This Data Processing Addendum (“Addendum”) forms part of the Terms of Service (“Agreement”) between deckd UG (haftungsbeschränkt), Feurigstr. 17, 10827 Berlin, Germany (“deckd”, “Processor”) and the customer using deckd’s services (“Customer”, “Controller”). By using the Services, Customer accepts this Addendum on behalf of itself and its Affiliates.
1. Purpose and Scope
This Addendum governs deckd’s processing of Personal Data on behalf of the Customer in connection with the provision of deckd’s cloud-based software platform (“Services”). The parties agree to comply with applicable data protection laws, including the EU GDPR and UK GDPR.
2. Definitions
“Personal Data” – any information relating to an identified or identifiable natural person;
“Processing”, “Controller”, “Processor”, “Data Subject”, “Sub-processor” – as defined under the GDPR;
“Data Protection Laws” – all laws and regulations relating to the protection of Personal Data, including the GDPR.
3. Roles of the Parties
Customer acts as Controller and determines the purposes and means of Processing Personal Data. deckd acts as Processor, Processing Personal Data solely on documented instructions from Customer and only for the purpose of providing the Services.
4. Subject Matter and Duration
Subject Matter – Processing of Personal Data in connection with the Services.
Nature/Purpose of Processing – Hosting, storage, transmission, collaboration, AI-enhanced generation, and analytics of Customer account data, media, and content.
Duration – For the term of the Agreement, unless otherwise required by law.
Categories of Data Subjects – Customer’s employees, contractors, users, and collaborators.
Types of Personal Data – Names, email addresses, profile information, usage data, presentation content, AI prompts, uploaded media files.
5. Processor Obligations
deckd shall:
Process Personal Data only on documented instructions from Customer;
Ensure all persons authorised to process Personal Data are bound by confidentiality;
Implement appropriate technical and organisational measures under Article 32 GDPR;
Assist Customer with Data Subject rights requests, DPIAs, and breach notifications;
Notify Customer without undue delay of a Personal Data Breach;
Delete or return Personal Data upon termination, unless retention is required by law.
6. Sub-processors
Customer authorises the use of the Sub-processors listed below. deckd will enter into written agreements with all Sub-processors imposing obligations equivalent to this Addendum and will inform Customer of any intended changes:
Sub-processor
Purpose
Location
Hetzner
Hosting infrastructure
Germany
AWS S3
Media storage
EU (Frankfurt/Ireland)
Clerk
Authentication / email management
EU / US
Liveblocks
Real-time collaboration backend
EU / US
PostHog
Product analytics (self-hosted)
Germany
LemonSqueezy
Payment processing
US / EU
Google Gemini
Optional AI content generation
EU / US
OpenAI
Optional AI content generation
US
Loops.so
Newsletter campaigns (opt-in only)
EU / US
7. International Transfers
Where Personal Data is transferred outside the EEA/UK to a country without adequacy decision, deckd shall ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place.
8. Technical and Organisational Measures
deckd maintains, at a minimum, the following security measures:
Encryption in transit (TLS 1.2+) and at rest;
Role-based access control and authentication;
Secured hosting environments (Hetzner, AWS);
Backup and disaster-recovery procedures;
Incident detection and response;
Employee security awareness and confidentiality;
Optional AI features that can be disabled by administrators;
Secure development practices and sub-processor onboarding procedures.
9. Audit
Upon written request, deckd shall provide information necessary to demonstrate compliance with this Addendum and allow audits (max. once per year) by Customer or an appointed auditor under reasonable notice, confidentiality, and subject to deckd’s operational limitations.
10. Liability
Liability under this Addendum is governed by the limitations set out in the Agreement.
11. Final Provisions
In case of conflict between this Addendum and the Agreement, this Addendum prevails. This Addendum shall automatically terminate upon termination of the Agreement.
Data Processing Addendum
(Addendum to the deckd Terms of Service)
Last Updated: August 2025
This Data Processing Addendum (“Addendum”) forms part of the Terms of Service (“Agreement”) between deckd UG (haftungsbeschränkt), Feurigstr. 17, 10827 Berlin, Germany (“deckd”, “Processor”) and the customer using deckd’s services (“Customer”, “Controller”). By using the Services, Customer accepts this Addendum on behalf of itself and its Affiliates.
1. Purpose and Scope
This Addendum governs deckd’s processing of Personal Data on behalf of the Customer in connection with the provision of deckd’s cloud-based software platform (“Services”). The parties agree to comply with applicable data protection laws, including the EU GDPR and UK GDPR.
2. Definitions
3. Roles of the Parties
Customer acts as Controller and determines the purposes and means of Processing Personal Data. deckd acts as Processor, Processing Personal Data solely on documented instructions from Customer and only for the purpose of providing the Services.
4. Subject Matter and Duration
5. Processor Obligations
deckd shall:
6. Sub-processors
Customer authorises the use of the Sub-processors listed below. deckd will enter into written agreements with all Sub-processors imposing obligations equivalent to this Addendum and will inform Customer of any intended changes:
7. International Transfers
Where Personal Data is transferred outside the EEA/UK to a country without adequacy decision, deckd shall ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place.
8. Technical and Organisational Measures
deckd maintains, at a minimum, the following security measures:
9. Audit
Upon written request, deckd shall provide information necessary to demonstrate compliance with this Addendum and allow audits (max. once per year) by Customer or an appointed auditor under reasonable notice, confidentiality, and subject to deckd’s operational limitations.
10. Liability
Liability under this Addendum is governed by the limitations set out in the Agreement.
11. Final Provisions
In case of conflict between this Addendum and the Agreement, this Addendum prevails. This Addendum shall automatically terminate upon termination of the Agreement.