Last updated: 25 April 2026
SendDeck is operated by Riverforge Ltd, a company registered in England and Wales (Companies House number 16827982), whose registered office is at 3rd Floor, 86–90 Paul Street, London, EC2A 4NE.
Riverforge Ltd is the data controller for all personal data collected through this website (senddeck.io) and the SendDeck application (app.senddeck.io).
For any privacy-related enquiries, please contact us at [email protected].
We collect data in two contexts: (a) data you give us when you create an account, and (b) data automatically collected when someone views a document shared through SendDeck.
| Data | Purpose | Legal basis |
|---|---|---|
| Name and email address | Account creation, login, and transactional emails | Performance of a contract |
| Hashed password | Authentication (we never store your plain-text password) | Performance of a contract |
| OAuth provider ID and avatar (if you use Google/LinkedIn sign-in) | Linking your social login to your account | Performance of a contract |
| Billing information (name, address, payment method) | Processing subscription payments via Stripe | Performance of a contract / Legal obligation |
| Last login timestamp | Security and fraud detection | Legitimate interests |
| Workspace name, invitation email addresses | Collaboration features | Performance of a contract |
| Company logo (if provided) | Branding on your workspace; and with your permission, on our marketing website as a customer logo | Legitimate interests / Consent (see section 8) |
| Notification preferences and email address for notifications | Sending you viewer alerts you have opted into | Performance of a contract |
When someone visits a document shared via a SendDeck link (e.g. senddeck.io/p/abc123),
we automatically collect the following data in order to provide the document owner with engagement analytics:
| Data | Purpose | Legal basis |
|---|---|---|
| Hashed IP address (one-way hash; we cannot reverse it to your IP) | Counting unique visitors; fraud and abuse prevention | Legitimate interests |
| User agent string (browser and device type) | Reporting device type (desktop / mobile / tablet) to the document owner | Legitimate interests |
| Referrer URL | Showing the document owner where traffic came from | Legitimate interests |
| Slide engagement events (which slides were viewed, time spent per slide, scroll depth) | Core analytics service — telling the document owner how their document is being read | Legitimate interests |
| Visitor token (a random identifier stored in a browser cookie, valid for 12 months) | Identifying returning visitors so the document owner is not notified of the same visitor multiple times | Legitimate interests |
| Session token (a random identifier stored in a browser cookie, valid for 2 hours) | Maintaining the analytics session for a single document-viewing session | Strictly necessary for the service |
Important note on viewer data: We do not collect your name or email address when you view a document. We cannot identify you as a specific individual from the data above unless the document owner has shared your identity with us separately (for example, by telling us they sent the link to you).
On the SendDeck marketing website (senddeck.io), we use the following third-party analytics and advertising tools. These tools may set their own cookies and collect your IP address and browsing behaviour. We use them to understand how visitors find and use our website and to measure the effectiveness of our advertising campaigns.
These tools are only active on the marketing website and the logged-in application. They are
not loaded on document viewer pages (senddeck.io/p/…).
The legal basis for their use is your consent, collected via our cookie consent mechanism when you
first visit the marketing site. You can withdraw or change your consent at any time by clicking
"Cookie settings" in the footer.
If you submit our contact form, we collect your name, email address, company name (optional), and your message. We use this solely to respond to your enquiry. Legal basis: legitimate interests.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
| senddeck_sess | SendDeck | Keeps you logged in to the application | 24 hours |
| vt | SendDeck | Identifies returning viewers of a document (viewer pages only) | 12 months |
| vs_token | SendDeck | Maintains a single document-viewing analytics session | 2 hours |
| _ga, _ga_* | Google Analytics | Website usage analytics (marketing site only) | Up to 2 years |
| _gcl_* | Google Ads | Conversion tracking for Google Ads (marketing site only) | 90 days |
| li_fat_id, UserMatchHistory, lidc | Conversion tracking for LinkedIn Ads (marketing site only) | Up to 1 year |
We do not sell your personal data. We share it only with the following sub-processors, each of which is bound by a data processing agreement:
| Sub-processor | Purpose | Location |
|---|---|---|
| Fasthosts Internet Ltd | VPS hosting (all application data is stored here) | United Kingdom |
| Maileroo Group Pty Ltd | Transactional email delivery | Australia (SCCs in place) |
| Stripe Inc | Payment processing and subscription management | United States (SCCs in place) |
| Google LLC | Analytics, Tag Manager, and Ads conversion tracking (marketing site only) | United States (SCCs in place) |
| LinkedIn Ireland Unlimited Company | Ads conversion tracking (marketing site only) | Ireland (EU) |
SCC = UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses, as applicable. All transfers to the United States are subject to appropriate safeguards under UK GDPR Article 46.
If you are based in the United Kingdom or European Economic Area, you have the following rights:
To exercise any of these rights, email [email protected]. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
We use HTTPS for all data in transit, bcrypt password hashing, one-way IP address hashing, and access controls to limit who within our organisation can access personal data. Our servers are hosted in the United Kingdom. For more detail, see our Trust & Security page.
By creating a paid account on SendDeck, you grant Riverforge Ltd a non-exclusive, royalty-free licence to display your company name and logo on our marketing website for the purpose of identifying you as a customer. This is used solely for social proof and customer reference purposes.
You may opt out at any time by contacting us via our contact form, and we will remove your logo within 14 days.
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of SendDeck after such changes constitutes your acceptance of the revised policy.
For all privacy enquiries:
Email: [email protected]
Post: Riverforge Ltd, 3rd Floor, 86–90 Paul Street, London, EC2A 4NE