Privacy Policy

Last updated: January 2025

Introduction

SyncSpire Ventures Inc., a corporation incorporated under the laws of Canada, operating as SyncSlide ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our video-to-slide conversion service.

This policy applies to all users of SyncSlide, regardless of location. We comply with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Data Controller

For the purposes of GDPR and other applicable data protection laws, the data controller is:

SyncSpire Ventures Inc.
Operating as SyncSlide
Federal Business Number: 759368434
Canada
Email: admin@syncslide.com

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (used for login, notifications, and account recovery)
  • Full name (first name and last name)
  • Password (securely hashed using bcrypt encryption before storage - we never store plain-text passwords)
  • Account role (user, admin, or super admin)
  • Email verification status (to ensure account security)
  • Consent records (timestamps of when you accepted our Terms of Service and Privacy Policy)
  • Marketing preferences (whether you've opted in to receive promotional emails)

Payment and Billing Information

When you purchase credits or subscriptions, we collect:

  • Stripe Customer ID (links your account to our payment processor)
  • Payment method details (card brand, last 4 digits, expiration date - full card numbers are never stored by us)
  • Transaction history (amounts, dates, status, and invoice details)
  • Credit balance (your current credits and rollover credits from previous billing periods)
  • Subscription information (plan type, trial status, billing cycle, renewal dates)
  • Refund and credit adjustment records (for customer support and accounting)

Important: All credit card processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. SyncSlide never stores your full credit card number, CVV, or other sensitive payment information.

Video Content and Generated Outputs

When you upload videos for conversion:

  • Video files (filename, file size, duration, format)
  • Video content (the actual video file, processed to extract frames and audio)
  • Generated outputs:
    • PowerPoint presentations (.pptx files)
    • PDF documents with slides and transcripts
    • Google Slides presentations (stored in our Google Workspace)
    • Extracted slide images and thumbnails
    • Slide text content (from OCR and transcription)
  • Job metadata (processing settings, timestamps, status, warnings, credit costs)

Data Retention for Uploaded Content:

  • Uploaded videos: Automatically deleted 24 hours after upload
  • Generated outputs (PowerPoint, PDF, Google Slides): Automatically deleted 30 days after creation
  • You can delete your videos and outputs at any time before these automatic deletion periods
  • We do NOT use your videos or content to train AI models
  • We do NOT share your videos with third parties except as required for processing (see Third-Party Services below)

Usage Data and Analytics

We automatically collect technical and usage information:

  • IP addresses (for security monitoring, fraud prevention, and login verification)
  • Browser and device information (user agent string, device type, operating system)
  • Login history (successful and failed login attempts, timestamps, IP addresses)
  • Session data (active sessions, device information, last activity time)
  • Failed login attempts (for brute force attack prevention and account lockout)
  • Pages visited and features used (navigation patterns, feature usage)
  • Conversion history (number of jobs, settings used, success/failure rates)
  • Job processing metrics (video duration, frames processed, processing time, credit usage)
  • Error logs and diagnostic data (to troubleshoot issues and improve service reliability)

Administrative and Audit Logs

For security and compliance purposes, we maintain:

  • Admin action logs (when administrators access or modify user accounts)
  • User deletion logs (snapshots of deleted user data for legal compliance and fraud prevention)
  • Data export requests (GDPR/CCPA compliance tracking)
  • Consent tracking (records of when you agreed to our policies)

How We Use Your Information

We use collected information for the following purposes:

Service Provision

  • Account management: Creating and maintaining your user account
  • Video processing: Converting your videos into slide presentations
  • Authentication: Verifying your identity and managing login sessions
  • Content delivery: Providing access to your generated presentations and outputs

AI and Machine Learning Processing

We use artificial intelligence to enhance our service:

  • Speech-to-text transcription: AI-powered transcription of audio from your videos
  • Transcript cleaning: AI-based formatting to improve transcript readability
  • Optical Character Recognition (OCR): Automated extraction of text from video frames
  • Scene detection: Automated identification of natural slide breaks in your videos

Important AI Data Usage Commitment: We do NOT use your videos, transcripts, or any user content to train AI models.

