Privacy Policy

Last updated: March 17, 2026

Your Privacy Matters to Us

This Privacy Policy explains how Semlr Limited ("Semlr," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use slideXchange or Semlr Studio (collectively, "Services", “Platform”). Semlr Limited is registered in Bermuda. In the United States, certain services may be provided by our wholly-owned subsidiary, Semlr US Limited, a Delaware C-corporation. References to "Semlr" include both entities where applicable.

The short version: We collect only what we need, we don’t sell your data, and we work hard to keep it safe.

By visiting our website or using our Services, you agree to the practices described in this Policy. If you have any questions, please reach out to our Privacy Officer at legal@semlr.com.

1. Our Privacy Officer

In accordance with Bermuda's Personal Information Protection Act 2016 (PIPA), Semlr has designated a Privacy Officer who is responsible for overseeing our compliance with applicable data protection laws and serving as the point of contact for privacy-related enquiries and complaints.

Privacy Officer

Name: Akiva Elias

Title: COO

Email: legal@semlr.com

Organisation: Semlr Limited, Bermuda

2. What Information We Collect

We collect a few different types of information, depending on how you use our Services.

Information you give us directly

When you register for an account or interact with us, you may provide:

  • Account information: Your name and email address when you sign up.

  • Organisational information: If your account is set up through an enterprise agreement with your employer or institution, we may receive your contact details from them.

  • Communications: Any information you include when you contact us for support, business enquiries, or partnership discussions.

Information we collect automatically

When you use our Services, we automatically collect certain technical and usage information ("Navigational Information"), including:

  • Your IP address and approximate location (country/city level)

  • Browser type, version, and operating system

  • Pages you visit, links you click, and features you use

  • Date and time of your visits

  • How you arrived at our site (e.g., from a search engine or a shared link)

  • Device type and screen resolution

  • Errors you encounter and page load times

We collect this information using cookies and similar tracking technologies. See Section 6 for more detail on cookies and how to manage them.

Your content

Our Services let you upload, store, share, and process presentation files and other materials ("Content"). We store your Content on your behalf to provide the Services. Please note the important restrictions on use of this Content described in Section 4 below and in our Terms of Service.

Information from third parties

If you connect third-party services or sign in using a third-party account (such as Google or LinkedIn), we may receive information from that provider, subject to their own privacy policies.

3. How We Use Your Information

We use your information only for the following purposes:

  • To provide and run the Services: We need your account information and Content to make the Services work, including sharing, collaboration, and analytics features.

  • To communicate with you: We may use your email address to send service updates, security notices, and policy changes. If you opt in, we may also send product news and tips.

  • To improve our Services: We use Navigational Information to understand how people use the Platform so we can make it better.

  • To personalise your experience: We may use usage data to surface content or features that are more relevant to you.

  • To detect and prevent fraud: We monitor for unauthorised access, abuse, and illegal activity to protect you and other users.

  • To comply with legal obligations: Sometimes we are required by law or regulation to process or disclose certain information.

Legal bases for processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal information under the following legal bases:

  • Contract performance: We process your account data because it is necessary to perform our contract with you (i.e., to provide the Services).

  • Legitimate interests: We process Navigational Information to improve our Services, prevent fraud, and ensure security, where our interests are not overridden by your rights.

  • Legal obligation: We may process data where required to comply with applicable law.

  • Consent: Where we rely on your consent (e.g., for marketing emails), you may withdraw it at any time.

4. Your Content and How We Handle It

You own your content. We only use it to provide the Services to you.

When you upload Content to the Platform, you retain full ownership of it. We store and process your Content only to:

  • Deliver the sharing, viewing, and analytics features of the platform

  • Allow you and your chosen recipients to access it

  • Comply with a legal obligation or lawful government request

  • Respond to a genuine emergency involving risk of serious harm to a person

We do not use your Content to train AI models, sell it to third parties, or share it with anyone except as described above or with your explicit permission.

