Privacy Policy

1. Introduction

PromptAssist ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered prompt optimization platform and related services (the "Service").

This Privacy Policy complies with: GDPR (EU), CCPA (California), PIPEDA (Canada), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, company name (for enterprise accounts)
• Profile Data: Profile photo, job title, preferences, and settings
• Content: Prompts, text inputs, optimization preferences, and any content you upload or create
• Payment Information: Billing address, subscription details (processed securely by our payment processor, Paddle)
• Communications: Messages you send to our support team or through our contact forms
• Feedback: Ratings, reviews, and survey responses

2.2 Information Collected Automatically

• Usage Data: Features used, time spent, clicks, and navigation patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs, access times, and error messages
• Cookies and Tracking: See our Cookie Policy

2.3 Third-Party Sources

• AI Providers (OpenAI, Anthropic, etc.) for service functionality
• Payment processors for billing and subscription management
• Analytics providers for service improvement
• Customer support tools

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Service
• Process and optimize your AI prompts
• Generate workflows and analytics
• Process payments and manage subscriptions
• Communicate with you about service updates and support
• Comply with legal obligations
• Detect and prevent fraud or abuse
• Conduct research and analytics to improve our AI models

4. Legal Bases for Processing (GDPR)

We process your personal data based on:

• Contract: To provide the Service you requested (Art. 6(1)(b) GDPR)
• Legitimate Interest: For service improvement, security, and analytics (Art. 6(1)(f) GDPR)
• Consent: For marketing communications and optional analytics (Art. 6(1)(a) GDPR)
• Legal Obligation: To comply with applicable laws (Art. 6(1)(c) GDPR)

5. Information Sharing and Disclosure

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• AI Providers: Your prompts are processed by AI providers (OpenAI, Anthropic) to provide optimization services. Their use of your data is governed by their respective privacy policies.
• Payment Processing: Paddle processes payment information. We do not store credit card details.
• Cloud Infrastructure: Secure cloud hosting and data storage providers
• Analytics: Anonymized usage analytics to improve our Service
• Customer Support: Support ticket systems and communication tools

5.2 Legal Requirements

We may disclose information if required to:

• Comply with laws, regulations, or legal process
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Protect the rights and safety of our users

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify users of any such change.

5.4 We Do NOT Sell Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion (unless longer retention is required by law)
• Prompts and Content: Retained according to your subscription plan and account settings. Enterprise customers may request custom retention periods.
• Usage Analytics: Aggregated and anonymized data may be retained indefinitely for service improvement
• Communication Records: Retained for 3 years for customer support purposes
• Payment Information: Retained as required by financial regulations and tax laws

7. Your Rights and Choices

7.1 General Rights

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("Right to be Forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests

7.2 GDPR Rights (EU Residents)

If you are in the European Economic Area (EEA), you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

7.3 CCPA Rights (California Residents)

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed
• Say no to the sale of personal information
• Access personal information
• Delete personal information
• Equal service and price, even if you exercise your privacy rights

Do Not Sell My Information: California residents can opt out of data sales by contacting privacy@promptassist.com

7.4 PIPEDA Rights (Canadian Residents)

Canadian residents have rights under PIPEDA, including access to personal information and the ability to challenge its accuracy and compliance with our privacy policies.

8. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication
• Employee training on data protection
• Incident response procedures
• Secure cloud infrastructure with SOC 2 compliance

Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify affected users within 72 hours and relevant authorities as required by law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• EU-U.S. Data Privacy Framework for transfers to certified U.S. companies
• Standard Contractual Clauses (SCCs) for other international transfers
• Adequacy decisions by the European Commission

10. AI and Machine Learning

Our Service uses AI to optimize prompts and analyze content. Your prompts may be used (in aggregated, non-identifiable form) to improve our AI models. We do not use sensitive personal data for model training without explicit consent.

11. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we discover we have collected a child's information, we will delete it immediately.

12. Cookies and Tracking Technologies

We use cookies and similar technologies. For detailed information, see our Cookie Policy. You can control cookies through your browser settings, but disabling them may affect Service functionality.

13. Email Communications

We may send you service-related emails (account verification, billing, security alerts) and, with your consent, marketing communications. You can opt out of marketing emails at any time by clicking the unsubscribe link or contacting us.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our Service
• Sending an email to registered users
• Displaying a notice in the Service

The "Last Updated" date indicates when changes were made.

16. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our privacy practices. You can contact the DPO at:

• Email: dpo@promptassist.com
• Address: PromptAssist DPO, [Company Address]

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

• Email: privacy@promptassist.com
• Contact Form: /contact
• Mail: PromptAssist Privacy Team, [Company Address]

18. Your Data Controller

PromptAssist is the data controller for your personal information. Our contact details are provided above.