// Trust & Security Report

    Zesterv FZE LLC (operating as SlidesAI) logo

    Zesterv FZE LLC (operating as SlidesAI)

    SlidesAI is a single AI presentation-generation product delivered as a Google Slides add-on, a PowerPoint add-in, a web app, and a custom ChatGPT ("SlidesAI GPT"). All surfaces share one account/subscription system and the same backend; there is no separate enterprise-tier product with distinct security controls.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 8 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2)
    NOT CONFIRMED

    No public evidence. The literal string "SOC 2" does not appear anywhere on slidesai.io's privacy policy, terms of use, or about page. A third-party aggregator (Nudge Security) displays a generic "SOC 2 Compliant" badge for SlidesAI, but that page confirmed on inspection to be a templated badge list with no citation, evidence link, or vendor source, applied uniformly across many vendor entries. This is not vendor-domain proof and is disregarded.

    source: slidesai.io
    ISO 27001
    NOT CONFIRMED

    No public evidence. Not mentioned in privacy policy, terms, or about page. Same third-party templated-badge caveat as above applies; not counted.

    source: slidesai.io
    GDPR (posture)
    NOT CONFIRMED

    No explicit GDPR compliance statement found anywhere on the vendor's own domain. Direct verbatim check of the privacy policy confirmed the word 'GDPR' does not appear. The policy does describe GDPR-adjacent practices in substance (HTTPS in transit, encryption at rest, data deletion on request, no data sale to third parties) but never invokes the GDPR framework by name or names a legal basis, EU representative, or DPA process. Graded false as a named certification/framework claim; the underlying data-handling practices are captured separately under privacy/security below.

    source: slidesai.io
    HIPAA
    NOT CONFIRMED

    No public evidence and no BAA offering mentioned anywhere on the vendor's domain. A third-party badge page (Nudge Security) lists 'HIPAA Compliant' but with no supporting evidence or source, contradicted by the vendor's own privacy policy which never mentions HIPAA, PHI, or a Business Associate Agreement. This is a likely over-claim by the third-party aggregator, not the vendor; disregarded.

    source: slidesai.io
    PCI DSS
    NOT CONFIRMED

    Not applicable / no evidence. SlidesAI's payments are processed by Paddle.com as Merchant of Record ('This product is sold directly by Paddle.com, the official Merchant Of Record (MoR)/Reseller of SlidesAI'), so any PCI DSS compliance for card handling belongs to Paddle, not SlidesAI/Zesterv directly.

    source: slidesai.io
    FedRAMP
    NOT CONFIRMED

    No public evidence. Not plausible for a 1-10 employee consumer/edu SaaS add-on with no government-facing product line. The only place this claim appears is the unsourced Nudge Security badge list; disregarded as a likely third-party template artifact.

    source: slidesai.io
    CSA STAR
    NOT CONFIRMED

    No public evidence. Not mentioned on any vendor-owned page.

    source: slidesai.io
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence. Not mentioned anywhere on the vendor's domain.

    source: slidesai.io

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    Not specified on any vendor-owned page. The privacy policy and terms make no statement about the country/region where user data or presentation content is stored or processed. Company is legally based in Sharjah, United Arab Emirates ('Zesterv LLC · COWORKING, Business Center, Sharjah Publishing City Free Zone, Sharjah, United Arab Emirates'); governing law for the Terms of Use is UAE law.

    The privacy policy states user-entered text is sent to OpenAI's servers to generate slide content and that 'no other data including any personal information is shared with OpenAI or any other third parties,' but it does not state whether OpenAI or SlidesAI itself uses the submitted text to train models, nor does it offer an explicit opt-out toggle. Users are pointed to OpenAI's own privacy policy for how OpenAI handles the data it receives. Because the vendor's own page is silent on model-training use of content, this is graded 'unknown' (null) rather than assumed either way.

