Decktype Privacy Boundaries for Confidential and NDA Work
A practical boundary map for local .deck files, external AI providers, exports and confidential client work.

A native local editor removes one cloud dependency; it does not make every step of an AI workflow local. For confidential work, the useful question is not “Is the app private?” but “Which system receives each piece of information?”
What stays local in Decktype
Decktype opens and saves .deck files on the Mac. Kairia does not automatically receive the file contents. The presentation, its resources and manual overrides remain where you choose to store them.
The application still contacts the official release channel for downloads or update checks. As with any web server, that channel can process technical request logs such as an IP address, date and requested file.
What an external agent receives
If you paste a client brief into Claude, OpenAI or another provider, that provider receives the text and attachments you send. Decktype cannot change the provider’s retention, training or regional-processing rules.
Check the exact account and service you use. Anthropic, for example, documents different controls for commercial and consumer offerings in its Privacy Center. Other providers publish their own enterprise and privacy terms. Recheck them when your contract or workflow changes.
A defensible NDA workflow
- Classify the source material before opening any AI tool.
- Remove names, identifiers and unnecessary figures from the prompt when possible.
- Use an organization-approved provider and account, or a genuinely local model when the brief must not leave the device.
- Keep the
.deckfile in an approved encrypted location and control backups. - Review generated text for unintended disclosure and factual errors.
- Export only the format the recipient needs.
- Inspect the final PDF or PowerPoint file, including notes, embedded assets and metadata.
- Apply the client’s retention and deletion schedule after delivery.

A real render is evidence of layout, not evidence of a particular compliance level.
Questions to answer before a sensitive engagement
- Does the client permit generative AI for this data class?
- Which provider account will receive the prompt?
- Is content used for training by default, by opt-in, or under exceptional safety review?
- How long are inputs and outputs retained?
- Where are the file, autosave copies and backups stored?
- Who receives the final export, and can they forward it?
Does Decktype certify an enterprise workflow?
No. Decktype provides a local file and editor boundary. Compliance depends on your device, organization, AI provider, contract, configuration and operating process. A security team should assess the complete chain for regulated or high-risk use.
For the precise product boundary and disclosure channel, read Decktype security and the privacy policy.