Agentic Slides 1. Controller
The controller within the meaning of Art. 4(7) GDPR is:
Product Masterclass GmbH
Pariser Str. 14, 81669 München, Germany
Email: hallo@product-masterclass.com · Phone: +49 89 21544190
Company and management details: see our Imprint.
2. Data Protection Officer
We have appointed a Data Protection Officer. You can reach our Data Protection Officer, Sebastian Borggrewe, at:
Product Masterclass GmbH — Data Protection Officer
Pariser Str. 14, 81669 München, Germany
Email: hallo@product-masterclass.com (please mark "FAO Data Protection Officer")
3. Categories of data, purposes, and legal bases
| Data | Purpose | Legal basis |
|---|---|---|
| Account data: email, name, hashed password | Create and secure your account; authenticate you | Art. 6(1)(b) — performance of contract |
| Deck content and prompts you submit | Store, render, edit, and export your presentations; run AI generation on your instruction | Art. 6(1)(b) |
| API keys and request/usage metadata (timestamps, model, token counts) | Authenticate API access; enforce quotas; prevent abuse; account for usage | Art. 6(1)(f) — legitimate interest in a secure, abuse-resistant service |
| Server and security logs, incl. IP address | Operate, secure, and debug the service; detect and defend against attacks | Art. 6(1)(f) — legitimate interest in IT security (cf. Recital 49) |
| Support correspondence | Handle your enquiries | Art. 6(1)(b) and/or 6(1)(f) |
| Billing data (once paid plans launch) | Process payments; meet tax/commercial record-keeping duties | Art. 6(1)(b) and Art. 6(1)(c) with § 147 AO, § 257 HGB |
Where we rely on legitimate interests (Art. 6(1)(f)), the interests are those named in the table above (service security, abuse prevention, and the operability of the platform). You may object under Section 9.
4. AI generation and editing
When you generate or edit slides, the prompts and the deck content involved are transmitted to our model provider (see Section 6) to produce the result on your instruction (Art. 6(1)(b)). We do not use your private deck content or prompts to train models, and our provider is contractually bound as a processor. Please do not submit special categories of data (Art. 9 GDPR) or third-party personal data you are not entitled to share into prompts or decks.
5. Cookies and tracking
We set a single, strictly necessary session cookie (httpOnly, CSRF-protected) so you stay logged in. Storing and reading it is necessary to provide the service you requested, so it is permitted under § 25(2) no. 2 TDDDG without consent; the associated processing rests on Art. 6(1)(b)/(f) GDPR. We do not use advertising cookies or third-party analytics by default. Should we introduce non-essential cookies or analytics, we will obtain your prior consent (§ 25(1) TDDDG, Art. 6(1)(a) GDPR) via a consent banner, and update this policy.
6. Recipients and processors
We engage the following processors under data processing agreements pursuant to Art. 28 GDPR. They process personal data only on our documented instructions:
| Processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Application hosting and database | Germany (EU) |
| Anthropic PBC (Claude) | AI slide generation and editing | USA |
| Resend, Inc. | Transactional email (verification, password reset) | USA |
We have a current Art. 28 data processing agreement on file with each processor. We do not sell personal data.
7. Transfers to third countries
Where a processor is located outside the EU/EEA (currently the US-based providers above), the transfer is safeguarded by the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR), together with supplementary technical and organisational measures where required. We do not rely on the EU–US Data Privacy Framework. You may request a copy of the relevant safeguards at hallo@product-masterclass.com.
8. Storage period
- Account and deck data: kept for the life of your account. After you delete content or your account, it is removed from production systems without undue delay (target: within 30 days), subject to backup rotation.
- Security/server logs: kept for up to 30 days, then deleted or anonymised, unless a specific security incident requires longer retention for its investigation.
- Billing and accounting records (once applicable): retained for the statutory periods of up to 10 years (§ 147 AO) and 6 years (§ 257 HGB).
9. Your rights
Under the GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object to processing based on Art. 6(1)(f) on grounds relating to your particular situation (Art. 21). Where processing is based on consent, you may withdraw it at any time with effect for the future (Art. 7(3)). You can export or delete your account data in your account settings, or contact hallo@product-masterclass.com.
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The authority competent for us is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany. You may also contact the supervisory authority of your habitual residence or place of the alleged infringement.
10. Is provision of data required?
Providing account data is necessary to enter into and perform the contract for the service (Art. 13(2)(e) GDPR). Without it we cannot create an account or provide Agentic Slides. There is no statutory obligation on you to provide the data, but the service cannot be used without it.
11. Automated decision-making
We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR. The AI generates presentation content at your request; it does not make decisions about you.
12. Data security
We apply appropriate technical and organisational measures (Art. 32 GDPR): passwords hashed with argon2id, httpOnly session cookies with CSRF protection, encryption in transit (TLS), restricted access to production data, and stripping of provider credentials from incoming requests as a fail-safe.
13. Changes to this policy
We may update this policy as the service evolves. The current version is always available at this URL; material changes will be announced in-app or by email.
14. Contact
Privacy enquiries: hallo@product-masterclass.com.