    // Security controls

    Encryption in transit

    Confirmed. 'All our communication happens via HTTPS, encrypting the data in transit.'

    slidesai.io

    Encryption at rest

    Vendor-claimed, no third-party attestation. 'All data is encrypted at rest to ensure maximum security.'

    slidesai.io

    Data minimization / PII collected

    Vendor states it only retains the user's email address, used strictly for authentication: 'SlidesAI only has access to the email address of users.'

    slidesai.io

    Data retention / deletion

    Vendor states data is 'retained only for as long as necessary to provide our services and will delete user data upon request' via a request to the support/privacy email address.

    slidesai.io

    Third-party sub-processor (AI generation)

    User-entered text is sent to OpenAI's servers for slide generation; vendor states no other data or personal information is shared with OpenAI or any other third party.

    slidesai.io

    OAuth / authentication

    Uses Google OAuth (Google Slides integration) and Microsoft OAuth (PowerPoint add-in) for sign-in; vendor states use of Google API data complies with the Google API Services User Data Policy, including Limited Use requirements.

    slidesai.io

    No sale of data

    Vendor states it does not sell user-generated data or personal information for commercial purposes.

    slidesai.io

    Formal certifications / trust center

    None found. No dedicated /security or /trust page exists on slidesai.io; all security posture statements are folded into the general privacy policy with no third-party audit or attestation referenced.

    slidesai.io

    // Products & data scope

    SlidesAI (Google Slides add-on)AI presentation generation

    data: Requests broad Google Slides/Sheets edit and delete permissions plus basic profile/email via OAuth; processes user-submitted topic text/notes, sent to OpenAI for generation.

    Primary product surface; 14M+ installs per vendor claims on the homepage/about page (self-reported, not independently verified).

    SlidesAI (PowerPoint add-in)AI presentation generation

    data: Same generation pipeline as the Google Slides version; uses Microsoft OAuth for authentication.

    Vendor states any data obtained through Microsoft APIs complies with Microsoft's Privacy and Data Handling Standards.

    SlidesAI Web AppAI presentation generation

    data: Browser-based generation flow; exports PPTX files.

    Same account/subscription and data-handling policy as the add-ons; no separate terms found.

    SlidesAI GPT (custom ChatGPT)AI presentation generation via OpenAI's GPT Store

    data: Runs inside ChatGPT; outputs are saved back to the user's Google Slides.

    Subject to OpenAI's own platform data-handling terms in addition to SlidesAI's policy; vendor's privacy policy does not separately delineate this surface's data flow.

    // What to watch

    • Third-party aggregator Nudge Security displays an unsourced, templated badge list claiming SlidesAI is SOC 2, PCI, HIPAA, GDPR, ISO 27001, FedRAMP, and CSA STAR compliant. None of these claims are corroborated on slidesai.io's own privacy policy, terms of use, or about page, and the badge structure was confirmed to repeat identically across unrelated vendors on that platform. Treat this as a data-quality trap, not a real certification signal, if it resurfaces in future scrapes.
    • No dedicated trust/security center exists on the vendor's domain; all security claims are embedded in the general consumer privacy policy with no independent audit or attestation referenced.
    • AI-training posture on user-submitted presentation content/text is not explicitly addressed by the vendor (silent on whether OpenAI or SlidesAI trains models on it); no opt-out mechanism is described.
    • Data residency/region of storage is undisclosed.
    • No DPA (Data Processing Agreement) is offered or referenced, which will matter for any EU business customer needing GDPR Article 28 documentation despite the vendor's informal GDPR-adjacent practices.
    • Google Workspace Marketplace listing requests broad edit/delete permissions on all Slides and Sheets, which is broader than the vendor's own 'minimal permissions' marketing language suggests.

    // At a glance

    Pricing model

    Freemium subscription (Basic free tier, Pro and Premium paid tiers billed monthly or yearly), sold via Paddle.com as Merchant of Record; separate Team and Institution pricing tracks are referenced on the pricing page but no distinct security posture is documented for them.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Zesterv FZE LLC (operating as SlidesAI)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    slidesai.io

    > Browse all vendor trust reports