Legal

Privacy Policy

Last updated July 13, 2026. Effective July 13, 2026. This policy explains what personal data Slide Practice collects, how we use and protect it, the roles we play, and the rights you have under the privacy laws that may apply to you. It applies to our marketing site, our waitlist, and the Slide Practice product once you have an account. This policy is provided for transparency and is not personalized legal advice.

1. Who we are and how to contact us

Slide Practice is built and operated by Vikrant Singh, a sole proprietor based in Manila, Philippines, trading as "Slide Practice" ("Slide Practice", "we", "us", "our"). Vikrant Singh, the named operator above, is the data controller responsible for the personal data described in this policy.

You can reach us about anything in this policy, including privacy matters and requests to exercise your rights, at support@slidepractice.com.

2. Scope of this policy

This policy covers three things:

  • Our marketing site at slidepractice.com and the pages within it.
  • Our advertising cohort waitlist, which you can join from the form on our Practice Growth page. This is the only waitlist form on the site.
  • The Slide Practice product once you create a practitioner account and begin using the booking, recording, and recap features.

Where this policy refers to the rights and obligations of a "practitioner", it means a person who holds a Slide Practice account to run their practice. Where it refers to a "client", it means a person the practitioner books, meets, records, or stores records about inside Slide Practice.

3. The personal data we collect

We collect the following categories of personal data, grouped by how it reaches us.

(a) Waitlist data

The only waitlist form on the site is the advertising cohort form on our Practice Growth page. When you submit it we collect your email address and a hidden source tag that records which page or campaign referred you, so we can understand where interest is coming from. We do not require any other information to join, and we do not collect waitlist data anywhere else on the site.

(b) Practitioner account data

When you create and use a Slide Practice account we collect your name, email address, login credentials (handled by our authentication provider; passwords are never stored by us in readable form), your plan, your billing status, and your account settings and preferences (such as availability, branding, and whether Auto Join is enabled for a given session).

(c) The practitioner's client data

To run a practice, a practitioner stores information about their own clients inside Slide Practice. This can include client names, email addresses, phone numbers, session notes, bookings, and payment records the practitioner enters. This data belongs to the practitioner and is entered and controlled by the practitioner. We hold and process it on the practitioner's behalf as described in section 5.

(d) Session recordings, audio, video, and transcripts

When a recording is uploaded by a practitioner, or captured by Auto Join (a bot that joins a Zoom, Google Meet, or Microsoft Teams call and records it, only when the practitioner enables it for that specific session), we process the resulting video, audio, and transcript in order to store the session and, where the practitioner asks for it, to generate an AI recap as described in section 6.

(e) Usage data and server logs

Like any web service, our systems automatically record standard technical data when you use Slide Practice or the site, including IP address, timestamps, the pages or features accessed, and device and browser information. We use this for security, troubleshooting, and to keep the service running.

(f) Identity verification data

If a practitioner chooses to verify their identity, we collect a photo or a short selfie-video they submit for identity review, along with the review outcome and the reviewer's notes. A person on our team reviews it by hand, only to confirm that the practitioner is a real person, that their profile photo is genuinely them, and that their display name is their real working name. We use this media for nothing else. We do not build or store a biometric face template, and we do not run automated face matching. The photo or selfie-video is deleted immediately once a decision is made, whether we approve or reject; we keep only the outcome, the timestamps, and the reviewer's notes as a record. We never accept this media by email, and we never send it by email. Verification is optional: it earns a verified badge and is required only to be advertised by us. A practitioner does not need it to publish their booking page, take bookings, or appear in the directory. See how verification works.

(g) Reports and safety data

If you report a profile or another user, we collect the reason, any details you provide, and (for signed-in reports) your account identifier and email, so our team can review the report and act on it. Reports submitted from a public profile page can be made anonymously, so providing your contact details is optional. We use this data to keep the directory honest and safe, and we may share it with the reported party only as needed to resolve the matter. We keep a report only while we investigate it and for a reasonable period afterward to enforce our rules, then delete it.

