Privacy Policy

Last Updated: November 7, 2024

QuantumDeck, a Delaware LLC having website deck.work ("we," "our," or "us"), is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your data when you use our services, website, and related applications (collectively, the "Services").

1. Introduction

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our Services. We may update this policy periodically, and we encourage you to review it regularly.

2. Information We Collect
   2.1 Categories of Personal Information
   
   

We collect various types of personal information, including:

• Contact Information: Name, email address, phone number, and mailing address.

• Account Information: Username, password, and account preferences.

• Profile Information: Display name and optional profile details.

• Payment Information: Billing and payment card details (securely stored by payment processors) such as Stripe. 

• Usage Data: Service usage details, device data, IP address, and user activity logs.

• Audio Recordings: Voice data submitted for AI-powered voice synthesis or other audio-related services.

2.2 Methods of Collection

We collect personal information through:

• Direct submission during registration and service use.

• Automatic collection via cookies and similar technologies.

• Third-party integrations (e.g., social media logins).

• Information provided by other users or business partners

3. How We Use Your Information

We process your personal information to:

• Provide and improve our Services.

• Personalize your experience.

• Process payments and fulfill transactions.

• Communicate about service updates and support requests.

• Ensure security and prevent fraud.

• Comply with legal obligations

4. Use of Artificial Intelligence and Generative AI

At QuantumDeck, we leverage artificial intelligence (AI) and generative AI technologies to enhance our services and provide innovative features to our users. Here's how we incorporate AI into our platform:

4.1 AI-Powered Text Generation

OpenAI Integration: We use the OpenAI API to generate text content, enabling features such as automated content creation, text completion, and language translation. For more information on how OpenAI handles personal data, you can review their privacy practices at OpenAI Privacy Center.

4.2 Voice Synthesis

Eleven Labs Integration: We utilize the Eleven Labs API for advanced voice synthesis, allowing users to generate realistic voice outputs based on text inputs. Users interested in Eleven Labs' privacy practices can find more details on their website.

4.3 Data Usage and Privacy

API Data Handling: When using these third-party APIs, data is processed following their respective privacy policies and our agreements with these providers.

Minimal Data Transfer: We strive to send only the necessary data to these services to fulfill your requests, adhering to data minimization principles.

User Consent and Control: As outlined in our Terms of Service, we obtain appropriate consent for using your data with these AI and voice synthesis services. Users maintain control over the final output and can edit or refine AI-generated content as needed. For the rest of our usage practices please refer to our terms of services. 

4.4 Google Workspace APIs
We affirm that our application does not use Google Workspace APIs to develop, improve, or train generalized AI (Artificial Intelligence) and/or ML (Machine Learning) models.

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Trusted vendors performing services on our behalf.

• Business Partners: For joint offerings or marketing efforts (with your consent).

• Legal Authorities: As required by law or to protect our rights.

• Successors: In the event of a business transaction like a merger or acquisition

6. Data Storage and Security

At QuantumDeck, we prioritize the security of your personal data and implement a range of industry-standard practices to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

6.1 Encryption

• Data in Transit: We use Transport Layer Security (TLS) encryption for all data transmitted between your device and our servers, ensuring that your information is protected during transmission.

• Data at Rest: Personal data stored in our databases is encrypted to safeguard it from unauthorized access.
  
  

6.2 Access Controls

• Limited Access: We enforce strict access controls to ensure that only authorized employees and contractors can access your data, based on their job responsibilities.

• Multi-Factor Authentication (MFA): We require MFA for accessing our systems, adding an extra layer of security beyond just passwords.

6.3 Network Security

• Firewalls and Monitoring: Our infrastructure is protected by firewalls and monitoring systems that help detect and prevent unauthorized access attempts.

• Regular Assessments: We conduct regular assessments to identify and address potential vulnerabilities in our systems.

6.4 Physical Security

• Secure Facilities: Our servers are located in secure data centers with physical security measures in place, including surveillance and controlled access.

• Data Backups: We maintain backups of your data to ensure availability in case of any incidents.

6.5 Incident Response

• Preparedness: We have a response plan in place for potential security incidents to address any issues quickly and effectively.

• Ongoing Training: Our team receives training on security best practices to stay informed about potential threats.

6.6 Employee Awareness

• Training Programs: All employees participate in regular training on data security and privacy practices to help them understand the importance of protecting your information.

While we strive to implement these robust security measures, it’s important to recognize that no method of transmission over the Internet or electronic storage is completely secure. Despite our efforts, we cannot guarantee absolute protection against all potential risks. We encourage users to take precautions, such as using strong passwords and being cautious about sharing sensitive information online. If you have any concerns about the security of your data or notice any suspicious activity, please reach out to us at hello@deck.work.

