Promptima

Promptima Privacy Policy

Effective date: August 17, 2025
Last updated: August 17, 2025

This Privacy Policy explains how Promptima ("we", "us", "our") collects, uses, shares, and protects information when you use our websites, apps, and services (the "Service").

If you do not agree with this policy, please do not use the Service.

1. Who we are & how to reach us

  • Operator: Promptima
  • Address: 8 The Green STE B, Dover, DE 19901
  • Email: privacy@promptima.ai (or support@promptima.ai)

If you are in the EEA/UK, you may also have GDPR rights described below.

2. Information we collect

a) Account & profile

  • Email, first/last name, password hash (via our auth provider), avatar (optional).
  • Sign-in metadata (timestamps, confirmations).

b) Usage & service data

  • Prompts, answers to intent-analysis questions, and optimization outputs you choose to run or save.
  • Feature usage and credit consumption (e.g., fast-enhance, intent wizard open, intent wizard generate).

c) Device & technical

  • IP address, device/browser info, approximate location (derived from IP), timestamps, diagnostics, crash logs.

d) Cookies & similar tech

  • Essential cookies for auth/session; optional analytics or preferences (if enabled).

e) Communications

  • Email address, support messages, product feedback, and survey responses.

We do not intentionally collect sensitive personal data unless you submit it in prompts. Avoid including personal or confidential data unless necessary.

3. How we use information

  • Provide the Service: Authenticate, compile prompts, run intent flows, and deliver outputs.
  • Improve & secure: Debug issues, prevent abuse, monitor reliability, and enhance quality.
  • Personalize: Remember settings and recent activity.
  • Communicate: Transactional emails (confirmations, resets), service changes, and—if you opt in—product updates.
  • Compliance: Enforce our Terms and comply with law.

4. Third-party processing & transfers

We use service providers ("processors") to operate Promptima. Examples include:

  • Authentication & database: Supabase
  • Hosting/CDN: Vercel (and similar)
  • Email: Resend (transactional messages)
  • Model providers: AI APIs that process your prompts to generate outputs

We transmit data to these providers as needed to fulfill your requests and operate the Service. Each provider processes data under its own terms and privacy policy. Where controls exist, we configure providers to avoid using API inputs/outputs for model training. We may transfer data to the U.S. or other countries where our providers operate. We use appropriate safeguards for cross-border transfers.

We maintain a current list of key subprocessors in our documentation or Subprocessors page.

5. Legal bases (EEA/UK)

Where GDPR applies, we rely on:

  • Contract (to provide the Service you request)
  • Legitimate interests (security, improvement, analytics consistent with user expectations)
  • Consent (for optional communications or non-essential cookies)
  • Legal obligation (complying with applicable law)

You can withdraw consent anytime where applicable.

6. Data retention

We keep personal data only as long as needed for the purposes above.

Typical defaults (configurable in admin):

  • Account data: while the account is active and for 2 years after closure (to handle disputes or legal obligations).
  • Prompt/optimization logs: default 30 days for debugging and quality, unless you delete sooner or opt out in settings (where available).
  • Email logs/consent records: as long as required by law.

We may anonymize or aggregate data for analytics.

7. Your choices & rights

  • Access / correction / deletion: Request a copy of your data, correct inaccuracies, or delete your account.
  • Portability: Request a machine-readable export where feasible.
  • Opt-out of marketing emails: Use the "Unsubscribe" link or change preferences in your account. Transactional emails (e.g., confirmations) will still be sent.
  • Cookie controls: Use in-product preferences and browser settings.
  • Do Not Track: We don't respond to DNT signals, but you can adjust cookie preferences as above.

EEA/UK residents: You may have additional rights under GDPR, and can lodge a complaint with your local supervisory authority.

To exercise rights, contact privacy@promptima.ai. We may need to verify your identity.

8. Security

We use reasonable technical and organizational measures to protect data (access controls, encryption in transit, least-privilege keys, audit logging). No system is 100% secure; please use strong passwords and keep credentials confidential.

We operate an incident response process and will notify you and/or authorities of certain breaches as required by law.

9. Children

The Service is not directed to children under 13 (or 16 where local law requires). If you believe a child has provided data to us, contact privacy@promptima.ai.

10. Changes to this policy

We may update this policy. If changes are material, we'll notify you by email or in-product. Continued use after the effective date means you accept the changes.

11. Contact

Questions or requests: privacy@promptima.ai
Address: 8 The Green STE B, Dover, DE 19901

12. Email compliance (CAN-SPAM and similar)

All marketing emails will include our postal address and a clear Unsubscribe mechanism. You can also adjust preferences in your account.

13. Subprocessors & model providers

We keep an updated list of core infrastructure and model providers in our docs. Where available, we configure providers to prevent training on your API data. Some providers may retain logs briefly for abuse and safety—see their policies.