Legal

Privacy Policy

Last updated: April 2026

Overview

FreshDeck is a Google Workspace™ Add-on that connects Google BigQuery™ to Google Slides™. This policy explains what data FreshDeck accesses, how it is used, and how it is protected.

The short version: FreshDeck does not collect, store, or transmit your data to any external server. Everything runs within Google's infrastructure using your own Google account credentials.

Data we access

FreshDeck requests the following OAuth permissions to function:

  • Google Slides™ (current presentation only) — to read your slide content, detect placeholders, and create copies of your presentation.
  • Google Drive™ — to copy your template presentation file and save generated decks to your Drive.
  • BigQuery™ (read-only) — to list your accessible BigQuery™ projects and execute SQL queries you define. FreshDeck only reads query results; it never writes to or modifies your BigQuery data.
  • Google Apps Script™ triggers — to create and manage time-driven triggers for scheduled auto-generation of presentations.
  • Google Apps Script™ UI — to display the FreshDeck sidebar within Google Slides™.
  • External requests — to call Google APIs (BigQuery™ REST API, Google Drive™ REST API, Google Slides™ REST API) directly from Google Apps Script™ using your OAuth token.

How your data is used

FreshDeck uses your data solely to provide the service you requested:

  • SQL queries you write are executed against your BigQuery™ project to retrieve values.
  • Query results are inserted as text into a copy of your Google Slides™ template.
  • Placeholder mappings, schedule settings, and generation history are stored in Google's PropertiesService — a per-user key-value store that lives entirely within your Google account. This data is never sent to FreshDeck's servers.

FreshDeck does not use your data for advertising, analytics, machine learning, or any purpose beyond generating your presentations.

Data storage

FreshDeck stores only the following data, exclusively within your Google account:

  • Placeholder-to-SQL mappings (stored in Google PropertiesService)
  • Schedule configuration (stored in Google PropertiesService)
  • Generation history entries (stored in Google PropertiesService)
  • Selected BigQuery project (stored in Google PropertiesService)

No data is stored on FreshDeck's servers. FreshDeck has no database, no backend, and no persistent infrastructure.

Data sharing

FreshDeck does not share, sell, rent, or transmit your data to any third party. The only network requests FreshDeck makes are to Google's own APIs (BigQuery, Drive, and Slides) using your own OAuth token.

Security

FreshDeck is built entirely on Google's infrastructure. The following mechanisms protect your data:

  • Encryption in transit — all communication between FreshDeck and Google APIs (Drive, Slides, BigQuery) occurs exclusively over HTTPS/TLS. No data is ever transmitted over unencrypted connections.
  • Encryption at rest — all user data (placeholder mappings, schedule settings, generation history) is stored in Google's PropertiesService, which is encrypted at rest by Google's infrastructure.
  • OAuth 2.0 authentication — FreshDeck authenticates all API calls using your Google OAuth token obtained via ScriptApp.getOAuthToken(). This token is scoped strictly to the permissions you granted and is managed entirely by Google. FreshDeck never sees, stores, or transmits your Google account password or refresh tokens.
  • No external servers — FreshDeck has no backend servers, databases, or third-party cloud infrastructure. There is no attack surface outside of Google's own systems, which are protected by Google's enterprise security program.
  • Minimal access controls — each user's data in PropertiesService is isolated per Google account. No user can access another user's stored mappings or configuration. FreshDeck staff have no access to any user data.
  • No credential storage — OAuth tokens are never logged, cached, or written to any persistent storage by FreshDeck. Each API call uses a fresh token issued by Google at runtime.

Data retention and deletion

Since all data is stored in Google PropertiesService under your account, you retain full control. You can delete FreshDeck's stored data at any time by uninstalling the add-on from your Google account. Uninstalling removes all associated PropertiesService data.

Children's privacy

FreshDeck is intended for use by professionals and is not directed at children under the age of 13. We do not knowingly collect data from children.

Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. Continued use of FreshDeck after changes constitutes acceptance of the updated policy.

Contact

If you have any questions about this Privacy Policy or how FreshDeck handles your data, please contact us at:

Google Slides™, Google Workspace™, Google Drive™, BigQuery™, and Google Apps Script™ are trademarks of Google LLC. FreshDeck is not affiliated with or endorsed by Google LLC.