Overview
The Pitchly Add-in is a Microsoft PowerPoint VSTO add-in that runs locally within the PowerPoint desktop application. It assists users in retrieving published content from Pitchly’s web application located at https://platform.pitchly.com. The Pitchly PPT add-in does not execute remote code.
The Pitchly PPT add-in accesses Elements content with standard http requests the same as any web browser. The PPT add-in retrieves the following information from a client account:
· Organization name and user settings
· Workspace(s) with Elements app installed
· Data tables with Elements app installed to access records, fields, field values, and views
· Elements template(s) and preset export layout options
· Elements preset layouts
User Access
When installed, the PPT add-in requests a username and password to access the content library. This is the same username and password combination used in the web platform and is safeguarded with organization settings (i.e. MFA as standard, and Single Sign-On if enabled).
Data Access
The add-in accesses PowerPoint presentation content only when explicitly initiated by the user, including slide text, shapes, tables, charts, images, and metadata. It may access user-selected files via standard file dialogs. It does not access email content, other Office applications, background user activity, or files outside user selection.
File System Permissions
The add-in runs under standard user permissions and requires no administrative access. File access is limited to user-selected files and application configuration or cache directories under the user profile. The add-in may write/read from %LOCALAPPDATA%\Temp, %LOCALAPPDATA%\Pitchly\ or %APPDATA%\Pitchly\.
Network Access
The add-in makes outbound HTTPS (TLS 1.2+) connections to Pitchly-controlled services for authentication and syncing presentation-related content. It does not accept inbound connections, open ports, or communicate with third-party services.
Authentication & Authorization
Authentication uses Pitchly’s secure authentication mechanisms with role-based access controls. Credentials are not stored in plain text.
Data Handling & Storage
All data in transit is encrypted. Local caching is minimal and stored under the user profile, cleared on sign-out or uninstall when applicable.
Installation & Updates
The add-in is distributed via a signed VSTO installer. Updates are managed through Pitchly’s controlled release process.
Security Posture
The add-in does not execute arbitrary scripts, inject code into other processes, or bypass endpoint protection.
Uninstall Behavior
The add-in can be fully removed using standard Windows uninstall mechanisms with no residual background services.