Privacy Policy

Published: March 16, 2026 · Revision 2.0

This Privacy Policy (hereinafter referred to as the "Policy") establishes the procedures for processing and protecting the personal data of users of the PikDek service, located at https://pikdek.com (hereinafter referred to as the "Service"), operated by Individual Entrepreneur Ambardzumyan Larisa Norikovna (hereinafter referred to as the "Operator").

1. Personal Data Operator

2. Personal Data Collected

2.1. Registration Data

• Username
• Email address
• Password (stored as a bcrypt hash)
• Referral code (if applicable)

2.2. Presentation Data

• Presentation content (text, slide structure)
• AI generation topic and parameters
• Imported files (PDF, PPTX)
• Exported files (PDF, PPTX)
• Uploaded images
• Voiceover audio files (TTS)
• Public links and access codes for presentations

2.3. Brand Kit Data

• Company name and description
• Brand colors and style
• Company website URL (for auto-analysis)

2.4. Subscription and Payment Data

• Plan type and validity period
• Used and available credits
• Payment ID, amount, status, date
• Applied promo codes
• Bank details and card data are NOT stored on the Operator's servers — payment processing is handled by YooKassa (YooMoney JSC)

2.5. Referral Program Data

• User referral code
• Information about referred users (ID, status)

2.6. View Analytics Data

• Viewer IP address (for geography)
• Country
• View duration, number of slides viewed

2.7. Technical Data

• IP address
• Session cookies
• Browser and device data
• Yandex.Metrica data (with user consent)

3. Purposes of Data Processing

1. Service access — registration, authentication, cross-domain authorization
2. Service delivery — AI presentation generation, slide voiceover (TTS), brand kit auto-analysis, import/export, storage
3. Publication and sharing — public links, access codes, view analytics
4. Payment processing — accepting payments, applying promo codes, refunds, accounting and tax records
5. Referral program — tracking referred users, awarding bonus credits
6. Communication — email notifications (registration, storage expiration, export readiness), responding to inquiries
7. Service improvement — usage analysis, statistics, identifying technical issues

4. Legal Basis for Processing

• Data subject's consent (Art. 6, Part 1, Clause 1 of Federal Law No. 152-FZ)
• Contract performance (Art. 6, Part 1, Clause 5 of Federal Law No. 152-FZ)
• Compliance with Russian legislation (Art. 6, Part 1, Clause 2 of Federal Law No. 152-FZ)

5. Data Sharing with Third Parties

The Operator does not sell or share personal data with third parties for marketing purposes.

6. Cross-Border Data Transfer

6.1. For AI presentation generation and slide voiceover, personal data (topic, parameters, slide text) is transmitted to servers of the following companies located outside the Russian Federation:

6.2. Cross-border transfer is carried out on the basis of the data subject's consent given during Service registration (Art. 12, Part 4, Clause 1 of FZ-152).

6.3. Transfer is conducted via encrypted channels (HTTPS/TLS). The specified recipients process data solely to generate results and do not use it for other purposes.

7. Data Retention Periods

• Account data — until account deletion or consent withdrawal
• Presentation data — stored indefinitely until deleted by user or account
• Exported files — automatically deleted 24 hours after creation
• Voiceover audio files — stored until presentation deletion
• Payment data — 5 years (tax legislation requirements)
• View analytics data — until presentation deletion

8. Cookies

8.1. Technical (Required)

The Service uses technical (session) cookies necessary for authorization and proper operation. They are deleted when the browser is closed or when the session expires.

8.2. Analytical (Optional)

Yandex.Metrica — used for user behavior analysis. Loaded only with explicit user consent.

9. User Rights

In accordance with Art. 14 of FZ-152, you have the right to:

1. Obtain information about the processing of your personal data
2. Request correction, blocking, or destruction of data
3. Withdraw consent for processing
4. Request deletion of personal data
5. Obtain information about cross-border transfer of your data
6. Appeal the Operator's actions to Roskomnadzor or court

To exercise your rights, contact us at: support@pikdek.com. Response time — no more than 10 business days.

10. Consent Withdrawal

You may withdraw consent at any time by sending a request to support@pikdek.com with the subject "Withdrawal of consent for personal data processing." The Operator will cease processing within 30 days and destroy personal data, except for data whose processing is required by Russian legislation (e.g., payment data — see Section 7). Withdrawal results in termination of access to the Service and account deletion.

11. Security Measures

• Passwords stored as bcrypt hashes
• Data transmitted over HTTPS (TLS 1.2+)
• Database access restricted (SSL connections)
• Sessions protected by JWT tokens with httpOnly cookies
• Security headers: CSP, HSTS, X-Content-Type-Options, X-XSS-Protection
• Request rate limiting
• Payment system webhook verification by IP and API
• Regular software updates

12. Policy Changes

The current version is available at: https://pikdek.com/privacy. Users are notified of material changes by email.

13. Contact

• Email: support@pikdek.com
• Operator: IE Ambardzumyan Larisa Norikovna
• INN: 620802921005 · OGRNIP: 323774600096840