We do not want sensitive data we do not need

We do not ask for or intentionally request special category or sensitive personal data (such as health, biometric, racial or ethnic origin, religious, or precise financial account data). One-to-one conversations you choose to record may nonetheless contain sensitive details; where they do, we process that content only on your instruction, to generate your recap and run the features you use, and never for any other purpose. One-to-one sessions can be personal in nature, so we ask practitioners not to store more sensitive information than is necessary for their practice, and to obtain the consents required where their notes or recordings touch on sensitive matters.

4. How we use personal data and our legal bases

We use personal data only for the purposes below. Where a privacy law requires a lawful basis, the basis we rely on is shown for each purpose.

  • To operate your account and provide the service (bookings, recordings, recaps, settings): performance of our contract with you.
  • To manage your subscription and billing through our merchant of record: performance of our contract with you and compliance with a legal obligation.
  • To send the account and product communications you signed up for: your consent, which you can withdraw at any time.
  • To send service and transactional messages (such as security notices, billing receipts, and important changes): performance of our contract and our legitimate interest in administering the service.
  • To send product and marketing updates by email: your consent, or our legitimate interest in keeping existing customers informed. Every marketing email includes a working one click unsubscribe link, consistent with the United States CAN SPAM Act, and unsubscribing stops marketing email promptly. We will still send necessary service messages.
  • To secure, monitor, debug, and improve the service and to prevent fraud and abuse: our legitimate interests in running a safe and reliable product.
  • To keep records and comply with the law (such as tax, accounting, and responding to lawful requests): compliance with a legal obligation.

Where we rely on legitimate interests, we balance those interests against your rights and only proceed where your interests do not override ours. You can object to processing based on legitimate interests as described in section 13.

5. Our roles: controller and processor

Slide Practice plays two different roles depending on the data.

  • We are the controller of practitioner account data and of our own marketing and waitlist data. We decide how and why that data is processed, and we are responsible for it.
  • We are a processor of the practitioner's client data described in section 3(c) and of the recordings, audio, and transcripts in section 3(d). We process that data on the practitioner's documented instructions, to provide the features the practitioner uses, and not for our own independent purposes.

The practitioner is the controller of their clients' data

Each practitioner is the controller of their own clients' personal data. The practitioner is responsible for having a lawful basis to collect and process that data, for giving their clients the required privacy notices, and for obtaining any consents needed, including consent to record a session before Auto Join or an upload is used. If you are a practitioner's client and want to access, correct, or delete data the practitioner holds about you, please contact the practitioner directly. We will support the practitioner in responding to such requests.

A Data Processing Addendum (DPA) that governs our processing of client data is available to business customers on request at support@slidepractice.com.

6. AI processing of sessions

When a practitioner asks Slide Practice to produce a recap, the session is processed by AI in two steps. First, the session audio is transcribed to text by our speech to text provider. Then the transcript is summarised by our AI summarization provider, which drafts a summary, a list of action items, and a ready follow up message. This output is a draft only, and because it is generated by AI it may contain errors or omissions and is not professional advice. The practitioner reviews and edits it, and remains responsible for checking it, before anything is relied on or sent to a client.

We send these providers only the data needed to produce the recap, and we instruct them not to use the content of your sessions to train their models. Both providers are described, by their function and location, in section 7. Audio is stored encrypted and is deleted on the schedule described in section 10; a practitioner can delete any recording at any time.

Recaps are included up to the limit of your plan (for example, paid plans include a monthly allowance of AI recaps), and extra upload recaps may be purchased at $0.99 each. Auto Join recording, where Slide Practice joins and records your call, is billed separately at $1.99 per session, as described in our Terms.

7. How we share data and our sub processors

We do not sell or rent personal data, and we do not share personal data for cross context behavioural advertising. We share personal data only with the service providers (sub processors) that help us operate Slide Practice. Each acts under a written contract, on our instructions, processes data only for the function shown, and is required to protect it. We disclose these providers below by the function they perform, the data involved, and their general location. Our core named sub processors are Supabase (database and encrypted storage), Fly (application hosting and content delivery), Resend (transactional email delivery), Paddle (payments and Merchant of Record), and Plausible (privacy respecting analytics). A current full list of our sub processors is available on request at support@slidepractice.com.

