// Trust & Security Report
Decktopus Inc.
Decktopus AI (AI presentation generator / DecktoGPT)
Certifications held
4
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on decktopus.com“No SOC 2 report, attestation, or claim is published on any decktopus.com property. A third-party aggregator (Nudge Security) lists Decktopus as 'SOC 2 Compliant', but this is automated/inferred data with no vendor-domain proof, so it cannot be treated as held.”
Verify on security-profiles.nudgesecurity.com“No ISO 27001 certificate or claim appears on decktopus.com, the help center, the privacy policy, or terms. Only a third-party aggregator lists it; no vendor evidence.”
Verify on decktopus.com“Card data is handled by a third-party processor: 'the payment information ... that you submit when you register may be used and shared with our payment processing services provider'. No direct Decktopus PCI attestation is published.”
Verify on decktopus.com“GDPR Compliance. Any information containing personal data shall be handled in accordance with all applicable privacy laws and regulations, including without limitation the GDPR and equivalent laws and regulations.”
> Show 2 unconfirmed / not-held certifications
source: decktopus.comNo HIPAA/BAA capability is claimed anywhere on the vendor's own site. The product is a general-purpose presentation tool not positioned for PHI. Third-party 'HIPAA Compliant' label is not vendor-backed.
source: security-profiles.nudgesecurity.comNo FedRAMP authorization exists for Decktopus (not in the FedRAMP marketplace and implausible for a consumer presentation SaaS). The third-party aggregator's 'FedRamp Compliant' label is a clear false positive and undermines the reliability of that source.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not stated
Data region
unknown
The privacy policy does not explicitly state whether user presentation content or prompts are used to train AI models. It lists generic uses such as to 'develop new products, features, and services' and to improve Services, and states 'We do not sell or rent personal information.' AI generation (DecktoGPT) is presumably powered by third-party model providers, but no AI-data-use / training-opt-out policy is published on the vendor domain. Treat training-on-customer-data as unverified.
// Security controls
Encryption in transit
TLS. Help center states data is 'encrypted during transmission to servers using TLS (Transport Layer Security)'.
help.decktopus.comEncryption at rest
AES-256. Help center states data 'remains encrypted while stored using AES (Advanced Encryption Standard) 256-bit encryption'.
help.decktopus.comAccess control / MFA
MFA required for administrative access; 'all access to data is logged and monitored in real-time'.
help.decktopus.comData handling posture
'We do not sell or rent personal information.' Physical, electronic, and administrative security measures stated in privacy policy; acknowledges no internet transmission is 100% secure.
decktopus.comBug bounty program
None found. No HackerOne, Bugcrowd, or security.txt / vulnerability disclosure program located on the vendor domain.
decktopus.comHosting infrastructure
Vendor-stated: runs on DigitalOcean server infrastructure with Auth0 for authentication, per the vendor's own help center ('Is my data safe?'). Login credentials and presentation data are held in encrypted databases, with secure connections via Let's Encrypt/TLS. Independently corroborated, though no specific data-center region is disclosed.
help.decktopus.com// Products & data scope
data: Account contact + payment info, uploaded content, prompts, generated decks. Consumer/prosumer scope.
Core product: prompt-to-deck, PDF import, DecktoGPT co-pilot, AI image generation.
data: Shared team decks, brand assets (logo, colors, fonts), templates.
Adds shared company templates, team collaboration, Zapier integration.
data: Org brand kit, branded slide library; same encryption/access controls as core platform.
Enterprise positioning exists but no separate enterprise security attestation, DPA link, or trust portal is published.
// What to watch
- No dedicated trust center or security page on the vendor domain (decktopus.com/security returns 404).
- Enterprise certifications (SOC 2, ISO 27001) are NOT verifiable on any vendor-owned property despite enterprise marketing.
- Conflicting third-party data: Nudge Security profile claims SOC 2, PCI, HIPAA, ISO 27001, FedRAMP, and CSA STAR compliance. FedRAMP for a consumer presentation SaaS is implausible, which discredits that aggregated source; none of these are confirmed by the vendor.
- No published AI/data-use policy stating whether customer presentation content or prompts are used for model training.
- No DPA link, subprocessor list, or pen-test / bug-bounty disclosure found on the vendor domain.
- Privacy policy last updated Feb 2024; Terms Dec 2024 (Terms contain boilerplate/templated clauses referencing GPS, emergency contacts, and 'calls' that do not fit a presentation tool, suggesting a reused template).
// At a glance
Pricing model
Freemium SaaS subscription (monthly/annual; no refunds per Terms). Free, Pro, Business, and Enterprise tiers.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Decktopus Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
decktopus.com