سياسة الخصوصية

Deck Software Inc. ("Deck," "we," "us," or "our") operates deck.co and provides a Computer Use agent platform. We are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our services.

1. Commitment to Privacy

At Deck, we value your trust. We believe that responsible data handling is fundamental to building and maintaining that trust. As a Computer Use agent platform that provisions isolated desktop environments and manages credentials, we understand the sensitivity of the data we process. We are committed to:

• Transparency about what data we collect and why
• Using your data only for the purposes described in this policy
• Implementing robust security measures to protect your information
• Respecting your rights and choices regarding your personal data

2. Information We Collect

We collect information in several ways when you interact with our platform and services.

Personal Information

When you create an account or use our services, we may collect:

• Name and contact information (email address, phone number)
• Company or organization name and job title
• Billing address and payment-related information
• Profile information you choose to provide

Authentication Data

To provide our Computer Use agent services, we collect and process:

• OAuth tokens and credentials you authorize for agent access
• Session identifiers and authentication state
• API keys and access tokens used to connect third-party applications

Financial Information

When you subscribe to paid plans, we collect payment information. Payment card details are processed by our payment service providers and are not stored on our servers. We may retain billing addresses and transaction history for accounting and compliance purposes.

Usage Data

We automatically collect information about how you use our platform, including:

• Log data (IP address, browser type, device information, timestamps)
• Agent activity logs (actions performed, workflows executed, applications accessed)
• Feature usage and interaction patterns
• Error reports and performance metrics

Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to:

• Maintain your session and remember your preferences
• Analyze site traffic and usage patterns
• Improve our services and user experience

You can manage cookie preferences through your browser settings.

3. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) and United Kingdom, we process your personal data based on the following legal grounds:

Consent

Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing communications, optional analytics).

Contractual Necessity

When processing is necessary to perform our contract with you, such as providing the Deck platform, managing your account, and delivering the services you have subscribed to.

Legitimate Interests

When we have a legitimate interest that is not overridden by your rights, including fraud prevention, security, improving our services, and analytics. We conduct a balancing test to ensure our interests do not unduly impact your privacy.

Legal Obligation

When we are required to process your data to comply with applicable laws, regulations, or legal processes.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

To provide, operate, and maintain the Deck platform; provision isolated VMs; execute agent workflows; and manage credentials and sessions.

Analytics and Improvement

To understand how our services are used, identify trends, diagnose issues, and improve performance, features, and user experience.

Communication

To send you service-related notifications, respond to inquiries, provide support, and (with your consent) send marketing communications.

Customization

To personalize your experience, remember your preferences, and tailor our services to your needs.

الأمان

To protect against unauthorized access, fraud, abuse, and security incidents; to enforce our terms and policies.

Legal Compliance

To comply with applicable laws, regulations, court orders, and government requests.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share data with trusted third-party service providers who assist us in operating our platform, such as cloud infrastructure providers, payment processors, analytics services, and customer support tools. These providers are contractually bound to protect your data and use it only for the purposes we specify.

Business Transactions

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Legal Requirements

We may disclose your information when required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. International Compliance

Deck is headquartered in Montreal, Quebec, Canada. We serve customers globally and comply with applicable privacy laws in the jurisdictions where we operate.

PIPEDA (Canada)

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect, use, and disclose personal information only for identified purposes, with consent where required, and we implement safeguards to protect your data.

CCPA (United States)

For California residents, we comply with the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, to request deletion, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising your rights.

GDPR (European Union)

For individuals in the EEA, we comply with the General Data Protection Regulation (GDPR). You have rights to access, rectify, erase, restrict processing, data portability, and to object to processing. You may also lodge a complaint with a supervisory authority.

LGPD (Brazil)

For individuals in Brazil, we comply with the Lei Geral de Proteção de Dados (LGPD) and respect your rights regarding the processing of your personal data.

UK GDPR

For individuals in the United Kingdom, we comply with the UK GDPR and the Data Protection Act 2018, providing equivalent rights and protections.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

Access

Request a copy of the personal information we hold about you.

Correction

Request that we correct inaccurate or incomplete personal information.

Deletion

Request that we delete your personal information, subject to certain exceptions (e.g., legal retention requirements).

Data Portability

Request a copy of your data in a structured, commonly used, machine-readable format.

Restriction

Request that we restrict the processing of your personal information in certain circumstances.

Objection

Object to processing based on legitimate interests or for direct marketing purposes.

Opt-Out

Opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us.

To exercise these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Agent activity logs and audit trails may be retained for security, compliance, and debugging purposes as described in our documentation. When data is no longer needed, we securely delete or anonymize it.

9. Children's Privacy

Our services are not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at [email protected], and we will take steps to delete such information.

10. Security of Your Data

We implement industry-standard security measures to protect your data:

SOC 2 Compliance

Deck maintains SOC 2 Type II compliance, demonstrating our commitment to security, availability, and confidentiality. Our controls are regularly audited by independent third parties.

Encryption

Data is encrypted in transit using TLS and at rest using AES-256 encryption. Credentials are stored in a secure vault with access controls and automatic rotation capabilities.

We also employ access controls, network segmentation, monitoring, and incident response procedures to safeguard your information. Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities as required by applicable law. Notifications will be made without undue delay and will include information about the nature of the breach, the data affected, and the steps we are taking to address it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also provide additional notice (e.g., by email or through our platform). We encourage you to review this policy periodically.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: