Privacy Policy

Last updated: June 27, 2026

This Privacy Policy explains how DeepMyst, Inc.(“Life is a Pitch”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you visit lifeisapitch.org, use the Life is a Pitchplatform, or otherwise interact with the related applications and services (together, the “Services”). The Services let you create, edit, share, and collaborate on presentations and visual documents with the help of artificial intelligence.

For personal data we process about you when you use the Services for your own purposes, DeepMyst, Inc.is the “controller” (or, under U.S. state laws, the “business”). When a business customer uses the Services to process personal data of its own users or contacts, that customer is the controller and we act as a processor on its behalf, as described in our Data Processing Agreement.

Who we are and how to contact us

The Services are operated by DeepMyst, Inc., 474 Hyde Park Ave, Roslindale, MA 02131. If you have questions about this Policy or want to exercise a privacy right, email admin@deepmyst.com or write to us at the postal address above. We do not have an appointed Data Protection Officer or an EU/UK Article 27 representative. If you are in the EEA, the UK, or Switzerland, you may contact us directly using the details above, and you may also contact your local data-protection supervisory authority (see Your rights below).

Scope

This Policy applies to personal data we process through the Services. It does not apply to third-party websites, applications, or services we do not control, even where they link to or from the Services. Your use of the Services is also governed by our Terms of Use.

Personal data we collect

We collect the following categories of personal data:

• Account and identity data. When you register we collect your name, email address, and the authentication identifiers managed by our authentication provider (Clerk). If you sign in with Google, we receive the basic profile information and email address your Google account makes available to us.
• Billing data. Payments are processed by Stripe. We do not receive or store full card numbers; Stripe handles your card data and shares limited details with us (such as your plan, subscription and payment status, billing country, and the card brand and last four digits) so we can operate billing.
• Content you provide. The prompts you write, the deck and presentation content you generate or edit, files and images you upload, and other materials you submit through the Services. This content may contain personal data that you chooseto include — for example, names or contact details of people you reference in a deck. You are responsible for ensuring you may share that content with us.
• Usage, device, and log data. Information about how you interact with the Services, including log files, IP address, browser and device type, operating system, referring pages, timestamps, feature usage, and diagnostic and performance data.
• Approximate location. We derive an approximate, city- or region-level location from your IP address to operate, secure, and localize the Services. We do not collect precise geolocation.
• Cookies and similar technologies. Identifiers stored on your device that keep you signed in, maintain your session, and support product analytics (see Cookies and analytics).
• Support and other communications. The content of messages you send us, including support requests and any attachments, and records of our correspondence with you.

Sources of data

We collect personal data directly from you (when you register, configure your account, submit content, pay for the Services, or contact us); automatically from your device and use of the Services (usage, device, log, cookie, and approximate-location data); and from third parties that help us provide the Services — for example, our authentication provider (Clerk) and any third-party sign-in you use (such as Google), and our payment processor (Stripe).

How we use your data and our legal bases

Where the EU or UK GDPR applies, we rely on the following legal bases for each purpose:

