Vitoom Limited
CreatePPTX Privacy Policy
How CreatePPTX collects, uses, stores, shares, and protects personal information and user content when you use our AI presentation services.
Introduction
CreatePPTX (official website https://createpptx.com) is an AI presentation generation and editing service operated by Vitoom Limited. With CreatePPTX, you can generate editable online presentations from topics, prompts, PDF files, DOCX files, and other reference materials; revise outlines; render slides; preview and edit content online; manage projects; and export presentations in formats such as PDF and PPTX.
This policy is closely related to the products and/or services you use. When you browse, register, log in, upload materials, generate presentations, edit projects, export files, purchase credits, or otherwise use CreatePPTX (collectively, "using our products and/or services"), we will process and protect your personal information in accordance with this policy.
CreatePPTX is accessible globally, but we do not currently target or market our services to any specific country or region. If mandatory privacy laws in your location provide additional rights, we will respect those rights to the extent they apply to our service.
Please read and fully understand this policy before using or continuing to use our products and services. If you do not agree with this policy, you should immediately stop accessing or using CreatePPTX. Your use or continued use of CreatePPTX indicates that you understand and agree to this Privacy Policy, including updated versions.
1. How We Collect and Use Your Personal Information
We follow the principles of legitimacy, lawfulness, and necessity. We collect and use personal information that you actively provide or that arises from your use of CreatePPTX for the purposes described in this policy. If we want to use your personal information for other purposes not specified here, we will inform you in a reasonable manner and, where required, ask for your consent again before use.
Account registration and login: When you register or log in, we may collect your email address, password hash, account identifiers, authentication status, and basic profile information to create and maintain your account and provide login services.
Third-party login: If you use Google, Microsoft, or other third-party identity providers, we may receive account identifiers, email address, nickname, avatar, and other information authorized by you and permitted by the provider, so that you can sign in and use CreatePPTX.
Presentation generation and editing: When you create projects, submit prompts, upload PDF/DOCX/PPT/images/reference files, generate outlines, render slides, edit SVG content, save revisions, or export decks, we process those inputs, generated outlines, slide content, project metadata, export artifacts, and related logs as necessary to provide the service.
AI processing: We may process prompts, uploaded materials, extracted document text, generated outlines, slide content, and related metadata through Together.ai and self-hosted AI models solely to provide generation, editing, rendering, safety, troubleshooting, and service-improvement functions. We do not use your private projects, uploaded files, or generated presentations for advertising profiling.
Payment and billing: When you purchase credits, unlock downloads, or use paid features, we process order IDs, payment status, amount, currency, purchased items, credit balances, and necessary billing records. Payment card numbers and other sensitive payment credentials are handled by payment processors such as Stripe, not stored directly by us in full form.
Device, network, and log information: We may collect IP address, browser type, operating system, device identifiers, access timestamps, referral URLs, error logs, security events, and similar technical data for authentication, security, fraud prevention, troubleshooting, and service reliability. We do not use cookies or similar technologies to track users for advertising or behavioral analytics.
Guest sessions: If you use CreatePPTX without logging in, we may create and store a guest session identifier, limited project records, and usage constraints so that you can try the service within applicable guest limits.
Exceptions without separate consent: We may collect and use certain personal information without additional authorization where permitted by law, including to perform a contract, comply with legal obligations, respond to emergencies, protect life or property, conduct public-interest reporting within a reasonable scope, or process information you have already lawfully disclosed.
2. How We Share, Transfer, and Publicly Disclose Your Personal Information
Share: We do not share your personal information with any company, organization, or individual except where one or more of the following applies: (1) we have obtained your authorization in advance; (2) you requested the sharing; (3) sharing is necessary with business partners or service providers to deliver the service; (4) you participate in a promotion or event that requires limited sharing; or (5) sharing is necessary with affiliates for purposes consistent with this policy.