Dual-Stack Processing Modes: Your Privacy Choice

SyncSlide offers two processing modes that provide different levels of data privacy:

⚡ Smart Mode (Default - Available on All Plans)

  • Processing location: Uses advanced cloud-based AI for fast processing
  • Data sharing: Your video audio and frame images are sent to enterprise-grade AI services for transcription and text extraction
  • Data usage policy: We have configured integrations to opt out of data retention and model training. Our AI partners commit to not using your data for training purposes. However, data is temporarily processed on their servers.
  • Speed: Lightning-fast processing (1-2 minutes for a 10-minute video)
  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256
  • Best for: General content where speed is a priority

🔒 Protected Mode (Available on All Plans)

  • Processing location: 100% private processing on our encrypted infrastructure
  • Data sharing: ZERO third-party services. Your data never leaves our infrastructure.
  • AI processing: Advanced AI models for transcription, text extraction, and content cleaning ? all running on our private servers
  • Speed: Thorough processing (3-5 minutes for a 10-minute video)
  • Compliance: Ideal for HIPAA, GDPR, sensitive content, and enterprise compliance requirements
  • Data privacy guarantee: Your videos are processed entirely within our secure infrastructure with no third-party AI services involved
  • Best for: Sensitive content, healthcare data, legal recordings, confidential business information, and scenarios requiring complete data confidentiality

Your choice: All users can choose between Smart Mode (faster) and Protected Mode (100% private) when uploading videos. Both modes deliver identical output quality—the only difference is processing speed and data handling.

Communication

  • Transactional emails: Sending account verification, password resets, and job completion notifications
  • Customer support: Responding to your questions, requests, and technical issues
  • Service updates: Notifying you of important changes to our service or policies
  • Marketing: Sending promotional emails (only if you've opted in ? you can unsubscribe anytime)

Payment Processing and Billing

  • Transaction processing: Handling credit purchases and subscription payments via Stripe
  • Credit management: Tracking your credit balance, usage, and rollover credits
  • Fraud prevention: Detecting and preventing fraudulent transactions and account abuse
  • Financial record keeping: Maintaining transaction records for tax and legal compliance

Security and Compliance

  • Account protection: Monitoring for suspicious activity, failed login attempts, and brute force attacks
  • Audit logging: Recording administrative actions for security and compliance auditing
  • Legal compliance: Meeting regulatory requirements under GDPR, CCPA, PIPEDA, and other privacy laws
  • Dispute resolution: Resolving disputes, investigating complaints, and enforcing our Terms of Service

Service Improvement

  • Analytics: Understanding usage patterns to improve features and user experience
  • Error monitoring: Identifying and fixing technical issues and bugs
  • Performance optimization: Improving processing speed and service reliability
  • Feature development: Designing new features based on user needs and feedback

Your Responsibilities When Processing Personal Data

Important: If you upload videos containing personal data or identifiable individuals, you act as a data controller (under GDPR) or business (under CCPA) for that data. You have legal obligations and responsibilities:

Your Legal Obligations

  • Legal basis for processing: You must have a valid legal basis to process personal data in videos (such as consent from individuals, contractual necessity, legitimate interests, or legal obligation)
  • Consent requirements: If relying on consent, you must obtain explicit, informed, and freely given consent from individuals appearing in videos or whose personal data is processed
  • Privacy notices: You must provide appropriate privacy notices to individuals whose data you process, informing them about data collection, processing purposes, and their rights
  • Data minimization: Only process personal data that is necessary for your legitimate purposes
  • Accuracy: Ensure personal data in videos and outputs is accurate and kept up to date
  • Retention limits: Do not retain personal data longer than necessary for your purposes
  • Security measures: Implement appropriate security measures to protect personal data
  • Data subject rights: Respect individuals' rights including access, rectification, erasure, restriction, portability, and objection
  • Cross-border transfers: If transferring personal data internationally, comply with applicable data transfer requirements (Standard Contractual Clauses, adequacy decisions, etc.)
  • Children's data: Obtain parental consent and comply with additional requirements when processing data of individuals under 13 (or 16 in some jurisdictions)

Prohibited Personal Data Processing

You must NOT upload videos containing:

  • Personal data processed without a valid legal basis or proper consent
  • Sensitive personal data (health data, biometric data, religious beliefs, etc.) without explicit consent and appropriate safeguards
  • Personal data of children without verified parental consent
  • Personal data obtained through unauthorized means or in violation of privacy laws
  • Personal data you are contractually or legally prohibited from processing or sharing

