Security & Trust
Swiss entity. EU data residency. Enterprise-grade security by default.
Data Handling
Minimal data collection
We store only your email address and authentication ID. No passwords, no credit card numbers, no tracking profiles.
Signed URLs, not open storage
Generated files are served via HMAC-signed URLs with expiration. No persistent public blob access.
User-scoped storage
All files are stored in isolated, user-scoped paths. No cross-tenant data access is possible at the storage layer.
Automatic deletion
Output files are subject to lifecycle-based auto-deletion. We do not retain your slide content indefinitely.
Infrastructure
EU data residency
All compute, storage, and database infrastructure runs in Azure West Europe (Netherlands). No transatlantic data transfers for processing.
Encryption at rest & in transit
AES-256 encryption at rest (Azure managed keys). TLS 1.2+ for all data in transit. No unencrypted endpoints.
Swiss entity
Operated by Smart Data Brokers GmbH, registered in Zurich, Switzerland. Subject to the Swiss Federal Act on Data Protection (FADP), which has EU adequacy status.
No shared credentials
All secrets are stored in Azure Key Vault. No credentials in source code, no shared API keys between tenants.
AI Processing & Data Flow
SlideForge offers two processing paths. Your data only touches AI models when you use the creative engine.
Creative engine (AI path)
Brief (text) → LLM enrichment → Code generation → Sandbox execution → PPTX → Blob storage → Signed URL
Only the text brief is sent to AI models. No files, images, or personal data are transmitted. AI providers do not retain API inputs for training.
Render engine (zero-AI path)
Structured spec (JSON) → Deterministic render → PPTX → Blob storage → Signed URL
No AI models are involved. Your data never leaves our Azure infrastructure. Ideal for sensitive or regulated content.
Sub-processors
| Provider | Purpose |
|---|---|
| Microsoft Azure | Compute, storage, database |
| Clerk | Authentication |
| Stripe | Payments |
| Google (Gemini) | AI model provider |
| Cerebras | AI model provider |
Compliance
Swiss FADP
Primary governing law. EU adequacy decision enables cross-border data flows without additional safeguards.
GDPR aligned
Data processing aligned with GDPR principles. DPA available on request for enterprise customers.
EU AI Act
All AI-generated PPTX files include transparency metadata identifying content as AI-generated, per limited-risk disclosure requirements.
Data Processing Agreement
We provide a standard Data Processing Agreement (DPA) for enterprise customers who require a formal contractual framework for personal data processing.
Our DPA covers: data controller/processor roles, processing purposes and scope, sub-processor management, data subject rights, breach notification procedures, data deletion and return, and cross-border transfer mechanisms.
To request a signed DPA, contact us at contact@slideforge.dev.
Security Questionnaire
We maintain pre-filled responses to common vendor security questionnaires (CAIQ, SIG Lite). If your procurement team requires a completed questionnaire, email contact@slideforge.dev and we will return it within 2 business days.