section F). Retention: opportunity lifecycle + legal holds.
Tech: scheduling embeds, email/calendar integrations. Required? Contact details needed to schedule. Transfers: see Section C.
Categories: email, subscription status/preferences; engagement (opens/clicks).
Source: you; your device (engagement). Purpose: send newsletters you opt into. Legal basis: Art. 6(1)(a).
Recipients: email service (Section F). Retention: until you unsubscribe + limited logs.
Tech: signup form, email beacons, preference center. Required? No. Transfers: see Section C.
Categories: name, email, billing address, plan/invoice metadata (card details handled by the payment processor).
Source: you; processor returns status tokens. Purpose: process payments/manage invoices. Legal basis: Art. 6(1)(b) and Art. 6(1)(c) for recordkeeping.
Recipients: payment processor (Section F). Retention: per finance/Tax laws (Section E).
Tech: checkout scripts, webhooks, receipt emails. Required? Yes for paid plans. Transfers: see Section C.
Categories: files you upload (.pptx, images), filenames, previews/derivatives (thumbnails, metadata).
Source: you. Purpose: storage/templates/collaboration. Legal basis: Art. 6(1)(b); security Art. 6(1)(f).
Recipients: storage/compute providers (Section F). Retention: until you delete or account ends; backups per Section E.
Tech: upload components, object storage, AV scanning. Required? Only for these features. Transfers: see Section C.
Categories: pseudonymous usage events, device/OS/browser, pages viewed; session frames where enabled (never passwords).
Source: your browser/device. Purpose: product analytics/UX improvement. Legal basis: Art. 6(1)(f) or consent where required (EU/UK disabled unless consented).
Recipients: analytics/session-replay provider (Section F). Retention: per analytics policy (Section E).
Tech: first-party cookies/SDK; consent banner. Required? No. Transfers: see Section C.
Categories: IP, referrer/UTM, timestamps, error/crash diagnostics; CAPTCHA telemetry.
Source: your device/server/CDN. Purpose: operate/secure the site, prevent abuse. Legal basis: Art. 6(1)(f).
Recipients: hosting/CDN/security tooling (Section F). Retention: logs ~2 years (Section E).
Tech: server/CDN logs, error monitoring SDK, rate-limiting, CAPTCHA. Required? Needed for security. Transfers: see Section C.
Categories: IP/device data collected by embedded platforms; profile info you choose to share.
Source: your device; the embedded platform. Purpose: display embeds/community features. Legal basis: Art. 6(1)(f) or consent for non-essential trackers.
Recipients: the relevant platform (Section F). Retention: per platform; minimal on our side.
Tech: third-party iframes/SDKs. Required? No. Transfers: see Section C.
Categories: prompts/inputs you submit; outputs returned (AI-generated content).
Source: you. Purpose: perform the AI feature; history/undo; abuse prevention. Legal basis: Art. 6(1)(b); Art. 6(1)(f) for security.
Recipients: selected AI providers (Section F). Retention: in your workspace; provider short-term logs where applicable.
Tech: AI UI, model API via our servers. Required? Only for AI features. Transfers: see Section C.
Categories: license key, org/workspace ID, seat assignment, activation status.
Source: you/your org admin. Purpose: validate entitlements/prevent misuse. Legal basis: Art. 6(1)(b)/(f).
Recipients: licensing/DB services (Section F). Retention: account lifecycle + audit logs.
Tech: entitlement API, cookies/localStorage for session state. Required? Yes for licensed features. Transfers: see Section C.
Categories: consent choices, banner interactions, timestamp, region, GPC signals.
Source: you/your browser. Purpose: honor choices and comply with law. Legal basis: Art. 6(1)(c)/(f).
Recipients: consent-management tool (Section F). Retention: per compliance requirements.
Tech: consent banner/SDK, cookies/localStorage. Required? Needed to store preferences. Transfers: see Section C.
We have profiles on the following social media platforms: LinkedIn, Twitter and YouTube.
We process the data (e.g. from commenting, sharing, evaluating) as joint controllers. Information on data processing by the social media platforms, especially details of the processed data, can be found in their privacy policies available on their websites.
We operate our social media profiles in order to present ourselves to the users of these platforms and other interested persons who visit our social media profiles and to communicate with these persons. The processing of users' personal data is based on our legitimate interests in an optimized company and product presentation and marketing purposes under Art. 6 (1)(f) GDPR, unless You have given Your consent.
For the following processing Slidely AI is responsible:
If You contact us by phone or by email or via a contact form (if provided) we store Your personal data that You submit (e.g. the email-address or phone number, name and contact details and other information that You provide).
If You contact us within an existing contractual relationship or contact us in advance for information about our scope of services or other services, the data and information You provide will be processed for the purpose of processing and answering Your contact request in accordance with Art. 6 (1)(b) GDPR, in any other cases based on our legitimate interests in accordance with Art. 6 (1)(f) GDPR for the purpose of properly answering customer/contact inquiries.
The transmitted data will be stored until the purpose for data storage/processing ceases to exist (e.g., after Your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
We use Microsoft Teams for video meetings, especially with potential customers. In this case, Microsoft may receive (i) the display name and email address you use in Teams, (ii) audiovisual content you share during the call, and (iii) basic technical telemetry (device type, IP address, connection quality).
The legal basis is Art. 6 (1)(b) GDPR (contract initiation) and our legitimate interest in sales talks (Art. 6 (1)(f) GDPR). This data is deleted as soon as it is no longer required. To ensure that Microsoft only processes the transferred data in accordance with our instructions and in compliance with the applicable data protection regulations, we have concluded a data processing agreement with Microsoft.
