SECURITY & PRIVACY

Your documents and data, protected by default

HummingDeck runs on Google Cloud and encrypts your content in transit and at rest. Here is how we keep your decks, rooms, and customer data safe.

TLS 1.2+ encryptionGoogle Cloud infrastructureGDPR-ready data termsEU-based companyPCI-compliant billingBot & scanner filtering

AT A GLANCE

Security built into the foundation

Encrypted everywhere

Every connection uses TLS 1.2 or higher, and your files are encrypted at rest with AES-256.

Trusted infrastructure

Hosted entirely on Google Cloud, with managed databases, automated backups, and point-in-time recovery.

Access you control

Files are served through expiring signed links. You decide who can open a document, and you can revoke access anytime.

Privacy by design

You own your data. We never sell it, and we process it under a GDPR-ready Data Processing Agreement.

ENCRYPTION

Encrypted in transit and at rest

In transit

All traffic between you, your viewers, and HummingDeck is protected with TLS 1.2 or higher. Shared documents are delivered over HTTPS through signed, time-limited links, never from a public location.

At rest

Uploaded files and database records are encrypted at rest with AES-256 on Google Cloud's managed storage and database services.

INFRASTRUCTURE

Resilient by default

Google Cloud Platform

Compute, storage, and databases run on Google Cloud, inheriting its physical, network, and platform security.

Automated backups

Databases are backed up automatically every day, with point-in-time recovery to keep data loss to a minimum.

Private file delivery

Documents are stored privately and served only through expiring signed URLs, so links cannot be guessed or shared indefinitely.

ACCESS CONTROL

Control over every share

Sharing a document does not mean losing control of it. Decide who gets in, for how long, and what they can do.

Email-gated access

Require a verified email before anyone can open a document, so you always know who is viewing.

Link expiration

Set links to expire automatically, so access ends when the deal window closes.

Download control

Allow or block downloads per link, keeping sensitive content view-only when you need it.

Instant revocation

Cut off access the moment you need to, for everyone on a link or a single recipient.

View & download audit trail

Every open and download is logged with a timestamp, giving you a complete record of who accessed what.

Bot & scanner filtering

Automated link scanners and bots are detected and filtered out, so your view data reflects real people.

DATA & PRIVACY

Your data stays yours

We process customer data on your behalf, under clear, GDPR-ready terms.

GDPR-ready

We operate from the EU and offer a Data Processing Agreement with Standard Contractual Clauses for international transfers.

Transparent subprocessors

We publish the full list of subprocessors we rely on, and give advance notice before that list changes.

Data ownership & deletion

You can export your data, and we delete it on request and after account closure, subject to standard retention windows.

Secure payments

Billing runs through FastSpring, a PCI-compliant payment provider. We never see or store your card details.

Read the details

Data Processing Agreement Subprocessors Privacy Policy Terms of Service

RESPONSIBLE DISCLOSURE

Found a security issue?

We take security reports seriously. If you believe you have found a vulnerability, please email us and we will respond quickly.

Email hello@hummingdeck.com

Share with confidence

Start sharing documents on infrastructure built to keep them safe.

Start free See pricing