Legal

Data Processing Addendum

Last updated July 4, 2026. This page explains, in plain language, how Slide Practice processes personal data on behalf of the practitioners who use it. When you run a session through Slide, you are the controller of your clients' data and we act as your processor. This is a summary written so you can actually read it, not a substitute for the signed agreement.

This is a plain-language summary

It is written to be clear, and it reflects the real terms we operate under. If you need a signed Data Processing Addendum for your own records, your clients, or a security review, email support@slidepractice.com and we will send one. The signed agreement is the binding version. Read this alongside our Privacy Policy, Sub-processors, Security, and Terms of Service.

Who we are

Slide Practice is built and operated by Vikrant Singh, a sole proprietor based in Manila, Philippines, trading as "Slide Practice" ("Slide Practice", "we", "us", "our"). Revenue comes from practitioner subscriptions. You can reach us about anything on this page, including data protection questions and requests, at support@slidepractice.com.

Roles: who controls what

Data protection law splits responsibility between the controller, who decides why and how data is processed, and the processor, who handles it on the controller's instructions. Slide Practice plays both roles, depending on the data.

You, the practitioner

Controller of your clients' data

You decide who your clients are, what you record, and what you keep. You are responsible for having a lawful basis, giving your clients the right notices, and getting consent to record before a session is captured.

Slide Practice

Processor of your clients' data

We process your clients' data only on your documented instructions, to provide the features you use, and never for our own separate purposes. We do not sell it and we do not use your session content to train AI models.

For your own practitioner account data, and for our marketing data, Slide Practice is the controller. For your clients' records and for session recordings, audio, and transcripts, the practitioner is the controller and Slide Practice is the processor. This addendum covers the part where we act as your processor.

What data we process, and why

When you use Slide to process a session, we handle the categories of personal data below on your behalf, for the purposes shown. We process only what is needed to provide the features you turn on.

Category of dataWhy we process it
Client contact details, such as name and emailTo run booking, deliver recaps, and give your client access to their private portal.
Session recordings and audio, when you record or enable Auto JoinTo transcribe the session and draft a recap. Recording happens only after your client agrees on screen.
Session transcriptsTo draft the recap, the action items, and the follow up message you review and send.
Recaps, action items, and goal notesTo build the running record of commitments and progress that you and your client can see.
Booking and scheduling detailsTo take bookings, apply your sliding scale rates, and send confirmations.
Session hours, added up from your sessionsTo produce an experience hours log you can export, for example toward a professional credential application such as ICF or NBHWC hours.

Slide Practice is never in the payment path between you and your clients. You collect from your clients your own way and keep 100%. Slide takes no commission, on any plan, ever.

Sub-processors and where they run

We use a small number of vetted sub-processors to run the service, each bound by a written contract to process data only on our instructions and to protect it. We name every one of them, say what each handles, and say where it runs, on our sub-processors page. The providers that touch your clients' session content are named here too, because those are the ones you most need to know about:

  • Recall.ai, for meeting capture, and only when you turn on Auto Join for a session. It joins the Zoom, Google Meet, or Microsoft Teams call and captures the meeting audio. Recordings are captured in the Asia Pacific (Tokyo) region.
  • OpenAI, for speech to text. Session audio is transcribed into text so a recap can be drafted from it.
  • Anthropic, for drafting the recap and action items from the session transcript.
  • Supabase, for the encrypted database and file storage that holds your account and client data, including session audio and transcripts. Data is stored in the Asia Pacific (Tokyo) region.
  • Clerk, for authentication, sign in, and account recovery. Clerk sees your account identity, not your session content.
  • Fly, for application hosting and edge delivery, in the Asia Pacific (Singapore) region.
  • Resend, for transactional email such as booking confirmations and recap delivery.
  • Paddle, as our Merchant of Record for practitioner subscription billing. Paddle is the seller of record for your plan, collects your payment, handles sales tax and VAT, and appears on your statement. Session recordings, transcripts, and recaps are never sent to Paddle.
  • Plausible, for privacy-respecting, cookieless website analytics that do not track you across sites or build advertising profiles.

We instruct our AI providers not to use the content of your sessions to train their models.

Your customer data and uploaded files are stored in Asia Pacific (Tokyo), application runtime and caching run in Asia Pacific (Singapore), and Auto Join recordings are captured in the Asia Pacific (Tokyo) region. We will give you advance notice of material changes to our sub-processors, by email to paid customers, so you have the chance to review the change.

Security measures

We apply reasonable technical and organisational measures to protect personal data, including encryption in transit, encryption at rest for stored data and files, access controls, and limiting access on a need to know basis. We instruct our AI providers not to use the content of your sessions to train their models. No method of storage or transmission is perfectly secure, so we cannot promise absolute security, but we describe our approach honestly. See the full picture on our security page.

Data subject rights and how requests are handled

Because the practitioner is the controller of their clients' data, requests from a client to access, correct, export, or delete their data should go to the practitioner who holds it. If a client sends such a request to us, we will pass it to the relevant practitioner or ask the client to contact the practitioner directly. We support you, as the controller, in responding to these requests, and we give you the tools to access, export, and delete your clients' data inside Slide. You can export everything at any time, and there is no lock in.

Retention and deletion

We keep personal data only as long as we need it to provide the service, then delete or anonymise it. As a guide:

  • Session audio: deleted on a rolling 30-day schedule after a recap is produced. You can delete any recording sooner, at any time.
  • Transcripts, recaps, and client records: kept while your account is active so you can use them, and deleted after your account is closed or sooner if you delete them.
  • Practitioner account, booking, and usage data: kept while your account is active, then deleted or anonymised within a reasonable period after closure, subject to legal record obligations.

We may keep limited data longer where the law requires it, for example for tax or accounting, or to resolve a dispute. On request, and on account closure, we delete or return your clients' data, subject to those obligations.

International data transfers

Slide Practice is operated from the Philippines, and some of our providers are located outside your country, including the United States. This means personal data, including your clients' data and recordings, may be transferred to and processed in other countries. Where we transfer personal data across borders, we rely on appropriate safeguards recognised under applicable law, such as the Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum where relevant, and equivalent contractual and technical measures, so your data stays protected.

Governing law and GDPR alignment

Our processing is governed by the law of the Philippines, including the Data Privacy Act of 2012 (Republic Act No. 10173), with oversight by the National Privacy Commission. We also align this addendum with the EU GDPR and UK GDPR, so practitioners and clients in the European Economic Area and the United Kingdom get the protections those laws require, including the controller and processor obligations, the cross-border transfer safeguards above, and breach notification within the timeframes the law sets.

Get a signed copy

This page is a summary, written in plain language so you can read it. If you need a signed Data Processing Addendum for your records, your clients, or a security review, including the named sub-processor list and each provider's own DPA, email support@slidepractice.com and we will send one. The signed agreement is the binding version. This page is provided for transparency and is not personalized legal advice.

Operated by Vikrant Singh, Manila, Philippines. Contact support@slidepractice.com. Related: Privacy Policy, Sub-processors, Security, Terms, Recording consent.