When providing Microsoft Teams, Microsoft may store cookies on users' devices for analysis or settings purposes. We may also record and transcribe Teams meetings with verbal consent. The legal basis is the consent (Art. 6 (1)(a) GDPR). We use the recording for quality assurance by using it to train employees.
As part of sending newsletters, we use tracking technology (e.g. web beacons) to detect whether the email we send has been opened and to measure the success of email marketing campaigns. The legal basis for sending newsletter and using tracking technologies is Art. 6 (1)(a) GDPR possibly Sec. 25 (1) TDDDG.
The newsletter informs You about promotions, offers, helpful tips and features and new functionalities of our software as well as news about our company, our software and other services we offer.
We have engaged Loops to send our newsletter. The newsletter dispatch and evaluation may involve processing of personal data in the USA based on based on Loops' certification under the EU-US Data Privacy Framework. You may withdraw Your consent at any time with effect for the future.
For the following processing Slidely AI is responsible:
If You choose to purchase the Slidely AI we store Your personal information provided in Your user account. The following data will be stored: name, email-address (company), designation, country, industry, company name and number of employees. The purpose of the processing is to enable You to administer the software. The legal basis of the processing is Art. 6 (1)(b) GDPR.
The data is retained for as long as You continue to be a user of the Slidely AI and for a period of up to 12-months after this. The legal basis for the extended storage is Art. 6 (1)(f) GDPR. We have a legitimate interest storing the data in order to be able to defend ourselves against claims if necessary.
Categories: add-in version; Office host/build; OS type; stack traces/runtime state (may incidentally include slide titles or file paths, rarely).
Source: your device/add-in. Purpose: improve stability and fix bugs. Legal basis: Art. 6(1)(b) GDPR (performance of the licence agreement).
Recipients: our API → PostHog (analytics workspace) → restricted Slack channel for engineers (see Section F). Retention: deleted after 2 years from PostHog and Slack.
Tech: crash/telemetry SDK; server API; alerting to Slack. Required? Enabled by default to maintain software quality; to disable, contact privacy@slidely.ai (or use the telemetry opt-out in Local settings if available). Transfers: see Section C.
Note: Processed only for identifying and addressing software errors.
Categories: your search queries and filters; result thumbnails; the selected image ID for download requests.
Source: you. Purpose: let you embed stock icons/images into PowerPoint. Legal basis: Art. 6(1)(b) GDPR.
Recipients: Freepik Company, S.L. (results + selected image request). We also log your queries on our server for analytics (see 4) Usage Analytics). Retention: minimal on our side per analytics; Freepik processes requests to deliver assets.
Tech: search API calls to Freepik; image fetch by ID. Required? Only for this feature; no Freepik account required. Transfers: see Section C.
Categories: random GUID generated at first sign-in; licence key; (server) pairing of GUID + licence key in our Supabase DB; local cache of GUID with preferences.
Source: our server (GUID generation) + you/your org (licence). Purpose: recognise the same installation, validate entitlements, prevent misuse. Legal basis: Art. 6(1)(b) GDPR.
Recipients: Supabase (see Section F). Retention: GUID deleted after 30 days from our systems; local cache persists until cleared. No link to machine, presentation, or user identity.
Tech: entitlement API; local configuration cache (not browser web-views). Required? Needed for activation/validation. Transfers: see Section C.
Categories: GUID + licence key (for dedup/attribution), feature/button clicked, timestamp, session duration, screen resolution, host language/locale. No Office profile name, email, or file content.
Source: your device/add-in. Purpose: understand feature usage and improve UX. Legal basis: Art. 6(1)(b) GDPR.
Recipients: our API and PostHog (Section F). Retention: stored on our server and in PostHog for 2 years.
Tech: event SDK → our API → PostHog. Required? Not required to render slides; some diagnostics may be necessary for service reliability. Transfers: see Section C.
Categories: minimal context needed to perform the feature (e.g., short text excerpt or low-res slide thumbnail) and the AI-generated output.
Source: you. Purpose: provide the AI result you request; protect against abuse. Legal basis: Art. 6(1)(b); security/abuse controls Art. 6(1)(f).
Recipients: designated AI partner(s) (e.g., OpenAI) as listed in Section F. Partners process inputs transiently to return a result; they are not allowed model training on your content by default; partners may retain up to 30 days for abuse prevention
Tech: model API calls routed through our servers; encryption in transit/at rest. Required? Only when you invoke an AI feature. Transfers: see Section C.
Categories: user preferences (theme), last-used template, telemetry opt-out flag, and similar UI settings.
Source: your device. Purpose: performance and remembering choices. Legal basis: Art. 6(1)(f) (legitimate interests).
Recipients: none (stored locally). Retention: until cleared or app reset.
Tech: local configuration file on the device; the add-in does not use browser web-views, so it does not create cookies or IndexedDB storage. Required? No. Transfers: n/a.
Slidely AI does not use your personal data to carry out automated decision-making that produces legal or similarly significant effects, and we do not engage in behavioural profiling for such purposes.
Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will delete it immediately.
We do not sell personal information and we do not share personal information for cross-context behavioral advertising. California residents have the rights to know, delete, and correct personal information, and to use an authorised agent. We will not discriminate against you for exercising your rights.
We update the "Last Updated" date when we make changes. For material changes, we will email you. We reserve the right to determine materiality in our reasonable discretion.