6.7 Data Retention 

We retain your personal data for as long as necessary to provide you with our Services, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods for different types of data vary based on the nature of the information and applicable legal requirements. Here are some general guidelines:

1. Account Information: We retain your account information for as long as your account is active. If you choose to close your account, we will delete or anonymize your personal data within 30 days, unless we are required to retain it for legal reasons.

2. Usage Data: We retain usage data for a period of 12 months to help us improve our Services and for security purposes. After this period, the data is aggregated and anonymized.

3. Payment Information: We retain payment information as required by financial regulations, typically for 7 years after the last transaction.

4. Communications: We retain communications with our support team for 2 years to ensure continuity of service and address any ongoing issues.

5. AI-Generated Content: Content generated using our AI services is retained for 30 days after creation, after which it is permanently deleted unless you've explicitly saved it to your account.

6. Voice Recordings: Voice data submitted for synthesis is retained for 7 days to allow for processing and quality assurance, then deleted.

We regularly review our retention periods to ensure we're not keeping data longer than necessary. You can request deletion of your data at any time by contacting us at hello@deck.work, subject to our legal obligations to retain certain information.

Please note that even after we delete your personal information from our active databases, some information may remain in our backup systems for a period of time before it is completely removed.

7. Your Rights and Choices

7.1 Access and Information

You have the right to request access to the personal data we hold about you. This includes:

• A copy of your personal data in our possession

• Information about how we collect, use, and process your data

• Details on the categories of data we collect

• Information about third parties with whom we share your data

• The retention period for storing your data

We will provide this information within 30 days of your request unless a law expects us to deliver this in a shorter period, subject to verification of your identity.

7.2 Correction and Update

You have the right to request corrections to any inaccurate personal data we hold about you. This includes:

• Updating contact information

• Correcting errors in your profile details

• Modifying preferences and settings

• Updating any outdated or incorrect information

You can make these changes directly through your account settings or by contacting our support team.

7.3 Data Deletion

You may request the deletion of your personal data, subject to certain legal and operational requirements. This right includes:

• Deleting your account and associated data

• Removing specific pieces of information from our records

• Erasing data that is no longer necessary for the purposes for which it was collected

Note that we may retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements.

7.4 Opt-Out Options

You have the right to opt out of certain data uses, including:

• Marketing communications and newsletters

• Personalized advertising

• Data collection for analytics and research purposes

• Use of your data for AI training or model improvements

We provide clear opt-out mechanisms in our communications and through account settings.

7.5 Data Portability

Where applicable under local laws (such as GDPR), you have the right to data portability. This means:

• Receiving a copy of your personal data in a structured, commonly used, and machine-readable format

• Requesting that we transfer your data directly to another service provider, where technically feasible

This right applies to data you've provided to us and that we process based on your consent or for contract fulfillment.

7.6 Objection to Processing

You have the right to object to certain types of processing, including:

• Processing based on legitimate interests

• Direct marketing (including profiling)

• Processing for scientific or historical research purposes or statistical purposes

Upon receiving an objection, we will review your request and, unless we have compelling legitimate grounds to continue processing, we will cease the processing activities in question.

To exercise any of these rights, please contact us at hello@deck.work.  We will respond to your request within the timeframe required by applicable law, typically within 30 days. We may need to verify your identity before fulfilling your request to protect your privacy and security.

8. International Data Transfers

As a global company, we may transfer your data across borders. We ensure appropriate safeguards are in place for such transfers, complying with regulations like GDPR.

9. Compliance with Global Regulations

We adhere to various privacy laws, including:

• California Consumer Privacy Act (CCPA)

• EU General Data Protection Regulation (GDPR)

• UK Data Protection Act 2018

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)

• India's Digital Personal Data Protection Act (DPDPA)

10. Children's Privacy

Our Services are intended for use by individuals who are of legal age to provide consent for data processing in their respective jurisdictions. In the United States and Canada, this is typically 18 years old but may vary by state. In the European Union, this is generally 16 years old. 

We do not knowingly collect personal information from children below the age of consent without verifiable parental permission. If we learn that we have collected personal information from a child below the applicable age of consent without appropriate consent, we will take steps to delete that information as quickly as possible. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at hello@deck.work. We will take steps to remove such information and terminate the child's account.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our website.

12. Breach Notification 

In the event of a data breach involving your personal information, QuantumDeck is committed to taking swift and effective action. We have a formal incident response plan in place to contain, assess, and mitigate any data breaches. If we determine that your personal information has been compromised, we will notify you and any applicable regulatory authorities without undue delay. In jurisdictions where specific timelines are required, such as within 72 hours under the GDPR, we will adhere to these requirements. Notification will include a description of the breach, the nature of the compromised data, any actions we have taken to address the breach, and recommendations for you to protect yourself from potential harm.

13. Contact Us

For questions or concerns about this Privacy Policy, please contact us at hello@deck.work.

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its term