Privacy Policy

1. Definitions

• "Personal Data" means any information that identifies or could reasonably be used to identify a natural person, directly or indirectly.
• "Processing" means any operation performed on Personal Data, including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, or erasure.
• "User" or "you" means any individual who accesses or uses the Services, whether as an account holder or a visitor.
• "PTiQ™" means our PowerPoint add-in product that provides professional templates, one-click formatting, consulting playbooks, and related design tools.
• "Your Content" means any presentations, slides, text, images, or other materials you create, upload, or process through the Services.
• "Partner Assist" means the on-demand professional services available through the Services, including graphic design, data analysis, market research, and expert advisory, which are charged separately from Subscription fees.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account, subscribe to a plan, contact support, or otherwise interact with the Services, we may collect:

• Full name, email address, and phone number
• Company or organisation name and job title
• Billing and payment information (processed and stored by our third-party payment processor, Stripe; we do not store full credit card numbers, CVV codes, or bank account details on our servers)
• Account credentials (passwords are hashed and salted; we never store plaintext passwords)
• Communications you send to us, including support requests, feedback, and survey responses
• Partner Assist service requests, including project briefs, supporting files, and communication related to service delivery
• Any other information you voluntarily provide

2.2 Information Collected Automatically

When you use the Services, certain information is collected automatically through standard web technologies:

• Device information (device type, operating system, browser type and version, screen resolution)
• IP address and approximate geolocation (city/country level only)
• Usage data (features accessed, pages viewed, buttons clicked, session duration, frequency of use)
• Log data (timestamps, referring/exit URLs, HTTP response codes, crash reports)
• PTiQ add-in telemetry (feature usage within PowerPoint, template selections, formatting actions applied - we do not access or transmit the content of your slides)

2.3 Information We Do Not Collect

We want to be explicit about boundaries. We do not collect: the content of your PowerPoint presentations or slides, biometric data, government-issued identification numbers, health or medical information, precise GPS location data, or information from social media profiles. PTiQ operates locally within your PowerPoint application; your slide content is processed on your device and is not uploaded to our servers unless you explicitly choose to use a feature that requires it (in which case, clear consent will be sought).

3. Legal Bases for Processing

We process your Personal Data only when we have a lawful basis to do so. Depending on the context, our processing is based on:

• Performance of a contract: Processing necessary to provide the Services you have subscribed to, manage your account, and fulfil our obligations under the Terms of Service.
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Services, preventing fraud, ensuring security, and conducting analytics - provided these interests do not override your fundamental rights and freedoms.
• Consent: Where we rely on your consent (e.g., marketing communications), you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Legal obligation: Processing necessary to comply with applicable laws, regulations, court orders, or governmental requests.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provide, operate, maintain, and improve the Services, including PTiQ™ templates, formatting tools, and consulting playbooks
• Account management: To create and manage your account, authenticate your identity, and process subscription changes
• Partner Assist delivery: To fulfil and deliver Partner Assist service requests submitted through the platform
• Billing and payments: To process subscriptions, issue invoices, and manage billing through our payment processor
• Communications: To send transactional messages (account confirmations, password resets, invoices, security alerts) and, with your consent, product updates and marketing communications
• Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance
• Analytics and improvement: To analyse usage patterns, measure feature adoption, identify performance bottlenecks, and improve the user experience
• Security and fraud prevention: To detect, prevent, and respond to security incidents, abuse, and fraudulent activity
• Legal compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service

5. Data Sharing and Disclosure

We do not sell, rent, or trade your Personal Data. We may share your information only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party service providers who process data on our behalf, subject to contractual obligations of confidentiality, data protection, and purpose limitation. These include:

• Cloud hosting and infrastructure (Vercel, AWS)
• Payment processing (Stripe - PCI DSS Level 1 certified)
• Email delivery and transactional messaging
• Analytics and performance monitoring
• Customer support platforms

5.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

5.3 Business Transfers

In connection with a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as a business asset. We will notify you via email and/or prominent notice on the Services before your Personal Data becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information for any other purpose disclosed to you with your explicit consent.

