← Back to RaiseDeck

Privacy Policy

Last updated: February 2026

1. Information We Collect

When you sign in with Google, we receive your name, email address, and profile picture. We use this information solely to create and manage your RaiseDeck account.

When you use the Service, we collect the content you provide including company descriptions, financial data, traction metrics, team information, and uploaded documents. This data is used exclusively to generate your pitch decks.

2. How We Use Your Information

We use your information to provide and improve the RaiseDeck service, including generating pitch decks, storing your work, and enabling sharing features. We do not sell your personal information or deck content to third parties.

Your company data, financial figures, and business strategy details are processed solely for pitch deck generation. We do not use your content for marketing, analytics, research, or any purpose beyond delivering the Service to you.

3. Data Storage & Infrastructure

All data is stored on Google Cloud Platform (GCP) in the us-central1 (Iowa, USA) region:

  • Database: Google Cloud SQL (PostgreSQL 16) — stores account data, deck metadata, and slide content. Encrypted at rest with AES-256.
  • File storage: Google Cloud Storage — stores uploaded documents, generated images, and exported files. Encrypted at rest with AES-256.
  • Application: Google Cloud Run — fully managed serverless containers. All data in transit is encrypted with TLS 1.3.
  • Secrets: API keys and database credentials are stored in GCP Secret Manager, not in application code.

No data is stored on personal machines or local servers. Google Cloud Platform provides enterprise-grade physical security, network security, and compliance certifications including SOC 2 and ISO 27001.

4. AI Models & Third-Party Data Processing

RaiseDeck uses the following AI services to generate your pitch decks:

  • OpenAI GPT-4o (content generation) — Your deck content is sent to the OpenAI API for text generation. Per OpenAI's API data usage policy, API inputs and outputs are not used to train their models. API data is retained by OpenAI for up to 30 days for abuse and misuse monitoring, then permanently deleted.
  • FAL.ai FLUX 2 Pro (image generation) — Text prompts describing slide imagery are sent to FAL.ai for image generation. Prompts are processed in real-time and are not stored beyond the request lifecycle.
  • Pexels (stock photos) — When stock images are used instead of AI-generated images, search queries are sent to the Pexels API. These queries contain general topic keywords, not your proprietary data.

No third-party AI provider has access to your full account, your uploaded documents, or your complete deck. Only the minimum data required to generate each individual slide or image is shared with these services.

5. Access Control & Security

Your decks are isolated by your authenticated user account. No other user can access your decks unless you explicitly share them via a share link.

  • Authentication: All API requests are authenticated using cryptographically signed JWT tokens.
  • Share links: Sharing is opt-in. You can add password protection and expiration dates to share links. You can revoke any share link at any time.
  • Rate limiting: The platform enforces rate limits to prevent abuse and unauthorized bulk access.

6. Internal Access & Confidentiality

Like any SaaS platform, RaiseDeck's engineering team has administrative access to the production infrastructure for maintenance, debugging, and support purposes. We are transparent about this and have the following controls in place:

  • Restricted access: Production database credentials are held only by the founding team. There is no support dashboard or admin panel that surfaces customer deck content.
  • Need-to-know basis: Your data is only accessed when strictly necessary for technical support you have requested, or to resolve a platform issue affecting your account.
  • No browsing: We do not browse, review, or read customer deck content, financial figures, or business strategy details for any purpose other than delivering the Service to you.
  • Confidentiality obligation: All personnel with infrastructure access are bound by confidentiality obligations. Your pitch deck content — including financial projections, revenue numbers, traction metrics, and business strategy — is treated as confidential information.
  • No commercial use: We will never use your data for our own business purposes, competitive analysis, investment decisions, or share it with any third party beyond what is described in Section 4 (AI Models & Third-Party Data Processing).

7. What We Do NOT Do

  • We do not sell, license, or share your data with third parties for their own purposes
  • We do not use your deck content to train any AI models
  • We do not use tracking or advertising cookies
  • We do not run third-party analytics on your deck content
  • We do not share data across user accounts — there is no cross-tenant data access
  • We do not retain your data after account deletion

8. Cookies

We use essential cookies only for authentication and session management. No tracking, advertising, or third-party analytics cookies are used.

9. Data Retention & Deletion

Your decks, uploaded documents, and generated content are retained for as long as your account is active. You can delete individual decks at any time from the dashboard, which permanently removes all associated slides, images, exports, and share links.

Upon account deletion, all your data — including decks, uploaded documents, generated images, and account information — is permanently deleted from our database and cloud storage.

10. Data Processing Commitments

By using RaiseDeck, the following data processing commitments apply to all user content by default. These commitments are binding and do not require a separate agreement:

  • Purpose limitation: Your content is processed exclusively for the purpose of providing the RaiseDeck service (deck generation, storage, editing, export, and sharing). We will not process your data for any other purpose.
  • Confidentiality: All your content — including financial projections, revenue figures, traction metrics, cap table details, fundraising targets, and business strategy — is treated as confidential information. We will not disclose it to any third party except the sub-processors listed in Section 4 and only to the extent necessary to deliver the Service.
  • Sub-processors: Our current sub-processors are Google Cloud Platform (hosting & storage), OpenAI (text generation), FAL.ai (image generation), and Pexels (stock photos). We will notify users via this policy if sub-processors change. Each sub-processor receives only the minimum data required for its specific function.
  • Data minimisation: We collect and process only the data you provide for deck generation. We do not enrich your data with external sources without your knowledge (any external research is clearly labelled in your deck).
  • Deletion on request: You can delete any deck or your entire account at any time. Deletion is permanent and removes all associated data from our database and cloud storage within 30 days. Sub-processor retention (e.g., OpenAI's 30-day abuse monitoring window) is governed by their own policies and occurs independently.
  • Breach notification: In the event of a data breach affecting your content, we will notify affected users via email within 72 hours of becoming aware of the breach, including details of what data was affected and what remediation steps have been taken.
  • No secondary use: We will never use your data for training AI models, market research, competitive intelligence, aggregated analytics, or any purpose beyond delivering the Service to you.
  • Custom DPA: If your organisation requires a separate Data Processing Agreement with additional terms, we are happy to accommodate. Contact us at vishwadeep@convexiti.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected in the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries, data access requests, or deletion requests, contact us at vishwadeep@convexiti.com.

See also: Terms of Service