Privacy Policy
Plain English summary: We collect only what we need to run the service. Your deck content never trains our AI models. Everything is encrypted at rest and in transit. You own your data and can delete it at any time.
1. Who We Are
Tymis Limited, trading as PitchDuck ("PitchDuck", "we", "us", or "our"), operates the AI-powered deck generation platform available at pitchduck.com. We are incorporated in Hong Kong and are the data controller for personal information collected through our platform.
If you have any questions about this Privacy Policy, please contact us at support@pitchduck.com.
2. Information We Collect
2.1 Information You Provide Directly
- Account information: Name and email address when you register or sign in via Google.
- Deck content: Text prompts, uploaded files, and any other inputs you provide to generate presentations.
- Payment information: Billing details processed securely through Stripe. We store a customer identifier to manage your subscription but do not have access to your full card number.
- Communications: Messages and attachments you send us via our support channels.
2.2 Information Collected Automatically
- Usage data: Feature usage and generation activity for managing plan limits.
- Log data: Server logs including IP addresses, access times, and request metadata collected by our infrastructure provider.
- Cookies and local storage: As described in our Cookie Policy.
2.3 Information from Third Parties
- If you sign in via Google OAuth, we receive your name and email from Google.
- Our payment processor may share subscription status and payment outcomes with us to manage your account.
3. How We Use Your Information
We process your personal data on the following legal bases:
3.1 Contractual necessity
- Provide, maintain, and improve the PitchDuck platform.
- Generate AI-powered decks based on your inputs.
- Process payments and manage your subscription.
- Send transactional emails (login codes, service notices).
3.2 Legitimate interests
- Monitor for security threats, fraud, and abuse.
- Conduct internal analytics to improve our service.
- Verify email deliverability to reduce failed communications.
3.3 Consent
- Send product updates and marketing communications where you have opted in.
3.4 Legal obligation
- Retain billing records as required by applicable law.
Your deck content is never used to train AI models. Inputs you provide to generate presentations are processed solely to deliver your output and are not retained for model training purposes.
4. How We Share Your Information
We do not sell your personal data. We may share information with:
- Cloud infrastructure provider: Hosts our platform and stores your account and conversation data, bound by a data processing agreement.
- AI inference providers: Prompts and file content are sent to AI APIs solely to generate your output. Your content is not stored or used for training by these providers.
- Payment processor (Stripe): Processes billing transactions. Stripe's use of your data is governed by Stripe's Privacy Policy.
- Email delivery provider: Delivers transactional and marketing emails on our behalf.
- Document conversion services: When you export a deck, the content may be processed by a third-party converter to produce the output file.
- Email validation service: At registration, your email address is checked for deliverability.
- Legal and regulatory bodies: Where required by applicable law, court order, or to protect the rights and safety of our users.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you beforehand.
5. Data Security
We take security seriously. Our infrastructure includes:
- Encryption for all data at rest and TLS 1.2+ for all data in transit.
- All decks are private by default and accessible only to you.
While we implement robust safeguards, no system is 100% secure. Please notify us immediately at support@pitchduck.com if you suspect any unauthorised access.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. Billing records are retained as required by applicable tax and financial reporting law. You may request deletion of your account and associated data at any time. We will action deletion requests within 30 days, subject to legal retention obligations.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Delete your personal data ("right to be forgotten").
- Restrict or object to certain processing activities.
- Data portability - receive your data in a structured, machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, please email support@pitchduck.com. We will respond within 30 days.
8. International Data Transfers
PitchDuck operates globally. Your data may be processed in countries outside your own. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms recognised under applicable law.
9. Children's Privacy
PitchDuck is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice on our platform. Continued use of the service after the effective date constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact us:
- Email: support@pitchduck.com
- Website: pitchduck.com