• Provide and operate the Services— create and manage your account, generate, edit, render, store, export, and share your decks, and enable collaboration. Legal basis: performance of a contract (Art. 6(1)(b)).
• Process payments and manage subscriptions— take payment, manage plans and credits, and issue receipts. Legal basis: performance of a contract (Art. 6(1)(b)); compliance with a legal obligation for tax and accounting records (Art. 6(1)(c)).
• Support and communicate with you— respond to requests and send operational and account messages such as service, security, and billing notices. Legal basis: performance of a contract (Art. 6(1)(b)); our legitimate interest in supporting and informing our users (Art. 6(1)(f)).
• Secure, monitor, debug, and improve the Services — detect and prevent fraud and abuse, maintain reliability and security, troubleshoot, and develop new features. Legal basis: our legitimate interest in keeping the Services secure, reliable, and competitive (Art. 6(1)(f)), balanced against your rights and freedoms.
• Marketing communications— send you marketing messages where you have opted in or where otherwise permitted by law. Legal basis: consent (Art. 6(1)(a)) or, where permitted, our legitimate interest in promoting the Services (Art. 6(1)(f)). You may withdraw consent or unsubscribe at any time.
• Optional cookies and product analytics— understand and improve how the Services are used. Legal basis: consent (Art. 6(1)(a)) where required by law; otherwise our legitimate interest in understanding and improving the Services (Art. 6(1)(f)).
• AI-model training (where applicable)— as described under AI processing and model training. Legal basis: consent (Art. 6(1)(a)) for users in the EEA, UK, and Switzerland; for other users, our legitimate interest in improving our AI models (Art. 6(1)(f)), subject to your right to opt out.
• Comply with law and enforce our terms— meet legal and regulatory obligations, respond to lawful requests, and establish, exercise, or defend legal claims. Legal basis: compliance with a legal obligation (Art. 6(1)(c)); our legitimate interest in protecting our rights and the Services (Art. 6(1)(f)).

AI processing and model training

To create and edit your decks, the prompts and deck content you submit are sent to our AI generation engine (DeepMyst) and, through it, to the underlying AI model providers OpenAI and Anthropic, which process your content to return a result. These model providers process the content under their own terms in order to generate, edit, and render your decks and images. We also use your content to operate, secure, debug, and improve the Services, including the quality and reliability of our AI features.

AI training. If you are on a Team or Business plan, we do not use your content to train our AI models. If you are a user in the EEA, the United Kingdom, or Switzerland, we will not use your content to train, improve, or refine our AI models unless you give prior affirmative opt-in consent in your account settings. If you are any other user, we may use your content to train, improve, and refine our models unless you opt out, which you can do at any time in your account settings. Withdrawing consent or disabling this use takes effect on a going-forward basis only; it does not affect training already completed before you withdrew or disabled it, which cannot be technically reversed. You can review and manage these training controls in your account settings, and we honor the choices available under your plan and location. This mirrors Section 4.5 of our Terms of Use.

Cookies and analytics

We use cookies and similar technologies that are strictly necessary to keep you signed in and to maintain your session (via Clerk), and we use product analytics (PostHog) to understand how the Services are used so we can improve them. You can control cookies through your browser settings; disabling strictly necessary cookies may break sign-in and core features. Our Services do not currently respond to “Do Not Track” (DNT) browser signals, because there is no common industry standard for how to interpret them; where the law requires us to honor an opt-out preference signal for the sale or sharing of personal data, we treat it as a valid request (see the California section below).

How we share your data

We share personal data only as described here. We engage the sub-processors below, each of which processes personal data on our behalf for the stated purpose and is located in the United States:

• Clerk— authentication and user management. United States.
• Stripe— payment processing. United States.
• Resend— transactional email delivery. United States.
• Render— application hosting and managed PostgreSQL database. United States.
• Cloudflare— object storage (R2) and DNS / edge network. United States.
• DeepMyst— AI generation engine that powers deck creation and editing. United States. DeepMyst's downstream AI model providers, OpenAI and Anthropic, process your content to return AI results. United States.
• PostHog— product analytics. United States.

We may also disclose personal data: (a) to comply with applicable law, regulation, legal process, or an enforceable governmental request, and to protect the rights, property, and safety of DeepMyst, Inc., our users, and the public (legal and safety); and (b) in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, in which case we will require the recipient to honor this Policy or notify you of any material change (business transfers).

We do not sell or share your personal data

We do not sell your personal data, and we do not share it for cross-context behavioral advertising, as those terms are defined under California and other U.S. state privacy laws. We have not done so in the preceding twelve (12) months.

International data transfers

We and our sub-processors are located in, and process personal data in, the United States and potentially other countries. Where we transfer personal data from the EEA, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (Commission Decision (EU) 2021/914) and, for UK transfers, the UK International Data Transfer Addendum (IDTA) to those Clauses. You may request more information about these safeguards using the contact details above.

