1. Who We Are
The data controller for promtaix.com is Promtaix (“we”, “us”, “our”). We are responsible for deciding how and why your personal data is used. For data-related queries, contact us at:
Email: [email protected]
Website: promtaix.com/contact
2. What Data We Collect
We collect the following categories of personal data, depending on how you interact with the platform:
| Data category | What it includes |
| Account data | Name, email address, and password (hashed) when you register. |
| Usage data | Pages visited, prompts created or scored, features used, session duration, and interaction patterns within the platform. |
| Device & technical data | IP address, browser type, operating system, referring URL, and time zone — collected automatically when you visit. |
| Communications data | Any messages you send us via email, contact forms, or support requests. |
| Payment data | If you subscribe to a paid plan, billing information is processed by our payment provider (Stripe). We do not store full card details on our servers. |
| Cookies & tracking data | See our Cookie Policy below for full details. |
3. Why We Use Your Data (Legal Bases)
| Purpose | Legal basis (GDPR Art. 6) |
| To provide the platform | Contractual necessity — to operate your account, process your prompts, and deliver the features you signed up for. |
| To improve the product | Legitimate interest — to understand how the platform is used and where we should invest in improvements. |
| To send transactional emails | Contractual necessity — account confirmations, password resets, billing receipts. |
| To send product updates | Consent — only if you have opted in. You may opt out at any time. |
| To comply with legal obligations | Legal obligation — where the law requires us to retain or share information. |
| To prevent fraud and abuse | Legitimate interest — to keep the platform safe and functional for all users. |
4. How Long We Keep Your Data
- Account data — retained for the duration of your account, and deleted within 90 days of account closure unless legal obligations require longer retention.
- Usage data — retained in aggregated, anonymised form for up to 24 months for product analytics.
- Communication data — retained for up to 12 months from the date of last contact, unless the communication relates to a legal matter.
- Payment data — retained for 7 years to comply with financial record-keeping obligations.
5. Who We Share Your Data With
We do not sell your personal data. We share data with the following third-party service providers only where necessary to operate the platform:
| Third party | Purpose and privacy policy |
| Stripe | Payment processing — stripe.com/privacy |
| Google Analytics | Anonymised usage analytics — policies.google.com/privacy |
| Vercel / hosting provider | Platform infrastructure — vercel.com/legal/privacy-policy |
| Email service provider | Transactional and marketing emails (e.g. Postmark, Resend) |
| OpenAI / Anthropic APIs | Where AI-powered features process your prompt inputs — subject to their API data policies |
All third-party providers are bound by data processing agreements that require them to protect your data in accordance with GDPR and applicable privacy law.
6. International Data Transfers
Promtaix operates from [Country]. Some of our service providers process data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent protections.
7. Your Rights
Under GDPR (if you are in the EEA or UK) and CCPA (if you are a California resident), you have the following rights:
| Right | What it means |
| Right to access | Request a copy of the personal data we hold about you. |
| Right to rectification | Correct inaccurate or incomplete data. |
| Right to erasure (‘right to be forgotten’) | Request that we delete your personal data, subject to certain conditions. |
| Right to restrict processing | Ask us to limit how we use your data in specific circumstances. |
| Right to data portability | Receive your data in a structured, machine-readable format. |
| Right to object | Object to processing based on legitimate interest or for direct marketing. |
| Right to withdraw consent | Withdraw consent at any time where processing is consent-based. |
| CCPA: Right to opt out of sale | We do not sell personal data. This right is inherently honoured. |
| CCPA: Right to non-discrimination | Exercising your privacy rights will never affect the service you receive. |
To exercise any of these rights, email [email protected] with the subject line ‘Privacy Rights Request’. We will respond within 30 days (GDPR) or 45 days (CCPA). We may request verification of your identity before processing the request.
8. Data Security
We implement the following technical and organisational measures to protect your data:
- All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- Passwords are stored using industry-standard bcrypt hashing — we never store plaintext passwords.
- Access to personal data within our team is limited to those who need it to perform their role.
- We conduct regular security reviews and vulnerability assessments of our platform.
- In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.
9. Children’s Privacy
Promtaix is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and update the ‘Effective date’ at the top of this page. We encourage you to review this policy periodically.
11. How to Complain
If you have concerns about how we handle your data and we have been unable to resolve them, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk). In the EU, contact your national Data Protection Authority.