// Trust & Security Report

    Decktopus Inc. logo

    Decktopus Inc.

    Decktopus AI (AI presentation generator / DecktoGPT)

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    No SOC 2 report, attestation, or claim is published on any decktopus.com property. A third-party aggregator (Nudge Security) lists Decktopus as 'SOC 2 Compliant', but this is automated/inferred data with no vendor-domain proof, so it cannot be treated as held.

    Verify on decktopus.com
    ISO 27001
    HELD

    No ISO 27001 certificate or claim appears on decktopus.com, the help center, the privacy policy, or terms. Only a third-party aggregator lists it; no vendor evidence.

    Verify on security-profiles.nudgesecurity.com
    PCI DSS
    HELD

    Card data is handled by a third-party processor: 'the payment information ... that you submit when you register may be used and shared with our payment processing services provider'. No direct Decktopus PCI attestation is published.

    Verify on decktopus.com
    GDPR
    HELD

    GDPR Compliance. Any information containing personal data shall be handled in accordance with all applicable privacy laws and regulations, including without limitation the GDPR and equivalent laws and regulations.

    Verify on decktopus.com
    > Show 2 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No HIPAA/BAA capability is claimed anywhere on the vendor's own site. The product is a general-purpose presentation tool not positioned for PHI. Third-party 'HIPAA Compliant' label is not vendor-backed.

    source: decktopus.com
    FedRAMP
    NOT CONFIRMED

    No FedRAMP authorization exists for Decktopus (not in the FedRAMP marketplace and implausible for a consumer presentation SaaS). The third-party aggregator's 'FedRamp Compliant' label is a clear false positive and undermines the reliability of that source.

    source: security-profiles.nudgesecurity.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not stated

    Data region

    unknown

    The privacy policy does not explicitly state whether user presentation content or prompts are used to train AI models. It lists generic uses such as to 'develop new products, features, and services' and to improve Services, and states 'We do not sell or rent personal information.' AI generation (DecktoGPT) is presumably powered by third-party model providers, but no AI-data-use / training-opt-out policy is published on the vendor domain. Treat training-on-customer-data as unverified.

    // Security controls

    Encryption in transit

    TLS. Help center states data is 'encrypted during transmission to servers using TLS (Transport Layer Security)'.

    help.decktopus.com

    Encryption at rest

    AES-256. Help center states data 'remains encrypted while stored using AES (Advanced Encryption Standard) 256-bit encryption'.

    help.decktopus.com

    Access control / MFA

    MFA required for administrative access; 'all access to data is logged and monitored in real-time'.

    help.decktopus.com

    Data handling posture

    'We do not sell or rent personal information.' Physical, electronic, and administrative security measures stated in privacy policy; acknowledges no internet transmission is 100% secure.

    decktopus.com

    Bug bounty program

    None found. No HackerOne, Bugcrowd, or security.txt / vulnerability disclosure program located on the vendor domain.

    decktopus.com

    Penetration testing

    Not mentioned anywhere on the vendor's own site.

    decktopus.com

    Hosting infrastructure

    Vendor-stated: runs on DigitalOcean server infrastructure with Auth0 for authentication, per the vendor's own help center ('Is my data safe?'). Login credentials and presentation data are held in encrypted databases, with secure connections via Let's Encrypt/TLS. Independently corroborated, though no specific data-center region is disclosed.

    help.decktopus.com

    // Products & data scope

    Decktopus AI (Pro / individual)AI presentation generator

    data: Account contact + payment info, uploaded content, prompts, generated decks. Consumer/prosumer scope.

    Core product: prompt-to-deck, PDF import, DecktoGPT co-pilot, AI image generation.

    Decktopus for Teams / BusinessTeam presentation workspace

    data: Shared team decks, brand assets (logo, colors, fonts), templates.

    Adds shared company templates, team collaboration, Zapier integration.

    Decktopus Enterprise (Auto-Branding / Light Branding)Enterprise branded deck system

    data: Org brand kit, branded slide library; same encryption/access controls as core platform.

    Enterprise positioning exists but no separate enterprise security attestation, DPA link, or trust portal is published.

    // What to watch

    • No dedicated trust center or security page on the vendor domain (decktopus.com/security returns 404).
    • Enterprise certifications (SOC 2, ISO 27001) are NOT verifiable on any vendor-owned property despite enterprise marketing.
    • Conflicting third-party data: Nudge Security profile claims SOC 2, PCI, HIPAA, ISO 27001, FedRAMP, and CSA STAR compliance. FedRAMP for a consumer presentation SaaS is implausible, which discredits that aggregated source; none of these are confirmed by the vendor.
    • No published AI/data-use policy stating whether customer presentation content or prompts are used for model training.
    • No DPA link, subprocessor list, or pen-test / bug-bounty disclosure found on the vendor domain.
    • Privacy policy last updated Feb 2024; Terms Dec 2024 (Terms contain boilerplate/templated clauses referencing GPS, emergency contacts, and 'calls' that do not fit a presentation tool, suggesting a reused template).

    // At a glance

    Pricing model

    Freemium SaaS subscription (monthly/annual; no refunds per Terms). Free, Pro, Business, and Enterprise tiers.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Decktopus Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    decktopus.com

    > Browse all vendor trust reports