Security
How we keep your data safe
Last updated: April 2026
SlideScript is built on trusted infrastructure, with security practices applied at every layer — from file upload to script delivery. Here is exactly what we do and why.
Protection measures
The following security measures are active across every part of SlideScript.
Encryption in transit — All data between your browser and our servers is encrypted using HTTPS/TLS. Your slides, scripts, and personal information are never sent in plain text.
No passwords stored — SlideScript uses Google OAuth for sign-in. We never see, store, or handle your password. Google manages your credentials — one of the most secure identity providers in the world.
Payments via Stripe — We never touch your card details. All payments are processed by Stripe, a PCI-DSS Level 1 certified payment provider. Your financial information never reaches our servers.
Rate limiting and abuse protection — All AI endpoints are protected by rate limiting to prevent automated abuse. Suspicious traffic is automatically blocked before it can affect other users.
Request origin validation — Every API request is validated to ensure it originates from SlideScript. This prevents cross-site request forgery attacks where malicious websites attempt to act on your behalf.
File validation — Uploaded files are validated at the server level — not just by filename. We verify each file is what it claims to be before any processing occurs.
Isolated database — User data is stored in a dedicated PostgreSQL database with strict access controls. Database credentials are never exposed to the client under any circumstance.
Enterprise infrastructure — SlideScript runs on Vercel's enterprise-grade infrastructure with automatic DDoS protection, global CDN, and zero-configuration SSL certificate management.
Your data
Common questions about how we handle your information.
What data does SlideScript store?
We store your name, email address (from Google), saved scripts, and usage counts. We do not store your uploaded PDF files after processing — they are discarded once your script is generated.
Who can see my scripts?
Only you. Your saved scripts are tied to your account and are never shared, sold, or used to train AI models. Admin access is limited to the founding team for support purposes only.
Are my slides sent to third parties?
Your slides are processed by Anthropic's Claude AI model to generate your script. Anthropic does not use API inputs to train models. No other third party receives your slide content.
How long is my data kept?
Saved scripts expire based on your plan — 7 days (Free), 30 days (Starter), 90 days (Creator), or 180 days (Pro). You can delete your scripts at any time from My Scripts.
Responsible disclosure
If you have discovered a potential security vulnerability in SlideScript, we ask that you contact us privately before any public disclosure. We take all reports seriously and will respond within 48 hours.
- ✓Do not exploit the vulnerability or access other users' data
- ✓Provide enough detail for us to reproduce and fix the issue
- ✓We will acknowledge your report within 48 hours
Contact
Found a security issue or have a question about our practices? Email us at admin@slidescript.live. You can also use our contact page.