Important limitation: The Platform is not a financial records system. You must not use it as the official repository for financial statements, accounting records, audit documentation, or any content subject to mandatory financial retention requirements. Semlr does not retain user Content for the 7-year period required for financial records in most jurisdictions, unless a specific written enterprise agreement requires otherwise. Please use a purpose-built financial records system for any such content.

You are responsible for ensuring that your Content is legal, that you have the rights to upload and share it, and that it is used in accordance with our Terms of Service.

5. When We Share Your Information

We do not sell, rent, or trade your personal information or your Content. Full stop.

We may share your information only in the following limited circumstances:

Service providers

We work with trusted third-party companies to help us operate the Services (for example, cloud hosting, analytics, and email delivery providers). These providers process your data only on our behalf and under our instructions. They are contractually required to keep your data secure and confidential and may not use it for any other purpose.

Our servers and data infrastructure are hosted in the United Kingdom. Your data may also be processed in other countries where our service providers operate. When this happens, we ensure appropriate safeguards are in place (see Section 9 on international transfers).

Legal requirements

We may disclose your information if we genuinely believe it is necessary to:

  • Comply with applicable law, regulation, legal process, or a valid government request

  • Detect, investigate, or prevent fraud, unauthorised access, or security incidents

  • Enforce our Terms of Service

  • Protect the rights, property, or safety of Semlr, our users, or the public

Business transitions

If Semlr undergoes a merger, acquisition, or sale of all or a substantial part of our assets, your data may be transferred to the new entity. We will post a prominent notice on our website at least 30 days before any such change affects your data, and the new entity will be bound by this Privacy Policy.

With your permission

Apart from the situations above, we will only share your data with your explicit consent.

6. Cookies and Tracking Technologies

What are cookies?

Cookies are small text files placed on your device when you visit our website. They help us recognise you, remember your preferences, and understand how you use our Services.

What we use cookies for

  • Essential cookies: These are necessary for the site to function (e.g., keeping you logged in). You cannot opt out of these without affecting how the Services work.

  • Analytics cookies: We use these to understand how visitors use our Services so we can improve it. This data is aggregated and not linked to individual users.

  • Preference cookies: These remember your settings and preferences to make your experience smoother.

Managing cookies

You can control cookies through your browser settings. Most browsers let you block or delete cookies. Note that disabling cookies may affect some features of our Services.

We do not currently respond to "Do Not Track" signals from browsers, as there is no consistent industry standard for them. You can manage your cookie preferences as described above.

7. How Long We Keep Your Data

We keep your data only as long as necessary to provide the Services and meet our legal obligations. The table below sets out our standard retention periods.

  • Account data (name, email, login history): Retained until your account is deleted.

  • User Content (uploaded files and presentations): Retained until your account is deleted. While your account is active, files that are deleted are placed in a “soft” delete mode for a period of 1 month, after which they are permanently deleted. Please note: the Platform is not a long-term archive or official records system — please maintain your own backups.

  • Usage, analytics, and file sharing data (Navigational Information): Retained as needed for data integrity and audit purposes.

  • Support communications: Retention is determined by the support team based on criteria like fraud prevention, dispute resolution, and audit purposes.

If you would like to request deletion of your data before these periods expire, please see Section 8 for your rights.

8. Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal information. We want to make it easy to exercise them.

Rights available to all users

  • Access: You can ask us what personal information we hold about you.

  • Correction: If your information is inaccurate or incomplete, you can ask us to fix it.

  • Deletion: You can ask us to delete your personal information, subject to certain legal exceptions (e.g., records we are required by law to retain).

  • Data portability: You can request a copy of your personal data in a common, machine-readable format.

  • Opt out of marketing: You can unsubscribe from marketing emails at any time using the unsubscribe link in any email, or by contacting us.

Additional rights for EEA and UK residents (GDPR / UK GDPR)

If you are located in the EEA or the United Kingdom, you also have the right to:

  • Object to processing of your data where we rely on legitimate interests

  • Restrict our processing of your data in certain circumstances

  • Withdraw consent at any time, where processing is based on consent

  • Lodge a complaint with your local data protection authority

For EEA users, you may contact your national supervisory authority. For UK users, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.