Service providers: To provide CreatePPTX, we may share necessary information with AWS cloud hosting and storage services, Stripe for payment processing, Google OAuth and Microsoft OAuth for sign-in where selected by you, Together.ai and self-hosted AI models for AI generation and document processing, and necessary database, queue, security, logging, and monitoring infrastructure. We share only what is necessary for specified purposes and require appropriate confidentiality and security obligations.
We do not sell your personal information. We do not use your private projects, uploaded files, or generated presentations for cross-context behavioral advertising.
Transfer: We do not transfer control of your personal information to another company, organization, or individual unless we obtain your explicit consent, you request the transfer, or the transfer occurs in connection with a merger, acquisition, restructuring, asset sale, or bankruptcy. In such cases, we will notify you where required and require the recipient to remain bound by this policy or obtain your consent again.
Public disclosure: We disclose personal information only with your explicit consent or where required by law, regulation, judicial process, administrative enforcement, security incident response, or to protect users, the public, or our rights to the extent permitted by law.
Your content visibility: We do not publicly display your private projects, uploaded files, generated slides, or exported files unless you choose to share them or disclosure is required by law.
3. How We Store and Protect Your Personal Information
Information storage: Your personal information and user content may be stored and processed in Hong Kong, the United States, or other regions where AWS, Stripe, Google, Microsoft, Together.ai, or our necessary service providers operate, depending on hosting configuration and operational needs. We do not transfer personal information to another country or region unless permitted by applicable law, supported by appropriate safeguards, or based on your consent where required.
Security measures: We use administrative, technical, and physical safeguards designed to protect personal information, including access controls, permission isolation, encryption in transit, logging and monitoring, backups, vulnerability management, and personnel training.
Transmission security: We use measures such as HTTPS/TLS to help protect data transmitted between your browser or client and our servers.
Access authorization: We restrict access to personal information to personnel and partners who need it for specific purposes and within the scope required to perform their duties. Access and operations may be logged and monitored.
No absolute guarantee: Although we take reasonable steps to protect information, no internet transmission or storage system can be guaranteed to be completely secure.
4. How You Manage Your Personal Information
Subject to applicable law, you may have the right to access, correct, delete, export, restrict, or object to certain processing of your personal information, and to withdraw consent where processing is based on consent.
You can manage some information directly in the product, such as account details, project content, uploaded materials, and generated presentations, subject to feature availability.
If you cannot manage your information through the product, or if you wish to submit a complaint or security report, contact us through the user feedback system on the CreatePPTX homepage.
To protect your account and personal information, we may require reasonable identity verification before fulfilling your request. If you cannot provide sufficient proof of identity, we may refuse all or part of the request as permitted by law.
5. How to Cancel Your Account
You may request account cancellation through account settings if a self-service cancellation feature is available, or by contacting us through the user feedback system on the CreatePPTX homepage.
After account cancellation, we will stop providing services to you and delete or anonymize your personal information within a reasonable period, except where retention is required by law, needed for fraud prevention, billing reconciliation, dispute resolution, security, or backup cycles.
Deleting your account may not immediately remove all backups or logs retained for limited operational or legal periods.
6. Special Instructions on Products and/or Services Provided by Third Parties
CreatePPTX may integrate Google OAuth, Microsoft OAuth, Stripe, AWS, Together.ai, self-hosted models, and necessary security or infrastructure services. Those third parties process information under their own terms and privacy policies.
If you choose to use a third-party service integrated with CreatePPTX, that third party may collect information necessary to provide its function. We are not responsible for the independent collection, use, or disclosure practices of third parties, and you should review their policies carefully.
If you refuse permissions or authorization required by a third-party service, you may not be able to use the corresponding feature properly.
7. How We Use Cookies and Other Similar Technologies
Cookies are small text files stored on your device when you use CreatePPTX. We use cookies, local storage, and similar technologies only for login sessions, authentication, account security, fraud prevention, service integrity, and remembering essential preferences.
We do not use cookies or similar technologies for advertising tracking, cross-site behavioral profiling, or non-essential analytics.
You can manage cookies through your browser settings. If you disable necessary cookies, features such as login, account security, payment flow continuity, or preference storage may not function properly.