FunctionData involvedPrimary location
Database and encrypted storageAccount data, the practitioner's client records, session recordings, audio, and transcriptsAsia Pacific (Tokyo); vendor headquartered in the United States
Authentication and account managementPractitioner sign in and account credentialsUnited States
AI speech to text transcriptionSession audio, processed to produce a transcriptUnited States
AI summarizationThe transcript, processed to draft the recap and follow upUnited States
Meeting recording (Auto Join)Joins and records a Zoom, Google Meet, or Microsoft Teams call only when you enable Auto Join for a sessionUnited States; recording region Asia Pacific (Tokyo)
Calendar sync (optional)Your availability, shown as free or busy times, only if you connect a calendarUnited States
Transactional email deliveryAccount and product emailUnited States
Payments and Merchant of Record (Paddle)Subscription payment processing and sales tax or VAT handling; seller of record for your subscriptionUnited Kingdom and United States

Our application hosting and content delivery run in the Asia Pacific region (Singapore). We also rely on caching and error monitoring providers, located in the United States and the EU, that process data only as needed to operate, secure, and keep the service reliable. Session recordings, transcripts, and recaps are never sent to these infrastructure providers or to our payment provider.

Each sub processor is engaged under a contract that requires it to process personal data only on our instructions and to apply appropriate security measures. Paddle (Paddle.com Market Ltd) is our Merchant of Record: it is the seller of record for your subscription, collects your payment, and remits applicable sales tax or VAT under its own privacy terms as the party that takes your payment. We name it here because it is the party your payment goes to and it appears on your statement. Calendar sync applies only if you choose to connect a calendar. As noted in section 6, we instruct our AI providers not to use your content to train their models.

Client payments for one-to-one work are collected by the practitioner directly and are not processed by Slide Practice, so we do not handle your clients' card details. Slide Practice takes no commission, on any plan, ever.

We may also disclose personal data where we are legally required to do so, to enforce our Terms, to protect the rights, safety, or property of Slide Practice or others, or in connection with a business transfer, in which case we will continue to protect the data under this policy.

We keep our sub processor list current and will update it when our providers change. If you have questions about any provider, or would like the current named list, contact us at support@slidepractice.com.

8. International data transfers

Slide Practice is operated from the Philippines, and several of our providers are located in the United States and elsewhere. This means your personal data, including the practitioner's client data and recordings, may be transferred to and processed in countries other than your own, including the United States. Where we transfer personal data across borders, we rely on appropriate safeguards recognised under applicable law, such as the Standard Contractual Clauses approved by the European Commission (and the UK International Data Transfer Addendum where relevant) and equivalent contractual and technical measures, so that your data continues to be protected.

9. Cookies and similar technologies

Our marketing site uses privacy respecting, cookieless analytics that do not track you across sites or build advertising profiles. The Slide Practice product uses cookies and similar technologies that are necessary to keep you signed in and to operate core features. For full detail on what we set and how to control it, see our Cookies Policy. Where consent is required for non essential cookies, you can manage your choices through our consent settings.

10. Data retention

We keep personal data only for as long as we need it for the purposes in this policy, then delete or anonymise it. As a general guide:

  • Waitlist email and source tag: kept until you ask us to remove it, until you become an account holder, or until the waitlist purpose has ended, whichever comes first.
  • Practitioner account data and the practitioner's client data: kept for as long as the account is active, and then deleted or anonymised within a reasonable period after the account is closed, subject to the legal record obligations below.
  • Session recordings and audio: automatically deleted on a rolling 30-day schedule after the recap is produced, and you can delete any recording sooner at any time. The written recap stays in the client portal until either party deletes it or the account is closed.
  • Identity verification media: the photo or selfie-video is deleted immediately once the verification decision is made, whether approved or rejected. We keep only the outcome, the timestamps, and the reviewer's notes.
  • Usage data and server logs: kept for a limited period for security, troubleshooting, and abuse prevention, then deleted or aggregated.