Bermuda residents (PIPA)

If you are located in Bermuda, you have rights under the Personal Information Protection Act 2016 (PIPA), including the right to access, correct, and request deletion of your personal information. Complaints may be directed to our Privacy Officer (see Section 1) or to Bermuda's Office of the Privacy Commissioner at www.privacy.bm.

California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including:

  • Right to know: You can ask us to disclose the categories and specific pieces of personal information we have collected about you.

  • Right to delete: You can ask us to delete personal information we hold about you, subject to certain exceptions.

  • Right to correct: You can ask us to correct inaccurate personal information.

  • Right to opt out of sale or sharing: We do not sell or share your personal information. We will honour any opt-out request.

  • Right to non-discrimination: We will not treat you differently for exercising any of your privacy rights.

To submit a California privacy request, email us at legal@semlr.com with the subject line "California Privacy Request."

How to exercise your rights

To exercise any of the rights above, please contact our Privacy Officer at legal@semlr.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

9. International Data Transfers

Semlr is a global service. Your data may be transferred to and processed in countries other than the one where you live, including the United Kingdom, the United States, and other countries where our service providers operate.

For transfers of personal data from the EEA or the UK to countries without an adequacy decision from the relevant authority, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission, and the UK International Data Transfer Agreement (IDTA) or equivalent where required.

For transfers from Bermuda to overseas third parties, Semlr remains responsible for ensuring that those parties provide a comparable level of protection to that required under PIPA, typically through contractual mechanisms.

If you have questions about international data transfers, please contact our Privacy Officer at legal@semlr.com.

10. How We Protect Your Data

We take the security of your data seriously. We use industry-standard safeguards including:

  • End-to-end encryption for data in transit

  • Encryption of content at rest

  • Access controls limiting who at Semlr can access your data

  • Regular security reviews and vulnerability assessments

  • Dedicated servers for Semlr data at our third-party hosting provider

That said, no system is 100% secure. No data transmitted over the internet is completely guaranteed to be safe. We work hard to protect your data, but we cannot make absolute guarantees.

You are responsible for keeping your own account credentials secure. Please use a strong password and don't share it with anyone. If you suspect your account has been compromised, please contact us immediately at support@semlr.com.

Data breach notification

If we become aware of a security breach that is likely to adversely affect your personal data, we will notify you and any applicable regulators as required by law (including within 72 hours under GDPR and as soon as reasonably practicable under PIPA), and will take prompt steps to contain and remediate the issue.

11. Children's Privacy

Our Services are not directed at or intended for children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a child, please contact our Privacy Officer at legal@semlr.com and we will delete it promptly.

12. Third-Party Websites and Services

Our website and Services may contain links to third-party websites or integrate with third-party tools. This Privacy Policy applies only to our Services. Once you leave our platform or interact with a third-party service, their privacy policy governs. We encourage you to read those policies before sharing any personal information.

We store your Content with a reputable third-party cloud hosting provider on servers dedicated to Semlr. This provider is contractually bound to maintain appropriate security standards.

13. Enterprise Customers and Data Processing Agreements

If your organisation uses our Services under an enterprise or business agreement, a separate Data Processing Agreement (DPA) may govern the processing of personal data on your behalf. In that case, the DPA takes precedence over this Privacy Policy to the extent of any conflict.

Enterprise DPAs may include bespoke data retention terms, including longer retention periods for specific data categories where required by the customer's own legal obligations. Outside of a specific written enterprise agreement, Semlr's standard retention periods (Section 7) apply.

If your organisation requires a DPA, please contact our Privacy Officer at legal@semlr.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we'll update the date at the top of this page. For significant changes, we'll do our best to notify you via email or an in-app notice.

We encourage you to review this Policy periodically. Continued use of our Services after an update means you accept the revised Policy.

15. How to Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please get in touch:

Privacy Officer, Semlr Limited

Email: legal@semlr.com

Support: support@semlr.com

Website: www.semlr.com

We will respond to all privacy-related requests within 30 days (or the timeframe required by applicable law).