Privacy Policy

Staq is an internal AI-powered slide generation platform built by and for Zluri employees. This Privacy Policy explains how we collect, use, and protect information when you use Staq.

Access to Staq is restricted to users with a verified @zluri.com email address via Google OAuth. This policy applies to all authenticated users of the platform.

Account information. When you sign in via Google OAuth, we receive your name, email address, and profile picture from your Google Workspace account. We verify that your email belongs to the @zluri.com domain.

User content. Any text you enter or paste for slide generation, including topics, outlines, presenter notes, and branding profiles (company colors, logos, fonts). This content is stored in your browser.

Generated content. AI-generated slide text, images (as base64 data URIs), and presenter notes. These are stored in your browser's localStorage and IndexedDB.

Technical data. JWT session tokens, theme preferences, and transient session data required for the application to function.

Authentication and access control. Your Google profile information is used solely to verify your identity and restrict access to @zluri.com domain users.

AI content generation. The text you provide is sent to Google's Gemini API through our server-side API routes to generate slide content and images. Your content is transmitted securely via HTTPS.

Client-side persistence. Your slide decks, branding profiles, version history, and preferences are stored locally in your browser to provide a seamless experience across sessions.

Google Gemini API. User-provided text content is sent to Google's Gemini Pro (for content generation, presenter notes, and refinement) and Gemini Flash Image Preview (for slide image generation). All API calls are made server-side through Staq's backend — your content is never sent directly from the browser to Google.

Google OAuth. Authentication is handled via Google OAuth 2.0. We only request basic profile information (name, email, profile picture). Your Google password is never shared with Staq.

We do not use any third-party analytics, advertising, or tracking services.

No server-side database. Staq does not maintain a server-side database. All user-created content (decks, slides, branding profiles, version history) is stored in your browser's localStorage and IndexedDB.

API key storage. If you provide a custom Gemini API key, it is stored in an encrypted HTTP-only cookie (AES-256-GCM) with a 90-day expiry. The key is never accessible to client-side JavaScript.

Session data. Authentication sessions use JWT tokens. No session data is persisted on the server.

Retention. Your data remains in your browser until you clear it. Clearing your browser storage or switching devices will remove all locally stored data. We recommend exporting important decks (PPTX or PDF) for long-term retention.

All communication between your browser and Staq's server uses HTTPS with TLS encryption. API keys are encrypted at rest using AES-256-GCM with a key derived from the server's AUTH_SECRET. All Gemini API calls are made server-side, ensuring API keys are never exposed to the browser.

For a detailed overview of our security measures, please see our Security page.

Export your data. You can export any deck as PPTX or PDF at any time from the export page.

Delete your data. Clear your browser's localStorage and IndexedDB to remove all locally stored decks, branding profiles, and version history. You can also delete individual decks from the dashboard.

Revoke access. You can revoke Staq's access to your Google account at any time through your Google Account security settings.

Staq is an internal workplace tool and is not intended for use by individuals under the age of 18. We do not knowingly collect information from minors.

We may update this Privacy Policy from time to time. Material changes will be communicated to the team. The “Last updated” date at the top of this page reflects the most recent revision.

If you have questions about this Privacy Policy or how your data is handled, please contact the Zluri engineering or IT team through internal channels.