Third-party providers such as Google, Microsoft, Stripe, or security infrastructure may set strictly necessary cookies or similar technologies when required for authentication, payment, fraud prevention, or service security, subject to their own policies and applicable law.
8. Protection of Minors
We take the protection of minors' personal information seriously. If you are under 18, you should read this policy with your parent or legal guardian and use CreatePPTX only with their consent and guidance.
We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us so we can delete it promptly.
If we discover that we collected personal information from a minor without verifiable guardian consent where required, we will take reasonable steps to delete the relevant data.
9. How We Update This Privacy Policy
We may revise or update this policy from time to time. We will notify you of material changes by posting an updated policy on the website or through other reasonable means before or when the changes take effect.
If you continue to use CreatePPTX after an updated policy becomes effective, you will be deemed to have accepted the updated policy. If you do not agree, you should stop using the service.
10. How to Contact Us
If you have questions, comments, suggestions, complaints, or data-rights requests about this policy or our handling of personal information, contact us through the user feedback system on the CreatePPTX homepage.
Vitoom Limited
Address: Room No. E02, Flat A, 10th Floor, Tai King Industrial Building, No. 100-102 King Fuk Street, San Po King, Kowloon, Hong Kong
11. Others
This Privacy Policy forms an integral part of the CreatePPTX Terms of Use. By using CreatePPTX, you agree to this policy and other applicable platform rules.
If any provision of this policy is found invalid or unenforceable, the remaining provisions remain in full force and effect.
12. California Privacy Notice (CCPA/CPRA)
This section applies to California residents and is provided pursuant to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Categories of personal information collected in the past 12 months may include: identifiers (email address, account identifiers, IP address, device identifiers); internet or other electronic network activity information (usage logs, interaction data, necessary cookie identifiers, and security events); geolocation data (coarse location derived from IP address); uploaded and generated content (documents, prompts, outlines, slides, exports); payment and transaction information; and limited inferences drawn from your interactions to improve features, safety, and support.
Sources: directly from you; your device or browser; our service providers; and, where you choose, third-party login providers.
Business or commercial purposes: providing and maintaining CreatePPTX; account management; presentation generation and export; security and fraud prevention; debugging and service reliability; legal compliance; and customer support.
Disclosure: we disclose personal information to service providers and contractors for business purposes such as AWS hosting and storage, Stripe payment processing, Google and Microsoft authentication, security, and Together.ai or self-hosted AI/document processing. We do not sell personal information.
Your CCPA/CPRA rights may include the right to know/access, delete, correct, obtain portability, limit use of sensitive personal information where applicable, and opt out of sale/share. We do not sell personal information. We will not discriminate against you for exercising these rights.
Submit requests through the user feedback system on the CreatePPTX homepage. We will verify your identity and respond within the timeframes required by law.
13. Children and Teens' Privacy (COPPA/CPRA)
Children under 13: CreatePPTX is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
Teens ages 13–16: For California residents in this age range, we do not sell or share personal information without prior opt-in consent where required by law.
Parental rights: Parents or legal guardians may review, delete, and refuse further collection of a child's personal information by contacting us using the methods in this policy.
14. Japan APPI Notice and Cross-Border Transfers
This section supplements our policy for users in Japan under the Act on the Protection of Personal Information (APPI).
Utilization purposes: we use personal information to provide and improve CreatePPTX; manage accounts; process uploads and generated presentations; handle inquiries; ensure security, fraud prevention, debugging, and service reliability; and comply with laws, within the scope necessary to achieve these purposes.
Provision to third parties and entrustment: we may provide or entrust personal data to service providers such as cloud hosts, payment processors, authentication providers, and AI/document processors under appropriate supervision and contractual safeguards.
Cross-border transfers: depending on hosting configuration, personal data may be processed outside Japan, including in Hong Kong or the United States. Where required, we take steps consistent with APPI for foreign transfers, including informing users and obtaining consent or implementing appropriate safeguards.
