Privacy Policy for Promptual

Promptual ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use the Promptual Chrome extension and related services.

1. Information We Collect

We collect only the minimum necessary data to provide our services effectively and securely:

a. Authentication Information

• If you sign in using the extension, we collect an anonymous Firebase User ID and associated metadata (e.g., date created, last login)
• For email/password accounts, we store your email address securely through Firebase Authentication
• Anonymous users receive a temporary identifier that is not linked to any personal information

b. Usage Data

• We track the number of prompts submitted to enforce usage quotas and prevent abuse
• Weekly usage statistics to manage your subscription plan
• Error logs and performance metrics to improve our service

c. Billing Information (Pro Users Only)

• If you upgrade to a paid plan, billing is securely handled via Stripe
• We do not store any credit card information directly
• Stripe's own Privacy Policy applies to payment processing
• We store only your Stripe customer ID to manage your subscription

d. Prompt Content

• Prompts you submit for improvement are temporarily sent to our backend to generate refined prompts using OpenAI
• We do not store prompt content after processing
• Prompts are processed in real-time and immediately discarded
• No prompt content is used for training or analytics purposes

2. How We Use Your Information

We use your information only to:

• Authenticate users and manage user accounts
• Track usage to enforce quota limits and prevent abuse
• Process payments and manage subscriptions
• Improve prompt refinement capabilities and service quality
• Communicate with you if needed (e.g., support or billing-related)
• Comply with legal obligations

We do not sell or rent your personal data to third parties.

3. Data Sharing and Third-Party Services

We use the following trusted services to provide our functionality:

• Firebase (Google) for authentication, backend functions, and database storage
• OpenAI to process and refine your prompts using GPT-4o
• Stripe for subscription and payment handling

All data shared with these services is limited to what is necessary for functionality. Each service has its own privacy policy that governs their handling of your data.

4. Data Security

We take data protection seriously and use industry-standard practices, including:

• HTTPS encryption for all data transmission
• Firebase Authentication and access control
• Least-privilege access on backend systems
• Regular security audits and updates
• Secure cloud infrastructure with Google Cloud Platform

5. Data Retention

• Prompt Content: Not stored - processed and immediately discarded
• Usage Data: Retained for the duration of your account plus 30 days
• Account Information: Retained until account deletion
• Billing Records: Retained as required by law (typically 7 years)

6. Your Rights

You have the right to:

• Access your account data and usage information
• Delete your account and related data at any time
• Export your account data (limited to usage statistics)
• Contact us to inquire about data practices
• Stop using the extension and delete local storage at any time
• Opt out of data collection by using anonymous mode

To exercise these rights, email us at vedran.balagovic@gmail.com.

7. Cookies and Tracking

• We do not use any tracking cookies or third-party trackers within the extension
• Our website may use essential cookies for functionality
• We do not use advertising or analytics cookies
• Local storage is used only for extension functionality (user preferences, temporary data)

8. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data may be processed in countries other than your own, including the United States where our cloud infrastructure is located. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

10. Changes to This Privacy Policy

We may update this policy occasionally to reflect changes in our practices or legal requirements. If we make material changes, we'll notify users via:

• An in-app notification in the extension
• Email notification (if you have provided an email address)
• Updated notice on our website

Continued use of the service after changes constitutes acceptance of the updated policy.

11. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing your data includes:

• Consent: For optional features and communications
• Contract: To provide the service you've requested
• Legitimate Interest: To improve our service and prevent abuse
• Legal Obligation: To comply with applicable laws