Privacy Policy

Last Updated: January 17, 2025

1. Introduction

Promptota ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI prompt analysis service. This policy complies with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) requirements.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Password (encrypted and never stored in plain text)
  • Account creation date

2.2 User Content

We collect and store the content you create using our Service:

  • Prompt text and titles
  • Version history of your prompts
  • Analysis results and suggestions
  • AI-generated improvements and rewrites

2.3 Usage Data

We automatically collect certain information about your use of the Service:

  • Analysis usage and frequency
  • Feature usage patterns
  • Performance metrics (page load times, error rates)
  • Device and browser information

2.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card information. We only receive and store:

  • Stripe customer ID
  • Subscription status and tier
  • Billing history (amounts and dates, not payment methods)

2.5 Analytics Data

We use third-party analytics services to understand how users interact with our Service:

  • Microsoft Clarity: Session recordings, heatmaps, and user behavior analytics
  • Google Analytics: Traffic sources, page views, and user demographics

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Process and analyze your prompts using Google Gemini AI
  • Account Management: Authenticate users and manage subscriptions
  • Payment Processing: Process subscription and boost pack purchases via Stripe
  • Service Improvement: Analyze usage patterns to improve features and performance
  • Communications: Send service-related emails (account notifications, billing updates)
  • Security: Detect and prevent fraudulent activity and security breaches
  • Legal Compliance: Comply with applicable laws and regulations

4. Third-Party Services and Data Sharing

We share your information with the following third-party service providers:

4.1 Essential Service Providers

  • Supabase: Authentication and database hosting (your email and prompt data)
  • Google Gemini: AI analysis service (your prompt content is sent for analysis)
  • Stripe: Payment processing (billing information, not stored by us)
  • Cloudflare: Website hosting and content delivery

4.2 Analytics Providers

  • Microsoft Clarity: User behavior analytics (anonymized usage data)
  • Google Analytics: Website traffic and user demographics

These third parties have their own privacy policies and data processing practices. We do not sell your personal information to third parties.

5. Data Storage and Security

5.1 Storage Location

Your data is stored in Supabase's PostgreSQL database, hosted on secure servers in the United States.

5.2 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption at rest for all data
  • Encrypted connections (HTTPS/TLS) for data in transit
  • Row-Level Security (RLS) to isolate user data
  • Regular security audits and updates
  • Access controls and authentication

5.3 Data Retention

  • Active Accounts: Data retained while your subscription is active
  • Starter Plan: Version history retained for 30 days
  • Pro/Max Plans: Unlimited version history retention
  • Deleted Accounts: All data permanently deleted within 30 days
  • Backup Systems: Backups may retain data for up to 90 days for disaster recovery

6. Your Rights and Choices

6.1 GDPR Rights (EU Users)

If you are in the European Economic Area, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

6.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about data collection and use
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

6.3 How to Exercise Your Rights

You can exercise your rights through:

  • Account Settings: Update profile information, export data, delete prompts
  • Export Functionality: Download your prompts in .txt or .docx format
  • Email Request: Contact privacy@promptota.com for data access or deletion requests
  • Account Deletion: Permanently delete your account and all associated data

6.4 Analytics Opt-Out

You can opt out of analytics tracking:

  • Google Analytics: Use browser extensions like Google Analytics Opt-out
  • Microsoft Clarity: Adjust your browser's privacy settings to block tracking

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Collect usage statistics (Microsoft Clarity, Google Analytics)

You can control cookies through your browser settings, but disabling certain cookies may limit Service functionality.

8. International Data Transfers

If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR and other applicable regulations.

9. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete that information immediately. If you believe we have collected information from a child under 13, please contact us at privacy@promptota.com.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovering the breach.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through a prominent notice on the Service. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Information

For privacy-related questions, requests, or concerns, please contact us at:

Email: privacy@frontick.com

Data Protection Officer: privacy@frontick.com

We will respond to all legitimate requests within 30 days.

13. Complaints and Disputes

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority.

EU Users: You can contact your national data protection authority.
UK Users: Information Commissioner's Office (ICO)
California Users: California Attorney General's Office

Disclaimer: This Privacy Policy is provided as a template and should be reviewed by a qualified attorney before use. Promptota makes no warranties about the legal adequacy of this policy for your specific situation or jurisdiction.