Privacy Policy

Effective Date: December 1, 2024
Last Updated: December 1, 2024

PromptImage ("we," "us," "our," or "the Platform") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our services.

Please read this Privacy Policy carefully. By using PromptImage, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide, including:

Account Information:

Name and username
Email address
Password (encrypted)
Profile information

Contact Information:

Name and email when you contact us
Message content from contact forms
Feedback and survey responses

Payment Information (processed by Stripe):

Billing name and address
Payment method details (handled securely by our payment processor)

1.2 Information Collected Automatically

When you visit our website, we automatically collect:

Device and Browser Information:

IP address (anonymized where required by law)
Browser type and version
Operating system
Device type and screen resolution

Usage Information:

Pages visited and time spent
Search queries and prompts viewed
Click patterns and navigation paths
Referral source (how you found us)

Cookies and Similar Technologies:

Session cookies for functionality
Preference cookies for your settings
Analytics cookies for website improvement

For more details, see our Cookie Policy.

1.3 Information from Third Parties

We may receive information from:

Social login providers (Google, GitHub) if you choose to sign in with them
Payment processors for transaction verification
Analytics providers for aggregated usage data

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Providing Our Services

Operating and maintaining the Platform
Processing your account registration
Personalizing your experience
Responding to your inquiries and requests

2.2 Improving Our Services

Analyzing usage patterns and trends
Developing new features and functionality
Fixing bugs and technical issues
Conducting research and analysis

2.3 Communication

Sending service-related notifications
Responding to customer support requests
Sending newsletters (with your consent)
Notifying you of important updates

2.4 Security and Compliance

Protecting against fraud and abuse
Enforcing our Terms of Service
Complying with legal obligations
Responding to legal requests

Sending promotional communications
Displaying relevant content
Conducting surveys and research

If you are in the European Economic Area (EEA), we process your data based on:

Consent: When you opt-in to marketing communications
Contract: To provide services you've requested
Legitimate Interests: For analytics, security, and service improvement
Legal Obligation: To comply with applicable laws

4.1 We Do Not Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We share information with trusted service providers who assist us:

Provider	Purpose	Data Shared
Vercel	Website hosting	Server logs, anonymized analytics
Neon	Database services	Account and usage data (encrypted)
Stripe	Payment processing	Payment information
Resend	Email delivery	Email address, name

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose your information when required to:

Comply with applicable laws or legal processes
Respond to lawful requests from public authorities
Protect our rights, privacy, safety, or property
Enforce our Terms of Service
Prevent fraud or security threats

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and your choices regarding your information.

5. Data Security

5.1 Security Measures

We implement appropriate technical and organizational measures to protect your data:

HTTPS encryption for all data transmission
Encrypted database storage
Regular security audits and updates
Access controls and authentication
Employee training on data protection

5.2 Data Breach Response

In the event of a data breach that affects your personal information:

We will notify affected users within 72 hours (as required by GDPR)
We will notify relevant supervisory authorities
We will take immediate steps to mitigate the breach

5.3 Your Responsibility

You are responsible for:

Keeping your account credentials secure
Using strong, unique passwords
Logging out from shared devices
Reporting any suspicious activity

6. Data Retention

We retain your information for as long as necessary to:

Data Type	Retention Period
Account data	Until account deletion + 30 days
Usage analytics	90 days (anonymized)
Contact form data	2 years or until deletion request
Payment records	7 years (legal requirement)
Marketing preferences	Until consent withdrawal

After the retention period, data is securely deleted or anonymized.

7. Your Privacy Rights

7.1 Rights for All Users

Regardless of your location, you have the right to:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data
Opt-out: Unsubscribe from marketing communications

If you are in the EEA or UK, you also have the right to:

Restriction: Request restriction of processing
Portability: Receive your data in a portable format
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent at any time
Lodge Complaint: File a complaint with a supervisory authority

7.3 California Privacy Rights (CCPA)

California residents have additional rights:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of the sale of personal information
Right to non-discrimination for exercising privacy rights

We do not sell personal information.

7.4 Exercising Your Rights

To exercise your privacy rights:

Email: contact@promptimage.org
Account Settings: Manage preferences in your dashboard
Unsubscribe: Click the unsubscribe link in any email

We will respond to requests within 30 days (or as required by law).

8. Children's Privacy

Our services are not directed to children under 13 (or 16 in the EEA)
We do not knowingly collect personal information from children
If we learn we have collected data from a child, we will delete it promptly
Parents/guardians may contact us to request deletion of a child's data

9. International Data Transfers

Your information may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) for EEA transfers
Data processing agreements with all service providers
Compliance with applicable data protection laws

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies before providing any personal information.

11. Do Not Track Signals

We respect browser "Do Not Track" (DNT) signals. When DNT is enabled:

We disable non-essential tracking
We do not set analytics cookies
We only use necessary functional cookies

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date
Material changes will be notified via email or website notice
Continued use after changes constitutes acceptance

We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

Email: contact@promptimage.org
Website: https://promptimage.org/contact

For GDPR-related inquiries, you may also contact your local data protection authority.

We are committed to protecting your privacy and handling your personal information transparently and responsibly.