Security Policy

At Slides With Friends, we take our users’ security and privacy seriously. We have taken the necessary steps to make sure your data, which includes your personal information, presentation content, uploads, participant response data, etc, is secure at all times.

In this document Slides With Friends is hereafter referred to as “we”, “us”, “our” or “SlidesWith”. ”You” shall be interpreted as the person or entity who has signed up for an Account, or the persons who use our Services as a member of an Audience.

All user data stored in SlidesWith is protected in accordance with the SlidesWith Terms of Service, and access to said data by Authorized Personnel aligns to the principle of least privilege. Only those who are Authorized Personnel have access to SlidesWith’ production systems. Those who do have direct access to production systems are permitted to view user data stored in SlidesWith only in aggregate, for troubleshooting purposes or as stipulated in SlidesWith’ Privacy Policy.

SlidesWith has Authorized Personnel who are the only personnel with access to the production environment. These members are approved by SlidesWith's Management Team. SlidesWith also maintains a list of personnel who are permitted to access SlidesWith code, as well as the development and staging environments. Both lists are reviewed upon role change.

Trained members of the SlidesWith's Customer Success team also have limited access to user data stored in SlidesWith through restricted access to customer support tools. Customer support team members are not authorized to review non-public user data stored in SlidesWith for customer support purposes without explicit permission by SlidesWith's Management.

When leaving the company or changing roles, the production credentials of Authorized Personnel are deactivated, and their sessions are forcibly logged out. Thereafter, all such accounts are removed or changed.

SlidesWith hosts production services, user content, and data backups on Amazon Web Services platform (“AWS”). The physical servers are located in AWS’s data centers at two AWS regions:

As of this date, AWS (i) has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, (ii) is certified as a PCI DSS 3.2 Level 1 Service Provider, and (iii) undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports). Additional details about AWS’ compliance programs, including FedRAMP compliance and GDPR compliance, can be found at AWS’ website.

We do not enable customers to host SlidesWith on a private server or to use SlidesWith on a separate infrastructure. In the future, if we move our production services and user data, or any part of them, to a different country or a different cloud platform, we will give written notice to all of our users 30 days in advance.

Security measures are taken to protect you and your data both for data at rest and data in transit.

Data at rest

User data is stored on Amazon EBS. File attachments to SlidesWith presentations are stored in Amazon S3 service. Each such attachment is assigned a unique link with an unguessable, cryptographically strong random component, and are only accessible using a secure HTTPS connection. Here are additional details on Amazon S3 Security.

Data in transit

SlidesWith uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128-bit Advanced Encryption Standard (“AES”) encryption. This includes all data sent between the web (including the landing website, the Presenter web app, the Audience web app, and internal administrative tools) and the SlidesWith servers. There is no non-TLS option for connecting to SlidesWith. All connections are made securely over HTTPS.

Backups and Data Loss Prevention

Data is backed up daily and we have an automatic failover system for many parts of the infrastructure if a primary system fails. We receive powerful and automatic protection through our infrastructure provider at Amazon AWS.

User Password

We encrypt (hashed and salted) passwords using the bcrypt algorithm to protect them from access in the case of a breach. SlidesWith personnel cannot see your password and you can self-reset it by email. User session time-out is implemented meaning that a logged-in user will be automatically logged out if they are not active on the platform.

Payment Details

We use PCI-compliant payment processor Stripe for encrypting and processing credit/debit card payments. We never see or handle credit/debit card information.

Security Incidents

We will maintain appropriate technical and organizational measures to protect all personal data and other data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing (a "Security Incident").

We have an incident management process to detect and handle Security Incidents which shall be reported to the Chief Technology Officer as soon as they are detected. This applies to SlidesWith employees and all processors that handle personal data. All Security Incidents are documented and evaluated internally and an action plan for each individual incident is made, including mitigatory actions.

This section shows how often SlidesWith conducts security revisions and conducts different types of tests.

External accesses to our offices is not permitted, and our door is locked automatically 24/7. Our computers use biometric password encryption and are not accessible by external users. No customer data is stored at the Slides With Friends offices and any visitors to our offices must get approval from SlidesWith management.

SlidesWith's production data is hosted on Amazon Web Services platform (“AWS”). The physical servers are located in AWS’ secure data centers as stated in section "Data Security" above.