Individual requests: you may request notification of purpose of use, disclosure, correction, addition or deletion, suspension of use, or suspension of provision to third parties via the contact methods in this policy.
15. Data Subject Requests and Appeals
You may submit access, correction, deletion, portability, restriction, objection, withdrawal-of-consent, or appeal requests through the user feedback system on the CreatePPTX homepage.
Verification: we may verify your identity, for example by confirming ownership of your account email, and may request additional information solely to verify or fulfill your request.
Timelines: we strive to respond within 45 days of receipt, or within other periods required by applicable law. If more time is needed, we will inform you of the reason and extension period where permitted.
Authorized agents: you may designate an authorized agent to submit a request on your behalf, subject to verification and proof of authorization.
Appeals: if we deny your request, you may appeal through the same feedback channel and clearly state that the submission is an appeal.
16. Data Retention
We retain personal information only as long as necessary for the purposes described in this policy, for the duration of your account, and as required by law. Typical periods include:
Account and profile data: retained for the life of the account and up to 2 years after deletion for fraud prevention, billing reconciliation, and compliance, unless a longer period is required by law.
Projects, uploaded source files, generated slides, and export artifacts: retained until you delete them, cancel your account, or the applicable service retention period ends. Until a more specific in-product retention period is published, we apply a conservative necessity-based retention approach and remove or anonymize inactive project data when it is no longer needed to provide the service, handle disputes, maintain security, or comply with law.
Guest session data: retained for the guest session lifetime and a limited follow-up period needed for account claim, abuse prevention, or operational cleanup.
Operational logs and device information: typically up to 12 months, unless longer retention is required for security or legal obligations.
User feedback and support communications: up to 2 years after resolution.
Backups: typically retained on a rolling basis for up to 35 days.
When retention ends, we delete or irreversibly anonymize data where feasible.
17. Security Measures and Data Breach Notification
We maintain administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit, least-privilege access, logging and monitoring, vulnerability management, and personnel training.
If a data breach affecting personal information occurs, we will assess the incident and notify affected individuals and regulators as required by applicable law. Notifications may describe the nature of the incident, the types of information involved, steps we have taken, and recommended protective measures.
18. Third-Party and SDK Disclosure List
We rely on certain service providers to deliver CreatePPTX. We contractually require them to process personal information only for specified purposes and to implement appropriate security measures. This list is non-exhaustive and may be updated:
AWS cloud hosting and storage: hosting, file storage, backup, and delivery of uploaded and generated content.
Payment processor (Stripe): payment processing, checkout, billing records, and fraud prevention for paid features.
Authentication providers (Google OAuth, Microsoft OAuth, or email/password auth infrastructure): account sign-in and identity verification where you choose those methods.
Database, queue, and infrastructure services: project data, job processing, caching, and operational logs.
Together.ai and self-hosted AI/document-processing services: outline generation, slide rendering assistance, document extraction from uploaded files, and generation troubleshooting. We do not intentionally permit service providers to use your private projects, uploaded files, or generated presentations for their independent advertising purposes.
Security, logging, and monitoring services: abuse detection, error tracking, and service integrity.
For questions about specific integrations, contact us through the user feedback system on the CreatePPTX homepage.
19. Additional Notices for Global Users
Hong Kong PDPO: As a Hong Kong company, we process personal data in accordance with applicable Hong Kong Personal Data (Privacy) Ordinance principles, including collection limitation, accuracy, retention limitation, use limitation, security, openness, and data access and correction rights where applicable.
Mainland China PIPL: If the Personal Information Protection Law of the People's Republic of China applies to your use, we process personal information based on applicable legal bases such as contract performance, consent where required, legal obligations, and necessary security operations. Cross-border processing may involve Hong Kong, the United States, or other service-provider locations, and you may exercise applicable rights through the feedback channel described in this policy.
EU/UK GDPR: If GDPR or UK GDPR applies, our legal bases may include contract performance, legitimate interests in security and service improvement, compliance with legal obligations, and consent where required. You may have rights to access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and lodging a complaint with a supervisory authority.