Trust & Security
Prismdeck is built for founders sharing sensitive business data. Here is exactly how we handle, protect, and respect your information.
Data Storage & Encryption
Your deck content, brand context, and account data are stored in a managed PostgreSQL database hosted by InsForge. All data is encrypted at rest using AES-256 and encrypted in transit via TLS 1.2+. Database backups are encrypted and retained for disaster recovery.
AI Data Handling
When you generate or regenerate a deck, your prompt and brand context are sent to Anthropic's Claude API. Anthropic does not use API-submitted data for model training per their API terms. Prompts are transmitted over encrypted connections and are not stored by Prismdeck after generation completes. Your deck content is yours — we do not use it to train any model.
Analytics & Tracking
Viewer analytics are first-party only. When someone views your shared deck, we record the view timestamp, approximate duration, and slides viewed. We do not use third-party analytics trackers on shared deck pages. Cookie consent is managed via a GDPR/CCPA-compliant consent banner, and non-essential cookies are blocked until consent is granted.
Payment Security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified processor. Prismdeck never sees, stores, or transmits your credit card number. Billing data (plan type, subscription status, invoice history) is managed entirely within Stripe's infrastructure. You can manage your subscription and view invoices from your dashboard.
Data Deletion
You can delete individual decks from the editor at any time — deletion is permanent and immediate. To delete your entire account and all associated data, contact support or use the account settings page. Account deletion removes all decks, brand context, analytics data, and personal information within 30 days.
Authentication & Access
Authentication is handled by InsForge Auth with secure session tokens. Passwords are hashed using bcrypt and never stored in plaintext. OAuth sign-in (Google, GitHub) delegates authentication to the identity provider — Prismdeck never receives your OAuth password. Sessions expire after inactivity and can be revoked from settings.
Export Privacy
PNG exports render entirely client-side in your browser — your slide content never leaves your device during PNG export. PDF and PPTX exports are generated server-side using your authenticated session and are transmitted over encrypted connections. Exported files are not cached or retained on our servers after delivery.
Third-Party Processors
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI deck generation (Claude API) | Prompts and brand context during generation |
| Stripe | Payment processing and subscription management | Email, plan selection (card data handled by Stripe directly) |
| InsForge | Database, authentication, and file storage | Account data, deck content, uploaded assets |
| Railway | Application hosting and deployment | Application runtime (no direct user data access) |
Compliance Roadmap
Prismdeck is committed to meeting the security and compliance expectations of growing teams. Here is what is available today and what is planned:
Available Today
- ✓ HTTPS with HSTS preload
- ✓ CSP, X-Frame-Options DENY
- ✓ Stripe PCI DSS Level 1 billing
- ✓ GDPR/CCPA cookie consent
- ✓ Data deletion on request
- ✓ Encrypted at rest and in transit
Planned
- ○ SOC 2 Type II certification
- ○ Data Processing Agreement (DPA)
- ○ SSO / SAML for enterprise teams
- ○ Role-based access controls
- ○ Audit logs for team workspaces
Questions about security or data handling? We are happy to answer.
Prismdeck is a product of Developer312, a subsidiary of NIGHT LITE USA LLC.
Explore More in Prismdeck
Move from discovery to action with the most useful next pages.