// Trust & Security Report
Zesterv FZE LLC (operating as SlidesAI)
SlidesAI is a single AI presentation-generation product delivered as a Google Slides add-on, a PowerPoint add-in, a web app, and a custom ChatGPT ("SlidesAI GPT"). All surfaces share one account/subscription system and the same backend; there is no separate enterprise-tier product with distinct security controls.
Certifications held
0
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 8 unconfirmed / not-held certifications
source: slidesai.ioNo public evidence. The literal string "SOC 2" does not appear anywhere on slidesai.io's privacy policy, terms of use, or about page. A third-party aggregator (Nudge Security) displays a generic "SOC 2 Compliant" badge for SlidesAI, but that page confirmed on inspection to be a templated badge list with no citation, evidence link, or vendor source, applied uniformly across many vendor entries. This is not vendor-domain proof and is disregarded.
source: slidesai.ioNo public evidence. Not mentioned in privacy policy, terms, or about page. Same third-party templated-badge caveat as above applies; not counted.
source: slidesai.ioNo explicit GDPR compliance statement found anywhere on the vendor's own domain. Direct verbatim check of the privacy policy confirmed the word 'GDPR' does not appear. The policy does describe GDPR-adjacent practices in substance (HTTPS in transit, encryption at rest, data deletion on request, no data sale to third parties) but never invokes the GDPR framework by name or names a legal basis, EU representative, or DPA process. Graded false as a named certification/framework claim; the underlying data-handling practices are captured separately under privacy/security below.
source: slidesai.ioNo public evidence and no BAA offering mentioned anywhere on the vendor's domain. A third-party badge page (Nudge Security) lists 'HIPAA Compliant' but with no supporting evidence or source, contradicted by the vendor's own privacy policy which never mentions HIPAA, PHI, or a Business Associate Agreement. This is a likely over-claim by the third-party aggregator, not the vendor; disregarded.
source: slidesai.ioNot applicable / no evidence. SlidesAI's payments are processed by Paddle.com as Merchant of Record ('This product is sold directly by Paddle.com, the official Merchant Of Record (MoR)/Reseller of SlidesAI'), so any PCI DSS compliance for card handling belongs to Paddle, not SlidesAI/Zesterv directly.
source: slidesai.ioNo public evidence. Not plausible for a 1-10 employee consumer/edu SaaS add-on with no government-facing product line. The only place this claim appears is the unsourced Nudge Security badge list; disregarded as a likely third-party template artifact.
source: slidesai.ioNo public evidence. Not mentioned anywhere on the vendor's domain.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Not specified on any vendor-owned page. The privacy policy and terms make no statement about the country/region where user data or presentation content is stored or processed. Company is legally based in Sharjah, United Arab Emirates ('Zesterv LLC · COWORKING, Business Center, Sharjah Publishing City Free Zone, Sharjah, United Arab Emirates'); governing law for the Terms of Use is UAE law.
The privacy policy states user-entered text is sent to OpenAI's servers to generate slide content and that 'no other data including any personal information is shared with OpenAI or any other third parties,' but it does not state whether OpenAI or SlidesAI itself uses the submitted text to train models, nor does it offer an explicit opt-out toggle. Users are pointed to OpenAI's own privacy policy for how OpenAI handles the data it receives. Because the vendor's own page is silent on model-training use of content, this is graded 'unknown' (null) rather than assumed either way.
// Security controls
Encryption in transit
Confirmed. 'All our communication happens via HTTPS, encrypting the data in transit.'
slidesai.ioEncryption at rest
Vendor-claimed, no third-party attestation. 'All data is encrypted at rest to ensure maximum security.'
slidesai.ioData minimization / PII collected
Vendor states it only retains the user's email address, used strictly for authentication: 'SlidesAI only has access to the email address of users.'
slidesai.ioData retention / deletion
Vendor states data is 'retained only for as long as necessary to provide our services and will delete user data upon request' via a request to the support/privacy email address.
slidesai.ioThird-party sub-processor (AI generation)
User-entered text is sent to OpenAI's servers for slide generation; vendor states no other data or personal information is shared with OpenAI or any other third party.
slidesai.ioOAuth / authentication
Uses Google OAuth (Google Slides integration) and Microsoft OAuth (PowerPoint add-in) for sign-in; vendor states use of Google API data complies with the Google API Services User Data Policy, including Limited Use requirements.
slidesai.ioNo sale of data
Vendor states it does not sell user-generated data or personal information for commercial purposes.
slidesai.ioFormal certifications / trust center
None found. No dedicated /security or /trust page exists on slidesai.io; all security posture statements are folded into the general privacy policy with no third-party audit or attestation referenced.
slidesai.io// Products & data scope
data: Requests broad Google Slides/Sheets edit and delete permissions plus basic profile/email via OAuth; processes user-submitted topic text/notes, sent to OpenAI for generation.
Primary product surface; 14M+ installs per vendor claims on the homepage/about page (self-reported, not independently verified).
data: Same generation pipeline as the Google Slides version; uses Microsoft OAuth for authentication.
Vendor states any data obtained through Microsoft APIs complies with Microsoft's Privacy and Data Handling Standards.
data: Browser-based generation flow; exports PPTX files.
Same account/subscription and data-handling policy as the add-ons; no separate terms found.
data: Runs inside ChatGPT; outputs are saved back to the user's Google Slides.
Subject to OpenAI's own platform data-handling terms in addition to SlidesAI's policy; vendor's privacy policy does not separately delineate this surface's data flow.
// What to watch
- Third-party aggregator Nudge Security displays an unsourced, templated badge list claiming SlidesAI is SOC 2, PCI, HIPAA, GDPR, ISO 27001, FedRAMP, and CSA STAR compliant. None of these claims are corroborated on slidesai.io's own privacy policy, terms of use, or about page, and the badge structure was confirmed to repeat identically across unrelated vendors on that platform. Treat this as a data-quality trap, not a real certification signal, if it resurfaces in future scrapes.
- No dedicated trust/security center exists on the vendor's domain; all security claims are embedded in the general consumer privacy policy with no independent audit or attestation referenced.
- AI-training posture on user-submitted presentation content/text is not explicitly addressed by the vendor (silent on whether OpenAI or SlidesAI trains models on it); no opt-out mechanism is described.
- Data residency/region of storage is undisclosed.
- No DPA (Data Processing Agreement) is offered or referenced, which will matter for any EU business customer needing GDPR Article 28 documentation despite the vendor's informal GDPR-adjacent practices.
- Google Workspace Marketplace listing requests broad edit/delete permissions on all Slides and Sheets, which is broader than the vendor's own 'minimal permissions' marketing language suggests.
// At a glance
Pricing model
Freemium subscription (Basic free tier, Pro and Premium paid tiers billed monthly or yearly), sold via Paddle.com as Merchant of Record; separate Team and Institution pricing tracks are referenced on the pricing page but no distinct security posture is documented for them.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Zesterv FZE LLC (operating as SlidesAI)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
slidesai.io