Your Relationship with SyncSlide Regarding Personal Data

You as Data Controller, SyncSlide as Data Processor: When you upload videos containing personal data, you remain the data controller (or business) and SyncSlide acts as your data processor (or service provider). This means:

  • You determine the purposes and means of processing personal data in your videos
  • You are responsible for ensuring lawful processing and compliance with privacy laws
  • SyncSlide processes personal data only on your instructions and as necessary to provide the Service
  • You must have a legal agreement with data subjects permitting processing through third-party services
  • You are liable for any violations of privacy laws resulting from your use of the Service

Data Processing Agreement: Our Terms of Service include data processing terms that govern how we process personal data on your behalf, in compliance with GDPR Article 28 and similar requirements.

No Legal Advice: This information does not constitute legal advice. If you are uncertain about your privacy law obligations, consult with qualified legal counsel before uploading videos containing personal data.

Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS encryption
  • Passwords hashed using secure algorithms
  • Regular security audits and updates
  • Limited employee access to user data

Data Retention

  • Account data: Retained while your account is active
  • Uploaded videos: Automatically deleted 24 hours after upload
  • Generated slide decks (PowerPoint/PDF): Automatically deleted 30 days after creation
  • Payment records: Retained as required by law (up to 7 years for tax purposes)

Your Privacy Rights

We respect your privacy rights under applicable laws including GDPR (European Union), CCPA (California), and PIPEDA (Canada). Depending on your location, you may have the following rights:

Right to Access (GDPR Art. 15, CCPA)

  • Request a copy of all personal data we hold about you
  • Understand how your data is being processed
  • Receive information about third parties who have received your data
  • How to exercise: Request a data export from your account settings or contact us at privacy@syncslide.app

Right to Rectification (GDPR Art. 16)

  • Correct inaccurate or incomplete personal data
  • Update your name, email, or other account information
  • How to exercise: Update your information in account settings or contact support

Right to Erasure / "Right to be Forgotten" (GDPR Art. 17, CCPA)

  • Request deletion of your personal data
  • Delete your account and associated data
  • Limitations: We may retain certain data for legal compliance (e.g., financial records for 7 years)
  • How to exercise: Delete your account in account settings or contact us at privacy@syncslide.app

Right to Data Portability (GDPR Art. 20)

  • Export your data in a structured, machine-readable format (JSON)
  • Transfer your data to another service
  • Included data: Account info, job history, transaction records, and all personal data
  • How to exercise: Request a data export from your account settings

Right to Restriction of Processing (GDPR Art. 18)

  • Request that we limit how we use your data
  • Temporarily suspend processing while disputes are resolved
  • How to exercise: Contact us at privacy@syncslide.app with your specific request

Right to Object (GDPR Art. 21, CCPA)

  • Object to processing based on legitimate interests
  • Opt out of marketing communications at any time
  • Object to automated decision-making (if applicable)
  • How to exercise: Use the unsubscribe link in emails or contact privacy@syncslide.app

Right to Withdraw Consent (GDPR Art. 7)

  • Withdraw your consent for data processing at any time
  • Opt out of marketing emails
  • How to exercise: Update your preferences in account settings or click unsubscribe in any email

Right to Lodge a Complaint (GDPR Art. 77)

  • File a complaint with your local data protection authority if you believe we've violated your privacy rights
  • EU users: Contact your national supervisory authority (find yours at EDPB)
  • Canadian users: Office of the Privacy Commissioner of Canada (priv.gc.ca)
  • California users: California Attorney General (oag.ca.gov/privacy)

California-Specific Rights (CCPA)

If you are a California resident, you also have:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of sale: We do NOT sell your personal information
  • Right to non-discrimination for exercising your CCPA rights

How to Exercise Your Rights: You can exercise these rights by:

  • Logging into your account and accessing account settings
  • Emailing us at privacy@syncslide.app
  • Visiting our Contact page

We will respond to your request within 30 days (GDPR) or 45 days (CCPA) as required by law. We may need to verify your identity before processing your request.

