Privacy Policy

BankOps.ai ("we," "us," or "our") operates a cloud-based software-as-a-service platform that enables users to create, edit, and export presentation decks using AI-assisted tools. This Privacy Policy describes how we collect, use, store, and protect your information when you use our platform ("Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2.1 Account Information

When you create an account, we collect:

• Username — a unique identifier you choose during registration.
• Password — stored using bcrypt one-way hashing. We never store or have access to your plaintext password.
• Organization name — your organization is created automatically upon registration.

2.2 Google OAuth

If you sign in with Google, we receive your Google account email address, name, and profile picture URL from Google's OAuth service. We use this information solely to create or authenticate your account. We do not access your Google Drive, Gmail, contacts, or any other Google services.

2.3 Content You Create

When you use the Service, we store the presentations, templates, design systems, and themes you create. This includes:

• Presentation content (slide text, layout structures, chart data, styling)
• Version history of your presentations
• Templates you create or customize
• Design system configurations and theme tokens
• Agent guidelines and instructions you configure

2.4 Uploaded and Generated Images

Images you upload, images generated by AI, and images retrieved via web search are stored in our cloud storage. These images are associated with your organization and presentations.

2.5 Contact Form Submissions

If you submit a message through our contact form, we collect the name, email address, company name, and message content you provide. This information is sent to our team via email and is used solely to respond to your inquiry.

2.6 Automatically Collected Information

We use a session cookie to maintain your authenticated session. This cookie is:

• HttpOnly — not accessible to client-side JavaScript.
• Secure — transmitted only over HTTPS.
• SameSite=Lax — restricted from cross-site requests.
• 7-day expiration — automatically expires after seven days.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Authenticate your identity and manage your account.
• Store and serve your presentations, templates, and design assets.
• Process your content through AI services to generate, rewrite, and enhance presentation content.
• Search for and retrieve images on your behalf when using AI-assisted features.
• Respond to your inquiries submitted through the contact form.
• Improve and develop the Service.

To provide AI-powered features, we transmit portions of your content to the following third-party services. We send only the minimum data necessary to fulfill each request.

4.1 Anthropic (Claude API)

We use Anthropic's Claude language models to power content generation, text rewriting, slide layout generation, chart configuration, and HTML-to-image rendering. When you use AI features, relevant presentation content (such as slide text, layout instructions, or chart data) is sent to Anthropic's API for processing. Anthropic's use of this data is governed by Anthropic's Privacy Policy.

4.2 Google Gemini

We use Google's Gemini API for AI image generation features. When you request an AI-generated image, a text prompt describing the desired image is sent to Google's API. Your presentation content is not sent to Google unless it is part of the image generation prompt you initiate. Google's use of this data is governed by Google's Privacy Policy.

4.3 HostedAgents.ai

We use HostedAgents.ai to run autonomous AI agents that assist with complex presentation tasks such as multi-step content generation, research, and layout creation. When an agent is invoked, relevant context from your presentation and instructions is sent to this service.

4.4 SerpAPI (Image Search)

When AI features search for logos or images on your behalf, search queries are sent to SerpAPI, which interfaces with Google Images. The search queries may include company names or descriptive terms derived from your presentation content. SerpAPI returns publicly available image URLs, which we then retrieve and store.

4.5 Cloudflare R2 (Image Storage)

Uploaded images, AI-generated images, and images retrieved via search are stored in Cloudflare R2 object storage. Images are organized by your organization ID and are accessible only through authenticated requests to our Service.

4.6 Amazon Web Services (Email)

We use Amazon Simple Email Service (SES) to deliver emails from our contact form. The name, email address, and message you submit through the contact form are transmitted to AWS SES for delivery. We do not use AWS SES for marketing emails.

Your data is stored in a PostgreSQL database and Cloudflare R2 object storage. We implement the following security measures:

• Passwords are hashed using bcrypt with a cost factor of 10 before storage.
• Authentication tokens are signed with a server-side secret key using JSON Web Tokens (JWT).
• Session cookies are configured with HttpOnly, Secure, and SameSite attributes.
• All data in transit is encrypted using TLS/HTTPS.
• API routes validate authentication and organization membership before serving data.
• All database queries are scoped to your organization to prevent cross-tenant data access.

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data — retained until you request account deletion.
• Presentations and templates — retained while your account is active, including full version history.
• Images — stored in cloud storage and retained while your account is active.
• Contact form submissions — retained as email records for customer support purposes.

Upon account termination, we will make your data available for export for 30 days for paid accounts, after which it may be permanently deleted. For beta and trial accounts, data may be deleted at any time without notice, as described in our Terms of Service.

We do not sell your personal information or presentation content to third parties. We share your data only in the following circumstances:

• Service providers — with the third-party services described in Section 4, solely to operate the Service.
• Legal requirements — when required by law, regulation, legal process, or governmental request.
• Protection of rights — to protect the rights, property, or safety of BankOps.ai, our users, or the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.

Depending on your jurisdiction, you may have the right to:

• Access your personal data that we hold.
• Correct inaccurate or incomplete personal data.
• Delete your personal data and account.
• Export your presentations and content in standard formats (PPTX, JSON).
• Object to or restrict certain processing of your personal data.

To exercise any of these rights, please contact us at the email address listed below. We will respond to your request within 30 days.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

Your data may be processed and stored in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules than your country.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For material changes that affect how we process your personal data, we will provide at least 30 days' notice before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

If you have questions about this Privacy Policy or our data practices, please contact us at:

BankOps.ai
Email: [email protected]