Data retention

We keep personal data only for as long as we need it for the purposes described in this Policy. We determine retention periods using criteria such as: how long your account remains active; how long we need the data to provide and support the Services; whether we must retain it to comply with legal, tax, accounting, or regulatory obligations; and whether retention is needed to establish, exercise, or defend legal claims or to resolve disputes. When you delete a deck it is removed from the Services. When you close your account, we delete or de-identify your personal data, except where we are required or permitted by law to retain it for a longer period.

Security

We use encryption in transit and at rest, access controls, and reputable infrastructure providers to protect personal data. You can read more about our safeguards on our Security page. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your rights

Depending on where you live, you have privacy rights described below. We will not discriminate against you for exercising any of them.

EEA, UK, and Switzerland (GDPR)

If you are in the EEA, the United Kingdom, or Switzerland, you have the right to: access your personal data; have inaccurate data rectified; have your data erased; restrict or object to certain processing (including processing based on our legitimate interests, and processing for direct marketing); receive your data in a portable format and have it transmitted to another controller where technically feasible; and, where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with your local data-protection supervisory authority.

How to exercise your rights

You can manage and delete your decks in the app, update your account details in your account settings, and adjust your marketing and AI-training preferences in account settings. To make any other request, email admin@deepmyst.com. We may need to verify your identity before acting on a request, and we will respond within the timeframes required by applicable law (generally within one month under the GDPR and within forty-five (45) days under California law, each extendable where the law allows). There is no charge for a request unless it is manifestly unfounded or excessive.

California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the rights described in this subsection.

Categories of personal information we collect. In the preceding twelve (12) months, we have collected the following statutory categories of personal information, which map to the data described in Personal data we collect above: identifiers (such as name, email address, account and authentication identifiers, and IP address); customer records and commercial information (billing and subscription details processed via Stripe; we do not receive full card numbers); internet or other electronic network activity information (usage, device, and log data); approximate (non-precise) geolocation derived from IP address; audio or visual or other content you submit (prompts, deck content, and uploads, which may contain personal data you choose to include); and inferences only as needed to operate and improve the Services.

Business and commercial purposes. We collect and use these categories for the business purposes described in How we use your data: providing, operating, securing, and improving the Services; processing payments; providing support; preventing fraud and abuse; and complying with law.

Categories disclosed for a business purpose. In the preceding twelve (12) months, we disclosed identifiers, customer records/commercial information, internet activity information, approximate geolocation, and submitted content to our service providers / sub-processors (listed under How we share your data) for the business purposes described above. We have not sold personal information and have not shared it for cross-context behavioral advertising.

Your California rights. You have the right to know and access the personal information we have collected about you; to delete your personal information; to correct inaccurate personal information; to opt out of the sale or sharing of personal information (we do not sell or share, so there is nothing to opt out of, but we will treat a valid opt-out preference signal as a request); and to limit the use and disclosure of sensitive personal information. We do not use sensitive personal information to infer characteristics about you. You may exercise these rights yourself or through an authorized agent acting on your behalf; we may require the agent to provide proof of authorization and may verify your identity directly. You will not receive discriminatory treatment for exercising your rights. To make a request, email admin@deepmyst.com.

Children

The Services are not directed to, and we do not knowingly collect personal data from, children under sixteen (16). Users who are sixteen (16) to eighteen (18) (or below the age of majority in their jurisdiction) may use the Services only with the consent and involvement of a parent or legal guardian, consistent with Section 2.3 of our Terms of Use. If you believe a child has provided us personal data, contact us at admin@deepmyst.com and we will delete it.

Changes to this Policy

We may update this Policy from time to time. When we do, we will update the “Last updated” date above and, for material changes, provide additional notice where required by law. Your continued use of the Services after a change takes effect means you accept the updated Policy.

Contact us

Questions about this Policy or our privacy practices? Email admin@deepmyst.com. Life is a Pitch is operated by DeepMyst, Inc., 474 Hyde Park Ave, Roslindale, MA 02131.