Cookies and Tracking Technologies

Essential Cookies

We use essential cookies that are necessary for the service to function. These cookies:

  • Authentication cookies: Store your login session (access_token, refresh_token)
  • Security: HttpOnly and Secure flags prevent JavaScript access and ensure HTTPS-only transmission
  • Duration: Access tokens expire after 30 minutes, refresh tokens after 7 days
  • SameSite policy: Set to "lax" or "none" based on your browser's requirements

What We don't Use

  • NO advertising cookies
  • NO third-party tracking cookies
  • NO cross-site tracking
  • NO social media tracking pixels

Because we only use essential cookies required for the service to function, we do not require cookie consent banners under GDPR. You can disable cookies in your browser, but this will prevent you from logging into your account.

International Data Transfers

SyncSlide operates globally and may transfer your data across international borders. here's what you should know:

Data Storage Locations

  • Primary infrastructure: Cloud infrastructure providers (United States or Canada)
  • AI processing: United States
  • Payment processing: United States
  • Presentation services: United States
  • Email services: United States

Safeguards for International Transfers

When transferring data internationally, we rely on:

  • Standard Contractual Clauses (SCCs): EU-approved contracts for GDPR compliance
  • Data Processing Agreements: Legal contracts with all service providers
  • Privacy Shield successor frameworks: Where applicable
  • Encryption: All data encrypted in transit (TLS/HTTPS) and at rest

For EU/EEA users: By using SyncSlide, you acknowledge and consent to the transfer of your data to countries outside the EU/EEA, including the United States, where data protection laws may differ from those in your country.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach (as required by GDPR)
  • Notify relevant authorities (data protection authorities, law enforcement if applicable)
  • Provide details about what data was affected, when the breach occurred, and what steps we're taking
  • Offer guidance on how you can protect yourself (e.g., password resets, monitoring)

We maintain incident response procedures and regularly test our security measures to minimize the risk of breaches.

Third-Party Services

To provide our service, we share certain data with trusted third-party service providers. Each provider has their own privacy policy governing how they handle your data:

Payment Processing

  • Stripe (payment processor)
    • Data shared: Email address, payment method, transaction amounts
    • Purpose: Processing credit card payments and managing subscriptions
    • Privacy policy: https://stripe.com/privacy
    • Location: United States (Stripe is PCI-DSS Level 1 certified)

Artificial Intelligence Services

  • Fireworks.ai (AI processing)
    • Data shared: Audio extracted from videos (for transcription), text transcripts (for cleaning/formatting)
    • Purpose: AI-powered speech-to-text transcription and transcript formatting
    • Privacy policy: https://fireworks.ai/privacy-policy
    • Location: United States
    • Important: Your content is processed on-demand and is NOT used to train AI models.

Presentation Services

  • Google Workspace (Google Slides creation)
    • Data shared: Slide images, extracted text, presentation content
    • Purpose: Creating Google Slides presentations and storing them in Google Drive (via service account)
    • Privacy policy: https://policies.google.com/privacy
    • Location: United States
    • Note: We use a service account (not your personal Google account) to create presentations

Cloud Infrastructure

  • Cloud infrastructure providers
    • Services used: Video and file storage, database hosting, job queue management, session management, secure storage of API keys and secrets, video processing servers, and application monitoring
    • Data shared: All data collected by SyncSlide is stored on cloud infrastructure
    • Location: United States or Canada (configurable by region)
    • Security: Industry-standard encryption at rest and in transit, access controls, and regular security audits

Email Services

  • Email service providers (transactional email)
    • Data shared: Email address, first name, email content (verification, password reset, notifications)
    • Purpose: Sending account verification emails, password reset emails, job completion notifications, and service updates
    • Location: United States
    • Security: Industry-standard email delivery with encryption and authentication protocols

Data Processing Agreements: Where required by law (such as GDPR), we have data processing agreements in place with our service providers to ensure they handle your data in compliance with applicable privacy laws.

Children's Privacy

Our service is not intended for users under 13. We do not knowingly collect data from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service.

Contact Us

For privacy-related questions or requests, contact us at:

Legal Entity

SyncSpire Ventures Inc.
Operating as SyncSlide
Federal Business Number: 759368434
Canada

Contact Information

Email: admin@syncslide.com
Contact Form: syncslide.app/contact