Privacy Policy

Privacy Policy

Published: March 16, 2026 · Revision 2.1, April 13, 2026

This Privacy Policy (hereinafter referred to as the "Policy") establishes the procedures for processing and protecting the personal data of users of the PikDek service, located at https://pikdek.com (hereinafter referred to as the "Service"), operated by Individual Entrepreneur Arutyunyan Armen Rudikovich (hereinafter referred to as the "Operator").

1Personal Data Operator

Operator
IE Arutyunyan A.R.
INN
772489197035
OGRNIP
319774600514418
Email
support@pikdek.com

2Personal Data Collected

Registration Data

  • Username
  • Email address
  • Password (stored as a bcrypt hash)
  • Referral code (if applicable)

Presentation Data

  • Presentation content (text, slide structure)
  • AI generation topic and parameters
  • Imported files (PDF, PPTX)
  • Exported files (PDF, PPTX)
  • Uploaded images
  • Voiceover audio files (TTS)
  • Public links and access codes for presentations

Brand Kit Data

  • Company name and description
  • Brand colors and style
  • Company website URL (for auto-analysis)

Subscription and Payment Data

  • Plan type and validity period
  • Used and available credits
  • Payment ID, amount, status, date
  • Applied promo codes
  • Bank details and card data are NOT stored on the Operator's servers — payment processing is handled by YooKassa (YooMoney JSC)

Referral Program Data

  • User referral code
  • Information about referred users (ID, status)

View Analytics Data

  • Viewer IP address (for geography)
  • Country
  • View duration, number of slides viewed

Technical Data

  • IP address
  • Session cookies
  • Browser and device data
  • Yandex.Metrica data (with user consent)

3Purposes of Data Processing

  1. 1Service access — registration, authentication, cross-domain authorization
  2. 2Service delivery — AI presentation generation, slide voiceover (TTS), brand kit auto-analysis, import/export, storage
  3. 3Publication and sharing — public links, access codes, view analytics
  4. 4Payment processing — accepting payments, applying promo codes, refunds, accounting and tax records
  5. 5Referral program — tracking referred users, awarding bonus credits
  6. 6Communication — email notifications (registration, storage expiration, export readiness), responding to inquiries
  7. 7Service improvement — usage analysis, statistics, identifying technical issues

4Legal Basis for Processing

  • Data subject's consent (Art. 6, Part 1, Clause 1 of Federal Law No. 152-FZ)
  • Contract performance (Art. 6, Part 1, Clause 5 of Federal Law No. 152-FZ)
  • Compliance with Russian legislation (Art. 6, Part 1, Clause 2 of Federal Law No. 152-FZ)

5Data Sharing with Third Parties

RecipientPurposeData Shared
ЮKassa (YuMoney JSC, Russia)Payment processingAmount, payment ID
Yandex LLC (Russia) — YandexGPT / YandexART / SpeechKitAI generation of text content and narration. Data stays within the Russian perimeter.Presentation content. No personal data.
OpenAI OpCo LLC (USA) — DALL-EIllustration generation from an anonymized 20-word English visual descriptor.Only the visual descriptor. No personal data, no slide text.
Zoho Corporation (EU)Email notificationsEmail, display name
Yandex LLC — Yandex.Metrica (Russia)Behavior analytics (cookies consent only)Anonymized behavioral data

The Operator does not sell or share personal data with third parties for marketing purposes.

6Data Processing for AI Generation

6.1. For AI generation of presentation text content, charts, and slide narration, the Service transmits only presentation content: topic, slide text, and design parameters. This data does not constitute personal data under Russian law (152-ФЗ). AI-content processing happens at Yandex LLC (Russia) — YandexGPT, YandexART, Yandex SpeechKit — on servers within the Russian Federation. No cross-border transfer of personal data occurs.

AI services used for content generation operate in Zero Data Retention mode — input and output data is not stored by providers and is deleted immediately after processing
Speech synthesis (voiceover) uses neural network technology; only the slide text is transmitted
Image generation is based on text descriptions; no personal user data is involved in the process

6.2. Content is processed over encrypted channels (HTTPS/TLS 1.3). AI providers process data solely for a single-request output and do not use it for model training, analytics, or other purposes.

6.3. The Operator takes all necessary organizational and technical measures to ensure confidentiality, including selecting providers with Zero Data Retention policies.

6.4. Document import (PDF, DOCX, PPTX, XLSX, Keynote). The Service extracts text content and sends it to an AI service within the Russian Federation (section 6.1). Users are responsible for ensuring uploads do not contain third-party personal data or sensitive information without consent.

7Data Retention Periods

Account data — until account deletion or consent withdrawal
Presentation data — stored indefinitely until deleted by user or account
Exported files — automatically deleted 24 hours after creation
Voiceover audio files — stored until presentation deletion
Payment data — 5 years (tax legislation requirements)
View analytics data — until presentation deletion

8Cookies

Technical (Required)

The Service uses technical (session) cookies necessary for authorization and proper operation. They are deleted when the browser is closed or when the session expires.

Analytical (Optional)

Yandex.Metrica — used for user behavior analysis. Loaded only with explicit user consent.

9User Rights

In accordance with Art. 14 of FZ-152, you have the right to:

  1. 1.Obtain information about the processing of your personal data
  2. 2.Request correction, blocking, or destruction of data
  3. 3.Withdraw consent for processing
  4. 4.Request deletion of personal data
  5. 5.Obtain information about cross-border transfer of your data
  6. 6.Appeal the Operator's actions to Roskomnadzor or court

To exercise your rights, contact us at: support@pikdek.com. Response time — no more than 10 business days.

10Consent Withdrawal

You may withdraw consent at any time by sending a request to support@pikdek.com with the subject "Withdrawal of consent for personal data processing." The Operator will cease processing within 30 days and destroy personal data, except for data whose processing is required by Russian legislation (e.g., payment data — see Section 7). Withdrawal results in termination of access to the Service and account deletion.

11Security Measures

  • Passwords stored as bcrypt hashes
  • Data transmitted over HTTPS (TLS 1.2+)
  • Database access restricted (SSL connections)
  • Sessions protected by JWT tokens with httpOnly cookies
  • Security headers: CSP, HSTS, X-Content-Type-Options, X-XSS-Protection
  • Request rate limiting
  • Payment system webhook verification by IP and API
  • Regular software updates

12Policy Changes

The current version is available at: https://pikdek.com/privacy. Users are notified of material changes by email.

13Contact

  • Email: support@pikdek.com
  • Operator: IE Arutyunyan Armen Rudikovich
  • INN: 772489197035 · OGRNIP: 319774600514418
  • Roskomnadzor register of personal-data operators: registration number to be updated
  • Notification of intent to conduct cross-border transfer of personal data (art. 12 part 4 of 152-FZ): incoming number to be updated
Privacy Policy — PikDek | PikDek