Privacy Policy

We collect the following categories of information:

Account Information

• Email address and display name provided through Google OAuth sign-in.
• Profile photo URL from your Google account (used for display purposes only).
• Account creation date and last login timestamp.

Payment Information

• Payment transactions are processed by Stripe. We do not store your full card number, CVV, or bank account details on our servers.
• We retain records of purchase history (product purchased, amount, date) to manage your account and handle support requests.
• Stripe may store payment method details on your behalf subject to their own privacy policy.

Generated Content

• Images you generate using our AI image generation feature are stored in our cloud storage (Supabase Storage) and associated with your account.
• The text prompts you submit for image generation are stored alongside your generated images.

Usage Data

• Pages visited, features used, and actions taken within the Service.
• Device type, browser type, operating system, and IP address.
• Referral source and session duration.
• Error logs and diagnostic information to help us improve the Service.

We use the information we collect to:

• Create and manage your account and authenticate your identity.
• Process purchases and manage your subscription or credit balance.
• Deliver the Service — including unlocking prompts you have purchased and enabling image generation.
• Store and display your generated images in your account library.
• Send transactional emails (purchase confirmations, account notices). We do not send marketing emails without your consent.
• Improve and debug the Service by analyzing usage patterns and error reports.
• Prevent fraud, abuse, and violations of our Terms of Service.
• Comply with legal obligations.

We rely on the following third-party services to operate PromptDek. Each is subject to its own privacy policy:

• Supabase — database and file storage (including your generated images). Supabase processes data in compliance with GDPR and SOC 2 standards.
• Stripe — payment processing. Stripe is PCI DSS compliant. See stripe.com/privacy.
• OpenAI — AI image generation. Prompts and reference images you submit are sent to OpenAI's API to generate images. See openai.com/privacy.
• Google — OAuth authentication. When you sign in with Google, we receive your name, email, and profile photo from Google. See policies.google.com/privacy.
• Vercel — web hosting and serverless functions. Your requests are routed through Vercel's infrastructure. See vercel.com/legal/privacy-policy.

We do not sell your personal data to any third party, and we do not share your data with third parties for their own marketing purposes.

We use cookies and similar technologies to maintain your session and preferences. Specifically:

• Session cookies: used by Supabase Auth to keep you logged in. These expire when you sign out or when your session token expires.
• Local storage: used to cache authentication tokens client-side.
• We do not currently use third-party advertising or analytics cookies.

You can disable cookies in your browser settings, but doing so may prevent you from signing in or using certain features.

• Account data is retained for as long as your account is active.
• Generated images and prompt history are retained indefinitely unless you request deletion.
• Payment records are retained for a minimum of 7 years for tax and accounting purposes.
• Usage logs are retained for up to 90 days.

You have the right to access, correct, or delete your personal data. To submit a data deletion or export request, email us at promptdek@gmail.com with the subject line “Data Request”. We will respond within 30 days.

You may also delete your account directly from your Account Settings page. Account deletion removes your profile, generated images, and prompt history from our active systems. Residual copies in backups may persist for up to 30 days.

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority.

If you are a California resident, you have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact promptdek@gmail.com.

PromptDek is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at promptdek@gmail.com and we will delete it promptly.

We use industry-standard security measures including TLS encryption in transit, role-based access controls, and environment-variable-protected API keys. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security and encourage you to use a strong, unique password for your Google account.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy. Material changes will be communicated via email where possible.

If you have questions or concerns about this Privacy Policy, please contact us at:

PromptDek
Email: promptdek@gmail.com
Website: promptdek.art