Privacy Policy
Short version: We collect only what's strictly necessary to run the service. We don't sell your data. We don't create user accounts. Your startup description is never stored. You can request deletion of any data we hold about you by emailing support@wpsani.store.
1. Data controller
The data controller for deckforge.tech is the individual operator reachable at:
- Email: support@wpsani.store
- Service: DeckForge — deckforge.tech
For all privacy-related requests (access, deletion, objection) please use the email above with subject line "Privacy Request — DeckForge".
2. What data we collect and why
| Data | Purpose | Legal basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| IP address | Enforce the free-tier daily limit (1 deck/day per IP) and prevent abuse. IP is also used to look up the visitor's country via ip-api.com for internal analytics. | Legitimate interest (Art. 6(1)(f)) — preventing abuse of a free service | Daily counters reset at midnight UTC. IP-country lookup is not stored. |
| Email address + license key | Issued when you purchase via Stripe. Used to process refunds, restore lost keys, and manage your subscription. | Contract performance (Art. 6(1)(b)) | Retained until you request deletion or 3 years after last activity. |
| Email address (newsletter) | If you voluntarily submit your email via the "Notify me" form, we send you occasional product updates. No third-party mailing lists — notifications via our own channel. | Consent (Art. 6(1)(a)) — you explicitly submitted your email | Until you request removal: email support@wpsani.store. |
| Session recordings (UI interactions) | Anonymized recordings of mouse, click, and scroll events via rrweb, stored server-side to help us identify UX issues and improve the product. Passwords and your startup description are explicitly excluded from recordings. | Legitimate interest (Art. 6(1)(f)) — improving a free-to-use product | 90 days, then automatically deleted. To opt out, email us and we will disable recording for your IP. |
| Star ratings and feedback | Optional 1–5 star rating submitted after generating a deck. Used to measure output quality. | Legitimate interest (Art. 6(1)(f)) | Stored as aggregate counters (not linked to identity). |
| Startup description | Sent to Claude (Anthropic's API) to generate the pitch deck. Not stored by DeckForge. | Contract performance (Art. 6(1)(b)) | Not stored. Anthropic's data handling is governed by their privacy policy. |
3. Third-party processors
We share data with the following services strictly to operate DeckForge:
- Stripe (USA) — payment processing. Your card and billing data are handled exclusively by Stripe. Stripe's privacy policy. Stripe uses Standard Contractual Clauses for EU data transfers.
- Anthropic Claude API (USA) — your startup description is sent to generate the deck. Anthropic's privacy policy.
- Plausible Analytics (EU) — privacy-friendly, cookieless analytics. No personal data is collected. Plausible's privacy policy.
- ip-api.com — receives your IP address temporarily to identify your country. No data is stored on their service beyond the request. ip-api.com terms.
- Telegram — visitor IP addresses, browser user agent, and referrer URL are sent to an internal private Telegram channel for operational monitoring (spam, abuse detection). This channel is accessible only to the service operator.
Data transfers outside the EU/EEA: Anthropic and Stripe are US-based and operate under Standard Contractual Clauses. ip-api.com processes requests internationally; only your IP is transmitted. We do not sell data to any third party.
4. Cookies and local storage
DeckForge does not set any cookies. Your license key, if you have one, is stored in your browser's localStorage — a browser-side storage that never leaves your device and is not transmitted to any server.
Plausible Analytics operates without cookies and does not track you across sites.
5. Your rights under GDPR
If you are in the EU/EEA, you have the following rights:
- Access — request a copy of any personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure ("right to be forgotten") — request deletion of your data.
- Restriction — request that we limit processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest (e.g., session recordings). We will stop processing unless we have compelling legitimate grounds.
- Withdraw consent — if processing is based on consent (e.g., newsletter), you can withdraw at any time with no effect on prior processing.
To exercise any right: email support@wpsani.store with subject "Privacy Request — DeckForge". We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection supervisory authority. In Italy: Garante per la protezione dei dati personali. In the EU: find your authority here.
6. Data security
The DeckForge server uses HTTPS (TLS). The database is stored on a private server and not publicly accessible. License keys use UUID v4 format (cryptographically random). Session recording files are stored on the server and not publicly accessible.
7. Children
DeckForge is not intended for use by persons under 16 years of age. We do not knowingly collect data from children. If you believe a child has submitted personal data, contact us for immediate deletion.
8. Changes to this policy
We may update this policy. The "Last updated" date at the top will reflect changes. Material changes will be announced via the site. Continued use of the service after changes constitutes acceptance.
9. Contact
All privacy requests: support@wpsani.store
Subject line: Privacy Request — DeckForge