Security & Privacy

Your data is safe with us

SlideForge is built on a simple principle: we process your work, not collect it. Here is exactly how your data is handled — no vague promises, just clear facts.

Files never stored

Uploaded presentations are processed in memory and discarded the moment your result is returned.

Encrypted in transit

Every connection between your browser and our servers uses TLS 1.2+ (HTTPS). No plaintext data ever travels over the network.

Never used for training

Your content is not used to train AI models by CorePoint AI Solutions or our AI provider, Anthropic.

How file processing works

When you upload a PDF or PPTX to SlideForge, here is the exact lifecycle of that file:

1Your browser sends the file to our server over an encrypted HTTPS connection.
2Our server reads the file into memory. For PDFs, the raw bytes are forwarded to Anthropic's API as a base64-encoded document. For PPTX files, we extract the text content in memory.
3Anthropic's AI model processes the content and returns a response.
4We send that response back to your browser.
5The file is gone. We do not write it to disk, cache it in object storage, or log its contents anywhere.

What this means practically: if you uploaded a confidential strategy deck and then closed your browser, there is no copy of that file on our servers or in any database. It never existed beyond the duration of your request.

Our AI provider: Anthropic

SlideForge uses Anthropic's Claude API to analyse presentations and generate output. When you submit a file, its content is transmitted to Anthropic's servers for processing.

Anthropic does not use API inputs and outputs to train its models by default (as of their current API usage policy).

API data is processed under Anthropic's data processing agreement and privacy policy.

Anthropic is SOC 2 Type II certified.

Data is processed in Anthropic's US-based infrastructure.

We recommend reviewing Anthropic's privacy policy and API usage policy directly if you handle particularly sensitive data subject to regulatory requirements (e.g., HIPAA, GDPR special categories).

Account security

User authentication is handled by Clerk, a dedicated identity platform. We do not store passwords or manage authentication tokens ourselves.

Passwords are hashed and managed entirely by Clerk — we never see them.

Google OAuth login is available for passwordless sign-in.

Session tokens are short-lived and rotated automatically.

Clerk is SOC 2 Type II certified.

Payment security

Subscription payments are processed by Stripe, the industry standard for online payments. We never see or store your payment card details.

Card numbers are entered directly into Stripe's PCI DSS Level 1 certified interface.

CorePoint AI Solutions only receives a token representing your subscription — not your card data.

Stripe is certified to PCI Service Provider Level 1, the highest level of payment security certification.

Infrastructure

SlideForge is deployed on Vercel, a cloud platform with enterprise-grade security defaults.

HTTPS enforced on all routes — HTTP requests are automatically redirected.

Edge network with DDoS protection included.

Vercel is SOC 2 Type II certified.

Server-side code runs in isolated serverless functions with no persistent file system access.

✕What we do not do

Store uploaded files on our servers

Sell your data to third parties

Use your content to train AI models

Share presentation content with other users

Log the contents of your uploaded files

Store payment card numbers

Report a security issue

If you discover a potential security vulnerability in SlideForge, please disclose it responsibly by emailing us directly. We aim to acknowledge all reports within 48 hours.

Report a Vulnerability