Privacy Policy

Last updated: May 26, 2026

editide (“we,” “our,” or “us”) operates the editide platform, including the editide PowerPoint add-in (the “Add-in”) available through Microsoft Marketplace, the editide REST API, MCP endpoints, third-party integrations (Claude, ChatGPT, and other MCP-compatible clients), and the dashboard at app.editide.com (collectively, the “Service”). This policy describes how we collect, use, and protect your information when you use the Service.

Your use of the Service is also governed by our Terms of Service, which include the End User License Agreement for the Add-in.

Information We Collect

Account information. When you sign up, we collect your name and email address through our authentication provider (Clerk). If you subscribe to a paid plan, Stripe collects your payment information — we do not store credit card numbers.

Microsoft account identifiers (Add-in only). When you install the Add-in through Microsoft Marketplace and sign in, Microsoft provides us with limited identifiers (such as your Microsoft account or tenant identifier) to enable authentication and license verification. We do not receive your Microsoft password.

Usage data. We track token usage (for Add-in plans) and slides delivered (for API plans) to enforce quotas and generate invoices. Usage data is associated with your API key hash or account identifier, not with the content of your presentations.

Uploaded files. When you use the Add-in or API, your PowerPoint files are uploaded to our servers for processing. Files are stored temporarily and automatically deleted within 12 hours. We do not retain, review, or use your file content for any purpose other than providing the editing service you requested.

Operational logs. We log request metadata (timestamps, endpoint paths, HTTP status, key-hash prefix, correlation IDs) for debugging and abuse prevention. Logs do not contain file contents, tool arguments, or LLM responses.

Information We Do Not Collect

• LLM API keys. If you use the API product (BYOK), your Anthropic or OpenAI key is used for the duration of the request and immediately discarded. We never store it.
• Presentation content. We do not log, analyze, or train on the content of your presentations.
• Token-level usage for API users. We do not track token consumption for API product users — only slides delivered.

How We Use Your Information

• To provide and operate the Service, including the Add-in
• To process payments and manage subscriptions via Stripe
• To enforce usage quotas and generate billing records
• To send transactional emails (account confirmation, invoices)
• To respond to support requests
• To detect, prevent, and address fraud, security issues, and violations of our Terms of Service

Third-Party Services

We use the following third-party services to operate the Service:

• Microsoft — distribution of the Add-in via Microsoft Marketplace; authentication identifiers when you install the Add-in
• Clerk — authentication and user management
• Stripe — payment processing and subscription management
• Amazon Web Services (AWS) — infrastructure, file storage, and database (DynamoDB)
• Anthropic / OpenAI — AI inference for the Add-in product (using our keys). API product users provide their own keys.

Each of these providers has their own privacy policy governing how they handle data.

Data Location and Transfers

editide’s infrastructure runs in the AWS us-east-2 region (Ohio, United States). All file storage, database operations, and request processing occur in that region. If you access editide from outside the United States, your data will be transferred to and processed in the U.S. By using the Service you consent to this transfer.

MCP Connectors and Third-Party AI Clients

editide exposes a Model Context Protocol (MCP) endpoint that lets third-party AI clients — including Anthropic’s Claude, OpenAI’s ChatGPT, and any other MCP-compatible host — invoke editide’s PowerPoint editing tools on your behalf. When you connect editide to one of these clients:

• The client authenticates to editide using your API key, which it stores on its side per its own privacy policy.
• Tool arguments (e.g., file IDs, slide edits) and tool results flow between the client and editide over HTTPS. The AI client provider sees the same arguments and results the model does.
• If you upload a presentation through the AI client (as opposed to pre-uploading via our REST API), the file contents pass through that client’s transport before reaching editide. Consult the client’s privacy policy for how it handles that data.
• editide never shares your file contents or account data with AI client providers outside of fulfilling the specific tool calls you initiate.

Data Retention

• Uploaded files: Automatically deleted within 12 hours
• Account data: Retained while your account is active. Deleted upon request.
• Usage records: Retained for billing purposes for the duration required by applicable law
• Operational logs: Retained for up to 30 days for debugging and abuse investigation

Data Security

All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AWS default encryption. API keys are stored as SHA-256 hashes — we cannot recover your raw key. Sessions are isolated per user, and ownership is enforced on every operation.

Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at support@editide.com. We will respond within 30 days.

European Economic Area (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) gives you specific rights regarding your personal data:

• Right to access, rectify, or delete the data we hold about you
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time (where processing relies on consent)
• Right to lodge a complaint with your local supervisory authority

Our legal bases for processing are: (a) performance of the contract you enter when you create an account or use our API, (b) compliance with legal obligations such as tax and accounting requirements, and (c) our legitimate interest in operating, securing, and improving the Service. For data transferred from the EEA to the United States, we rely on the standard contractual clauses adopted by the European Commission and the additional safeguards our sub-processors provide.

To exercise any of these rights, contact support@editide.com.

California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of personal information
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information
• Limit the use of sensitive personal information
• Not be discriminated against for exercising these rights

We do not sell or share personal information as those terms are defined under California law. We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Service. To exercise any of these rights, contact support@editide.com.

Children’s Privacy

editide is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. Continued use of the Service after changes constitutes acceptance.

Contact

If you have questions about this privacy policy, contact us at support@editide.com or visit editide.com/docs.