Privacy
Policy

This Privacy Policy describes how PromptFlow, operated by PromptFlow Inc. ("we," "us," or "our"), collects, uses, and protects your personal information when you use our AI prompt engineering platform ("the Service"). We are committed to safeguarding your privacy and being transparent about our data practices. By using the Service, you agree to the collection and use of information in accordance with this policy.

We collect the following types of information: Account Information: When you create an account, we collect your email address, display name, and password (hashed and salted). If you sign up via a third-party provider (e.g., Google), we receive your name and email from that provider. Prompt Data: We store the prompts you submit for optimization, the enhanced outputs generated by our engine, saved templates, and agent configurations. This data is tied to your account and used solely to provide the Service. Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, prompt enhancement frequency, session duration, and timestamps. This data helps us improve the product. Payment Information: When you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed directly by Stripe, Inc. We do not store your full credit card number on our servers. We receive only a tokenized reference and basic transaction details (plan type, billing cycle, payment status). Device and Browser Information: We collect your IP address, browser type and version, operating system, device type, and referring URL for security, analytics, and fraud prevention purposes.

We use your information for the following purposes: Service Delivery: To provide, maintain, and improve the prompt optimization platform, including processing your prompts, generating enhanced outputs, and maintaining your account. Personalization: To customize your experience, including remembering your preferences, model selections, and frequently used templates. Communication: To send you account-related notifications, security alerts, and (with your consent) product updates and tips. You may opt out of non-essential communications at any time. Analytics: To understand usage patterns, identify popular features, and improve the Service. We use aggregated, anonymized data for analytics wherever possible. Security: To detect, prevent, and address fraud, abuse, and security incidents. Legal Compliance: To comply with applicable laws, regulations, and legal processes.

Your data is stored using the following services: Supabase: We use Supabase for authentication and database storage. Your account information, prompts, and application data are stored in Supabase-managed PostgreSQL databases with encryption at rest (AES-256) and in transit (TLS 1.3). Supabase infrastructure is hosted on AWS in the United States. Vercel: Our application is deployed on Vercel. Vercel handles request routing and serverless function execution. Vercel may process request metadata (IP address, headers) for CDN and performance optimization. Stripe: Payment processing is handled entirely by Stripe, Inc., a PCI DSS Level 1 certified payment processor. Your payment information is stored and processed on Stripe's secure infrastructure, not on our servers. All data transfers between your browser and our servers are encrypted using TLS 1.3.

We do not sell, rent, or trade your personal information to third parties. We share your data only in the following limited circumstances: Service Providers: We share data with trusted third-party service providers (Supabase, Stripe, Vercel) solely to operate the Service. These providers are contractually obligated to protect your data and use it only for the purposes we specify. Legal Requirements: We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or ensure the safety of our users. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your data. We will never use your prompts to train AI models or share your prompt content with third parties.

We use the following types of cookies and similar technologies: Essential Cookies: Required for the Service to function, including authentication tokens, session management, and security cookies. These cannot be disabled. Analytics Cookies: We use privacy-focused analytics to understand how the Service is used. This data is aggregated and does not personally identify you. Preference Cookies: To remember your settings, such as theme preference, selected AI model, and interface layout. We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

Depending on your location, you may have the following rights regarding your personal data: Right to Access: You may request a copy of the personal data we hold about you. Right to Rectification: You may request that we correct inaccurate or incomplete personal data. Right to Erasure: You may request that we delete your personal data. Upon request, we will delete your account and all associated data, including prompts, templates, and usage history. Right to Data Portability: You may request an export of your data in a structured, machine-readable format (JSON). Right to Restrict Processing: You may request that we limit how we process your data. Right to Object: You may object to our processing of your data for certain purposes, including direct marketing. Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time. Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights. To exercise any of these rights, contact us at team@deltaforce.agency. We will respond to your request within 30 days. We may request verification of your identity before processing your request.

We retain your data for as long as your account is active or as needed to provide the Service. Specifically: Account Data: Retained while your account is active. Deleted within 30 days of account deletion request. Prompt Data: Retained while your account is active. On the free plan, prompt history is retained for 7 days. On paid plans, prompt history is retained indefinitely until you delete it or close your account. Usage Analytics: Aggregated analytics data (which cannot identify you) may be retained indefinitely for product improvement. Payment Records: Transaction records are retained for 7 years as required for tax and accounting purposes. Backup Data: Encrypted backups may persist for up to 90 days after deletion from primary systems before being permanently purged.

We implement industry-standard security measures to protect your data, including: Encryption at rest (AES-256) and in transit (TLS 1.3) for all data. Secure password hashing using bcrypt. Regular security audits and vulnerability assessments. Access controls limiting employee access to user data on a need-to-know basis. DDoS protection and rate limiting. Automated threat detection and monitoring. While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have collected data from a child under 16, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us at team@deltaforce.agency.

Your data may be processed and stored in the United States, where our infrastructure providers are located. If you are located outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place, including standard contractual clauses, to protect your data in compliance with applicable data protection laws.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on the Service and updating the "Last Updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after the changes take effect constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: team@deltaforce.agency Company: PromptFlow, operated by PromptFlow Inc. We will respond to all privacy-related inquiries within 30 days.