Privacy Policy
Last updated: June 2, 2026
This Privacy Policy explains how Brightsuite Inc., doing business as Brightdeck (“Brightdeck,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit brightdeck.ai, use our web application at app.brightdeck.ai, or use Brightdeck through a third-party platform such as ChatGPT (together, the “Services”). Brightdeck is a Delaware corporation headquartered in California, United States. For the personal information we process about you in connection with the Services, Brightdeck acts as the data controller.
The short version
We collect the information you give us (your account details, the prompts and files you submit, and your payment information), information we collect automatically when you use the Services (device and usage data), and information from third parties (such as the ChatGPT platform when you connect Brightdeck). We use it to generate your presentations, run and improve the Services, process payments, provide support, and keep the Services secure. We do not sell your personal information, and we do not use your content or AI inputs and outputs to train AI models. You have rights over your information, described in Section 11.
1. What This Policy Covers
This Policy applies to personal information we process through the Services. It does not apply to third-party products, websites, or platforms that we do not control, including the ChatGPT platform and the AI model providers we use, each of which is governed by its own privacy policy. When you use Brightdeck inside ChatGPT, both this Policy and OpenAI’s privacy policy apply to the respective data each party processes.
2. Information We Collect
2.1 Information you provide to us
- Account and contact information — your name, email address, password (stored in hashed form), and, where applicable, company name, job title, and profile preferences.
- Content and inputs — the text prompts, instructions, outlines, and style preferences you submit; files you upload (such as PowerPoint
.pptxdecks); and content you paste (such as CRM notes, call transcripts, or account research) for the purpose of generating or editing presentations. - Generated output — the presentations, slides, speaker notes, and related materials that Brightdeck generates for you.
- Billing information — your subscription plan, credit balance and usage, billing history, and transaction records. Payment card details are collected and processed directly by our payment processor (Stripe) and are not stored by Brightdeck.
- Communications — the information you provide when you contact customer support, respond to surveys, or otherwise communicate with us.
2.2 Information we collect automatically
- Device and connection data — IP address, browser type, device type, operating system, language settings, and referring URLs.
- Usage data — pages and features viewed, links and buttons clicked, actions taken, credits consumed, slides generated, session duration, and timestamps.
- Cookies and similar technologies — used for authentication, preferences, analytics, product measurement, and advertising attribution. See Section 7.
- Product analytics and session data — through our analytics provider (PostHog), we may record product events and, where enabled, session replays of how you interact with the application to help us understand and improve the product.
2.3 Information we receive from third parties
- From the ChatGPT platform — when you use Brightdeck through ChatGPT, OpenAI sends us the inputs needed to fulfill your request (see Section 6). We receive only what is necessary to perform the requested action.
- From single sign-on or connected accounts — if you sign in or connect through a third-party identity provider, we receive basic profile information such as your name and email address.
- From service providers — our payment processor and analytics, advertising, and infrastructure providers may share information with us, such as transaction confirmations and aggregated measurement data.
2.4 Categories of personal information (California notice at collection)
The following table summarizes the categories of personal information (as defined by the California Consumer Privacy Act, as amended, the “CCPA”) that we collect, the purposes for collection, and the categories of third parties to whom we may disclose it for a business purpose.
| Category | Examples | Purpose | Disclosed to |
|---|---|---|---|
| Identifiers | Name, email, account ID, IP address | Account creation, authentication, communication, security | Hosting, analytics, email, identity providers |
| Customer records | Contact details, billing details | Provide the Services, process payments, support | Payment processor, hosting |
| Commercial information | Plan, credit usage, transaction history | Billing, account management, fraud prevention | Payment processor, hosting |
| Internet / network activity | Usage events, clicks, session data, device data | Operate, secure, measure, and improve the Services | Analytics, advertising, hosting |
| Geolocation data | Approximate location derived from IP address | Security, localization, fraud prevention | Analytics, hosting |
| User content | Prompts, uploaded files, pasted text, generated decks | Generate and edit presentations as you request | AI model providers, hosting |
| Professional information | Company, job title (if you provide it) | Account personalization, support | Hosting |
Your prompts, uploads, and pasted content may contain any information you choose to include. Please do not submit sensitive personal information, payment card numbers, government identifiers, health information, or credentials unless it is strictly necessary for your task. See Section 6 on data minimization.
3. How We Use Your Information
We use personal information for the following purposes:
- Provide the Services — create your account, generate and edit presentations from your inputs, and deliver your outputs.
- Process transactions — manage subscriptions, credits, billing, and renewals.
- Support and communicate — respond to your requests and send service, security, and administrative messages.
- Maintain, secure, and improve the Services — monitor performance, debug, prevent fraud and abuse, and develop new features using usage data and aggregated or de-identified information.
- Marketing — send product updates and offers where permitted; you can opt out at any time.
- Comply with law — meet legal, tax, accounting, and regulatory obligations and enforce our agreements.
Where the EU/UK General Data Protection Regulation applies, our legal bases are: performance of a contract (providing the Services); your consent (e.g., certain cookies and marketing); our legitimate interests (securing and improving the Services); and compliance with legal obligations.
4. AI and Automated Processing
Brightdeck uses artificial intelligence to generate and edit presentations from your inputs.
- Inputs. To generate output, we process the prompts, instructions, uploaded files, and pasted content you submit.
- Outputs. We return generated slides, speaker notes, and related presentation materials to you.
- Third-party AI providers. We send your inputs to enterprise AI model providers (such as Google, OpenAI, and Anthropic) solely to generate your output. These providers process the data on our behalf under terms that prohibit using your content to train their models and that provide for limited or zero retention.
