Privacy Policy

When you create a HummingDeck account, we collect:

• Account information — email address, name, and profile photo (provided directly or imported from Google when using Google sign-in)
• Team and workspace data — team names, member roles, and workspace settings you configure
• Uploaded content — presentations, documents, and other files you upload to share via HummingDeck
• CRM data — contact names, email addresses, and company information you add to organize your sharing activity
• Activity data — actions you take within the platform such as creating share links, uploading decks, and managing team settings

When someone opens a shared document link, we automatically collect certain information to provide engagement analytics to the document owner. Document Viewers do not need to create an account.

We collect:

• Device and browser information — browser type, operating system, and device category
• Network information — IP address and approximate geographic location (city/country level, derived from IP)
• Engagement data — which pages were viewed, time spent on each page, total viewing duration, and completion rate

This data is collected on behalf of the HummingDeck user who created the share link. The legal basis for this processing is the legitimate interest of the sender in understanding how recipients engage with their shared content (GDPR Article 6(1)(f)).

Document Viewers may contact us at hello@hummingdeck.com to inquire about data collected during their viewing sessions.

We use Google Analytics 4 to understand how people use our website and application. This service collects anonymous usage data including pages visited, features used, and general interaction patterns.

Google Analytics may set cookies on your device to distinguish users and track sessions. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by configuring your browser to block third-party cookies.

We use a minimal set of cookies:

• Session cookie — an HTTP-only cookie that maintains your login session. It expires after 14 days and is required for the application to function.
• Analytics cookies — set by Google Analytics to distinguish users and track sessions. These are optional and can be blocked via browser settings.

We do not use advertising cookies, social media tracking pixels, or any other third-party tracking cookies.

We use the information we collect to:

• Provide the service — host your uploaded documents, generate share links, and deliver engagement analytics
• Provide document engagement analytics — show registered users how recipients interact with their shared documents, including viewing patterns and engagement metrics
• Improve the product — understand usage patterns to fix issues and develop new features
• Communicate with you — send transactional emails (share notifications, account updates) and respond to support requests
• Ensure security — detect and prevent fraud, abuse, and unauthorized access

We do not sell your personal information.

We may share data in the following circumstances:

• Service providers — we share data with third-party providers who help us operate the service (see Third-Party Services below). These providers are bound by data processing agreements and may only use data to provide services to us.
• At your direction — when you share a document, the recipient can see the document content and any information you choose to include in the share link.
• Legal requirements — we may disclose data if required by law, court order, or governmental regulation.
• Business transfers — if HummingDeck is acquired or merged, user data may be transferred as part of the transaction. We will notify affected users before their data becomes subject to a different privacy policy.

We use the following third-party services to operate HummingDeck:

• Google Firebase — authentication and user identity management
• Google Cloud Storage — secure storage of uploaded files
• Google Analytics 4 — anonymous website and application usage analytics
• Resend — transactional email delivery (share notifications, account emails)
• FastSpring — payment processing for subscriptions (FastSpring acts as the merchant of record; we do not store payment card details)

Each of these providers has their own privacy policy governing how they process data.

If you use HummingDeck through our Canva app integration, we additionally collect:

• Canva account identifiers — your Canva user ID and brand (team) ID, used to link your Canva account to your HummingDeck account
• Exported designs — when you choose to share a design from Canva, the exported file (PDF) is transferred to and stored by HummingDeck

We do not access your Canva designs, account data, or any other Canva content beyond what you explicitly choose to export. We do not mine or scrape any data from the Canva platform.

If you use HummingDeck through our Google Workspace Add-on for Google Slides or Google Docs, we access the following data:

• Google account email — your email address, used to identify and authenticate your HummingDeck account
• Current document metadata — the title and URL of the document you are currently editing, used to label the shared document within HummingDeck
• Exported document — when you choose to share a document, HummingDeck exports a PDF copy of the current document and stores it on your behalf

The add-on requests only the minimum scopes required to function: access to your email address, read-only access to the current document, and permission to make HTTP requests to the HummingDeck service. We do not access your Google Drive, other documents, contacts, or any Google Workspace data beyond what is listed above.

HummingDeck does not use any data obtained through Google Workspace APIs to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models.

Data accessed via Google Workspace integrations — including document content, metadata, and user information — is used solely to provide the HummingDeck document sharing and analytics service to you. This data is never transferred to, shared with, or used by any AI or ML system beyond what is necessary to deliver the features you directly interact with.

HummingDeck's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we limit our use of Google user data to providing and improving the user-facing features of HummingDeck. We do not sell Google user data, use it for advertising, or transfer it to third parties except as necessary to provide the service, comply with applicable law, or as part of a merger or acquisition with adequate data protection.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS (HTTPS)
• Uploaded files are encrypted at rest in Google Cloud Storage
• Session cookies are HTTP-only and secure, preventing client-side access
• Authentication is managed through Google Firebase with secure session handling
• Access to production systems is restricted and logged

No method of electronic transmission or storage is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

We retain data as follows:

• Account data — retained for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law.
• Uploaded files — deleted when you delete the associated document from your account.
• Document Viewer data — retained to provide engagement analytics. Viewer data is anonymized after 24 months.
• Analytics data — aggregated, anonymous analytics data may be retained indefinitely.

Managing your data: You can manage and delete your data directly within HummingDeck at any time. You can delete individual documents, share links, contacts, and team data from the application interface. To delete your entire account and all associated data, contact us at hello@hummingdeck.com.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your personal data
• Portability — request a machine-readable copy of your data
• Objection — object to processing based on legitimate interest
• Restriction — request that we restrict processing of your data

To exercise any of these rights, contact us at hello@hummingdeck.com. We will respond to your request within 30 days.

California residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect and how it is used, request deletion of your data, and opt out of the sale of personal information. We do not sell personal information.

HummingDeck is not intended for use by individuals under the age of 13 (or the minimum legal age required to provide consent for processing of personal data in the user's jurisdiction). We do not knowingly collect personal data from children.

If you believe that a child has provided us with personal data, please contact us at hello@hummingdeck.com and we will take steps to delete such information.

Your data may be processed in countries other than your own. We primarily process data on Google Cloud infrastructure located in the United States and the European Union.

When data is transferred outside of the European Economic Area, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure your data is protected to European standards.

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through a notice within the application before the changes take effect.

We encourage you to review this policy periodically. Your continued use of HummingDeck after changes are posted constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this privacy policy or our data practices, contact us at hello@hummingdeck.com.