We may retain limited data for longer where we must do so to comply with tax, accounting, or other legal obligations, to resolve disputes, or to enforce our agreements. After account closure, we delete or anonymise personal data within a reasonable period, subject to those obligations.

11. Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, and alteration. These include encryption in transit, access controls, contractual protections with our providers, and limiting access to data on a need to know basis. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security.

If you believe you have found a security vulnerability in Slide Practice, please report it responsibly to support@slidepractice.com so we can investigate and address it.

12. Data breach

If a personal data breach occurs that is likely to affect you, we will notify the affected users and the relevant supervisory or regulatory authority where, and within the timeframes that, the applicable law requires. This includes notification to the National Privacy Commission and affected data subjects under Philippine law, and to the relevant authority and individuals under the GDPR, UK GDPR, the Australian Privacy Act, and applicable United States state laws where those laws apply.

13. Your privacy rights

Depending on where you live, you have rights over your personal data. The subsections below set out the main rights by regime and the authority you can complain to. To exercise any right, contact us at support@slidepractice.com. We will verify your identity before acting and will respond within the time the relevant law allows.

Requests about a practitioner's client data go to the practitioner

For the client data and recordings described in section 3(c) and 3(d), we act as the processor and the practitioner is the controller. If you are a client, requests to access, correct, or delete that data usually need to go to the practitioner who holds it. If you send such a request to us, we will pass it to the relevant practitioner or ask you to contact them directly.

(a) Philippines: Data Privacy Act of 2012 (Republic Act No. 10173)

If you are in the Philippines, you have the rights under the Data Privacy Act of 2012, including the right to be informed, the right to access your data, the right to object to processing, the right to erasure or blocking, the right to rectification, the right to data portability, and the right to be indemnified for damages from inaccurate, false, unlawfully obtained, or unauthorised use of your data. You may lodge a complaint with the National Privacy Commission (NPC).

(b) EU GDPR and UK GDPR

If you are in the European Economic Area or the United Kingdom, you have the rights under the EU GDPR and the UK GDPR (and the UK Data Protection Act 2018), including the right of access, rectification, erasure, restriction of processing, data portability, the right to object (including to direct marketing and to processing based on legitimate interests), and the right to withdraw consent at any time without affecting prior processing. You may lodge a complaint with your EEA supervisory authority or, in the United Kingdom, with the Information Commissioner's Office (ICO).

(c) Australia: Privacy Act 1988 and the Australian Privacy Principles

If you are in Australia, you have the rights under the Privacy Act 1988 and the Australian Privacy Principles, including the right to access your personal information and to request correction of it. You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

(d) California: CCPA and CPRA

If you are a California resident, you have the rights under the CCPA as amended by the CPRA, including the right to know what personal information we collect and how it is used and shared, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross context behavioural advertising), and the right to non discrimination for exercising your rights. You may also file a complaint with the California Attorney General.

14. Children

Slide Practice is a tool for professional practitioners and is not intended for, or directed to, minors. The Service may not be used by anyone under the age of 18, and we do not knowingly collect personal data directly from anyone under 18. A practitioner who records or stores data about a client who is a minor is responsible for obtaining the consents that the law requires from the minor's parent or guardian. If you believe someone under 18 has provided us data without the required consent, contact us at support@slidepractice.com and we will take appropriate steps to delete it.

15. Changes to this policy

We may update this policy from time to time to reflect changes in the service, our providers, or the law. When we make material changes, we will update the "last updated" date above and, where appropriate, notify you by email or within the product. Your continued use of Slide Practice after a change takes effect means you accept the updated policy.

16. Contact and how to exercise your rights

For any privacy question, to exercise any right described in section 13, to request our current named sub processor list, or to request the Data Processing Addendum, contact:

Vikrant Singh, sole proprietor trading as Slide Practice, Manila, Philippines.
Email: support@slidepractice.com

You can also review our Terms of Service, our Cookies Policy, our Refund Policy, and our recording and consent guidance. Nothing in this policy limits the mandatory rights you have under the privacy laws of your own country or state of residence.