- No model training on your content. We do not use your inputs, your uploaded content, or the outputs we generate for you to train, develop, or improve AI or machine-learning models.
- Limited human access. Our personnel do not access your content except where necessary to provide the Services, resolve a support request, ensure security, or comply with law. We may review aggregated or de-identified usage metrics (such as the number of decks created) to improve the product.
5. Cookies and Tracking Technologies
We and our providers use cookies, pixels, and similar technologies to keep you signed in, remember your preferences, measure and analyze product usage (PostHog), and measure advertising and conversions (Google and OpenAI advertising/measurement pixels). You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required by law, we obtain consent before setting non-essential cookies.
6. Brightdeck for ChatGPT — Tool Inputs and Outputs
When you use Brightdeck as an app within ChatGPT, the following applies in addition to the rest of this Policy:
- Tool inputs we receive. We receive only the information needed to perform the action you request — for example, the topic, prompt, outline, or content you want turned into a presentation, and your formatting or style preferences. We practice data minimization and request only the inputs that are specific and necessary to the task.
- Tool outputs we return. We return only data that is directly relevant to your request — for example, the generated presentation, its slides and speaker notes, and (where applicable) a link to access or download it. Our responses do not include internal diagnostic data, telemetry, trace identifiers, or logging metadata unless strictly required to fulfill the request.
- Write and export actions. If an action sends data outside ChatGPT — for example, creating a presentation hosted on our servers or generating a shareable link — that action is surfaced to you, and the resulting file or link is handled as described in this Policy.
- Independent controller. Brightdeck and OpenAI are separate and independent controllers of the personal information each processes. Neither acts as a processor or service provider of the other for this purpose. OpenAI’s handling of your data within ChatGPT is governed by OpenAI’s privacy policy.
- Restricted data. Brightdeck does not request payment card data, protected health information, government identifiers, or authentication credentials through the ChatGPT integration, and asks that you not submit them.
7. How We Share Information
We disclose personal information only as described below. We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under the CCPA.
- Service providers (sub-processors) who process data on our behalf under contract, including: cloud infrastructure and hosting (Google Cloud Platform); authentication (Firebase); AI model providers (such as Google, OpenAI, and Anthropic); payment processing (Stripe); product analytics (PostHog); and advertising and conversion measurement (Google, OpenAI).
- The ChatGPT platform, when you use Brightdeck through it, as described in Section 6.
- Legal, safety, and compliance recipients, when we believe disclosure is required by law or legal process, or necessary to protect the rights, property, or safety of Brightdeck, our users, or others.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
- With your direction or consent, including content you choose to share or publish.
8. Data Retention
We retain personal information only for as long as necessary for the purposes described in this Policy, and then delete or de-identify it. Our general retention periods are:
- Account information — for the life of your account, and up to 90 days after account deletion.
- User content (uploads, prompts, and generated decks) — until you delete it or close your account; deleted from active systems within 30 days of deletion, and from backups within 90 days thereafter. Inputs sent to AI providers are subject to those providers’ limited or zero retention terms.
- Billing and transaction records — up to 7 years, to meet tax, accounting, and legal obligations.
- Usage, analytics, and log data — generally up to 24 months.
- Support communications — up to 3 years after resolution.
Where a fixed period is not feasible, we determine the retention period based on the criteria above: the nature and sensitivity of the data, the purpose for which we hold it, and applicable legal requirements.
9. Data Security
We implement appropriate technical and organizational measures designed to protect personal information, including encryption in transit (HTTPS/TLS) and at rest, access controls, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. International Data Transfers
We are based in the United States and process and store information in the United States and in other countries where our service providers operate. Where we transfer personal information from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
11. Your Privacy Rights
11.1 California residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know and access the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it.
- Delete personal information we have collected, subject to legal exceptions.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information. We do not sell or share personal information.
- Limit the use and disclosure of sensitive personal information. We do not use or disclose sensitive personal information for purposes that require offering this option.
- Non-discrimination — we will not discriminate against you for exercising your rights.
To exercise these rights, email privacy@brightdeck.ai. We will verify your request and respond within 45 days (extendable by an additional 45 days with notice). You may use an authorized agent to submit a request on your behalf.
Do Not Sell or Share My Personal Information. Brightdeck does not sell or share your personal information for cross-context behavioral advertising, so no opt-out is required; if this changes, we will update this Policy and provide a clear opt-out mechanism.
California “Shine the Light.” We do not disclose personal information to third parties for their own direct marketing purposes.
11.2 EEA, UK, and Switzerland
If applicable law gives you these rights, you may request access to, correction of, deletion of, restriction of, or portability of your personal information; object to certain processing; and withdraw consent. You may also lodge a complaint with your local data protection authority. To exercise these rights, contact privacy@brightdeck.ai.
12. Children’s Privacy
The Services are not directed to children, and we do not knowingly collect personal information from anyone under 18 years of age. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.
13. Third-Party Links and Services
The Services may link to or integrate with third-party websites and services that we do not control. Their privacy practices are governed by their own policies, and we encourage you to review them.
14. Changes to This Policy
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, provide additional notice where required. We review this Policy at least every 12 months.
15. Contact Us
If you have questions about this Policy or our privacy practices, contact us at:
Brightsuite Inc. (DBA Brightdeck)
1887 Whitney Mesa Dr #4130, Henderson, NV 89014, United States
Email: privacy@brightdeck.ai
California residents may also contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210.