// Trust & Security Report

    Slidebean Incorporated logo

    Slidebean Incorporated

    AI pitch deck builder + financial modeling SaaS, plus a human pitch-deck design & financial modeling agency service

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    No SOC 2 claim appears anywhere on Slidebean's own domain (no /security or /trust page exists; https://slidebean.com/security returns HTTP 404). Third-party tool-aggregator pages assert 'GDPR and SOC 2 compliance' and 'AES-256 encryption', but these are not verifiable on the vendor's own site and are treated as unconfirmed marketing aggregation, not proof.

    Verify on slidebean.com
    ISO 27001
    HELD

    No ISO 27001 statement found on any Slidebean-owned page (home, /privacy, /terms, /gdpr).

    Verify on slidebean.com
    GDPR (compliance posture, not a certification)
    HELD

    we can guarantee that we will control your personal data in a GDPR (General Data Protection Regulation) compliant manner and that we have signed data processing agreements with so that your data is also processed in a GDPR compliant manner.

    Verify on slidebean.com
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No HIPAA reference exists; the product is a startup pitch/presentation tool not positioned for PHI. Privacy policy states 'we do not store sensitive information such as credit card information on our servers'.

    source: slidebean.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not stated

    Data region

    United States (company HQ 25 Broadway, New York) with processing in Costa Rica (San Jose) and 'other countries'. Terms: 'you herein consent to the collection and use of the information provided, including the transfer of information within the Costa Rica and/or other countries for storage, processing or use by Slidebean Inc and/or our subsidiaries and affiliates'. No EU data-residency option is offered.

    Slidebean markets an 'AI Pitch Deck Creator' but publishes no AI/data-use or model-training policy. Neither the privacy policy (last updated Sept 2021, predating its generative-AI features) nor the terms (last updated May 2018) address whether user deck content or prompts are used to train AI models, or which third-party LLM provider powers the feature. The privacy policy states 'We do not sell to, trade with or otherwise transfer to outside parties your personally identifiable information' and lists sub-processors at templates.slidebean.com/gdpr-data, but is silent on model training. Default behavior is genuinely undocumented; treat as unknown and request written clarification for any sensitive/confidential deck content.

    // Security controls

    Encryption (in transit and at rest)

    Encryption in transit asserted: 'All identifiable information is encrypted via Secure Socket Layer (SSL) technology, and we do not store sensitive information such as credit card information on our servers, we use payment gateway provider.' At-rest encryption is also claimed generally as a stored-records control: 'a range of controls are used to ensure this, including backups, access control and encryption.' No specific at-rest standard (e.g. AES-256) is named on Slidebean's own pages, but encryption at rest is not absent from the policy.

    slidebean.com

    Access controls and security team

    Privacy policy references physical, procedural and technical security measures, access control, and a named internal function: 'The Slidebean Security team shall maintain and enforce a detailed list of approved destruction methods.' Indicates a designated security function and access-control practices, though no third-party attestation backs them.

    slidebean.com

    Vulnerability scanning

    Self-described regular scanning, framed around PCI: 'Our website is scanned on a regular basis for security holes or known vulnerabilities in compliance with payment card industry.' No evidence of independent third-party penetration testing.

    slidebean.com

    Penetration testing

    unknown / not published. No pentest attestation found on any vendor page.

    slidebean.com

    Bug bounty program

    None found. No HackerOne, Bugcrowd, or self-managed security.txt/disclosure program located on Slidebean's domain.

    slidebean.com

    Breach notification

    Committed: 'Our users will be notified within 72 hours if a Data breach occurs.'

    slidebean.com

    Data deletion / retention

    Account deletion within 30 days of request: '30 days after your deletion request has been sent to support@slidebean.com ... Slidebean will delete all customer data related to your account and stored in their database and other repositories.' GDPR access/export/erasure via https://slidebean.com/gdpr-form.

    slidebean.com

    Payment data handling

    Card data not stored on Slidebean servers; handled via third-party payment gateway (PCI-scoped to the processor).

    slidebean.com

    // Products & data scope

    Slidebean AI Pitch Deck SoftwareSelf-serve SaaS presentation/pitch-deck builder with AI generation, collaboration, automated design, and viewer analytics

    data: User-authored deck content (text, images, video), account profile data, and 'Presentation Insights' viewer-tracking data. When a customer collects viewer data via Presentation Insights, Slidebean acts as data processor and the customer as controller; Slidebean offers an 'Enable GDPR compliance' toggle for EU viewer consent.

    Cloud-hosted multi-tenant SaaS. No self-hosting. AI training behavior on deck content is undocumented.

    Financial Modeling Templates / SoftwareStartup budgeting and financial-model templates and tooling

    data: User financial inputs and forecasts stored in the platform.

    Same hosting and privacy regime as the deck builder.

    Slidebean Agency Services (Pitch Deck Design, Financial Modeling, Presentation Design)Human professional services (done-for-you decks and financial models)

    data: Customer-shared business materials, financials, and confidential fundraising data handled by Slidebean staff (analysts, designers, financial experts).

    Distinct trust scope: confidential business data is shared directly with Slidebean personnel rather than just processed by software. Buyers handling sensitive fundraising data should request an NDA/DPA for this engagement.

    // What to watch

    • No trust center or security page exists (slidebean.com/security returns 404).
    • No enterprise certifications (SOC 2 / ISO 27001 / HIPAA) verifiable on the vendor's own domain. SOC 2, ISO 27001 and AES-256 claims appear ONLY on third-party tool-aggregator sites and could not be confirmed; do not present them as held. One aggregator (Nudge Security) auto-lists SOC 2, ISO 27001, HIPAA, PCI, FedRAMP and CSA STAR badges, but FedRAMP and CSA STAR are implausible for a consumer pitch-deck tool, confirming the aggregator data is unreliable marketing scraping rather than evidence.
    • Privacy policy is stale (last updated September 2021) and Terms of Use are very stale (May 2018) - both predate the current AI feature set; no AI/data-use policy exists.
    • No documented stance on whether user deck content or prompts train AI models; default behavior unknown - material gap for confidential fundraising material.
    • No bug-bounty program and no evidence of independent penetration testing; security relies on self-described vulnerability scanning.
    • Cross-border data transfer to Costa Rica and 'other countries' with no data-residency choice.

    // At a glance

    Pricing model

    Freemium SaaS subscription (free sign-up tier plus paid plans) for the software; separate quoted professional-services fees for the agency offerings

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Slidebean Incorporated's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    slidebean.com

    > Browse all vendor trust reports