Privacy Policy

1. Introduction

Welcome to PromptIbis. We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI prompt management platform.

Data Controller: PromptIbis
Contact: privacy@promptibis.com

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: For analytics cookies and optional features (you can withdraw consent at any time)
• Contract: To provide our service, including user authentication and prompt storage
• Legitimate Interest: For security, fraud prevention, and service improvement

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

• Name
• Email address
• Profile picture/avatar (optional)
• Authentication provider (Google, Apple, etc.)

Legal basis: Contract (necessary to provide the service)

3.2 Content Data

Data you create and store in our platform:

• AI prompts (title and content)
• Tags and organizational metadata
• Favorites and usage counts

Legal basis: Contract (necessary to provide the service)

3.3 Usage Data (with consent)

If you accept analytics cookies, we collect:

• Pages visited and features used
• Time spent on platform
• Browser and device information
• General location (country/region)

Legal basis: Consent (you can opt out via cookie settings)

3.4 Technical Data

Automatically collected for security and functionality:

• IP address (anonymized after 90 days)
• Browser type and version
• Device type
• Login timestamps

Legal basis: Legitimate interest (security and fraud prevention)

3.5 Subscription & Billing Data

Required to provide PRO plans and handle billing (processed by Stripe):

• Subscription plan and status (FREE/PRO, active state)
• Seat counts and current period dates
• Stripe customer/subscription identifiers
• Payment and invoice details (handled by Stripe)

Legal basis: Contract (to provide the service) and legal obligation (financial recordkeeping)

3.6 Team & Collaboration Data

To support team features in PRO:

• Team membership (member names, emails, roles)
• Pending invitations (invitee email, inviter name, expiry)

Legal basis: Contract (to provide team collaboration features)

3.7 Communications

Operational emails sent via our email provider:

• Welcome emails and PRO upgrade confirmations
• Team invitations and related notifications

Legal basis: Contract and legitimate interest (service communications)

4. How We Use Your Data

• Provide the service: Store and manage your AI prompts
• Authentication: Verify your identity and maintain your session
• Improve features: Understand how users interact with the platform
• Security: Detect and prevent fraud, abuse, and security incidents
• Communications: Send service updates and respond to support requests

We do not sell your personal data. We do not use your prompt content for AI training or any purpose other than providing the service to you.

5. Third-Party Data Processors

We use the following trusted third-party services to operate our platform:

All third-party processors are GDPR-compliant and bound by data processing agreements.

6. Cookie Policy

We use cookies to provide functionality and improve your experience. You can manage your cookie preferences through our cookie consent banner or in your account settings.

7. Data Retention

• Active accounts: Data retained until you delete your account
• Deleted accounts: Personal data anonymized within 24 hours; audit logs retained for 7 years for legal compliance
• Inactive accounts: Accounts inactive for more than 2 years may be deleted with advance notice
• Analytics data: Anonymized analytics retained for up to 2 years
• Billing records: Payment and invoicing records retained for up to 7 years to comply with tax and accounting laws

8. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@promptibis.com. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit: All data transmitted using TLS/HTTPS
• Encryption at rest: Database encryption via MongoDB Atlas
• Access controls: Role-based access and multi-factor authentication
• Regular audits: Security reviews and vulnerability assessments
• Incident response: Documented procedures for data breaches

In the unlikely event of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by GDPR.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. All international data transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• GDPR-compliant data processing agreements
• Adequate safeguards as required by GDPR Article 46

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• Updated "Last modified" date at the top of this page

If changes require new consent (e.g., for cookies), we will re-prompt you with our cookie consent banner.

13. Contact Us & Complaints

For any questions about this Privacy Policy, to exercise your GDPR rights, or to file a complaint:

You also have the right to lodge a complaint with your local data protection authority. For EU residents, find your authority at: edpb.europa.eu