6. Data Security

We implement and maintain appropriate technical and organisational security measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of all data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest using AES-256
• Secure password storage using industry-standard hashing algorithms (bcrypt)
• Role-based access controls and principle of least privilege for internal systems
• Regular security assessments, code reviews, and vulnerability scanning
• Incident response procedures with defined escalation and notification protocols
• Secure cloud infrastructure with SOC 2 Type II-compliant hosting providers
• Employee access restricted to personnel with a legitimate business need

While we employ robust security measures, no method of electronic transmission or data storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly investigating and addressing any security incident. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities in accordance with applicable law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies on our website for the following purposes:

• Strictly necessary cookies: Required for authentication, session management, security, and core website functionality. These cannot be disabled.
• Functional cookies: Remember your preferences, language settings, and display choices to enhance your experience.
• Analytics cookies: Help us understand how visitors interact with the Services (e.g., pages visited, time on site) so we can measure and improve performance. We use privacy-respecting analytics that do not create individual user profiles.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may impair the functionality of the Services. For more information, see our cookie settings on the website.

8. Your Rights

Depending on your jurisdiction (including under the GDPR, UK GDPR, Australian Privacy Act, CCPA/CPRA, and other applicable data protection laws), you may have the following rights regarding your Personal Data:

• Right of access: Request a copy of the Personal Data we hold about you and information about how it is processed.
• Right to rectification: Request correction of inaccurate or incomplete Personal Data.
• Right to erasure ("right to be forgotten"): Request deletion of your Personal Data, subject to legal retention obligations.
• Right to restriction: Request that we restrict processing of your data in certain circumstances.
• Right to data portability: Receive your Personal Data in a structured, commonly used, machine-readable format (e.g., CSV or JSON).
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
• Right not to be discriminated against: We will not discriminate against you for exercising your privacy rights (applicable under CCPA/CPRA).

To exercise any of these rights, contact us at help@partner-toolkit.com. We will verify your identity before processing your request and respond within 30 days (or sooner if required by applicable law). If we need additional time, we will inform you of the reason and extension period. There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests.

9. Data Retention

We retain your Personal Data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law. Specific retention periods include:

• Active account data: Retained for the duration of your subscription and account activity.
• Post-termination: Account data is retained for 90 days after termination to allow for reactivation or data export, after which it is permanently deleted.
• Billing and financial records: Retained for 7 years to comply with tax and accounting obligations.
• Support communications: Retained for 3 years from the date of last interaction.
• Aggregated analytics: De-identified, aggregated usage data (which cannot be used to identify you) may be retained indefinitely to improve the Services.

You may request deletion of your data at any time by contacting us. We will process your request subject to any legal or contractual retention obligations.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your jurisdiction. When we transfer Personal Data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission and UK ICO
• Data processing agreements with all sub-processors that impose equivalent obligations
• Adequacy decisions where available
• Other lawful transfer mechanisms recognised under applicable data protection law

You may request a copy of the relevant transfer mechanism by contacting us at the address below.

11. Children's Privacy

The Services are designed for business professionals and are not directed at individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete that information. If you believe a child has provided us with Personal Data, please contact us at help@partner-toolkit.com and we will act promptly.

12. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) preference. As there is currently no universally accepted standard for interpreting DNT signals, the Services do not currently respond to DNT browser signals. However, we do not engage in cross-site tracking, and you can manage your preferences through cookie settings and the privacy controls described in this Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will indicate the date of the most recent revision at the top of this page. For material changes that affect how we process your Personal Data, we will provide at least 30 days' advance notice via email to the address associated with your account or through an in-product notification. Your continued use of the Services after the updated Policy takes effect constitutes your acknowledgement of the changes. We encourage you to review this Policy periodically.