Privacy Policy
This Privacy Policy explains how PromptL ("we", "the app") collects, uses, and protects your information when you use the PromptL app and website at promptl.app.
PromptL is built with privacy in mind. We operate under the EU General Data Protection Regulation (GDPR) and prioritize keeping your data secure and accessible only to you.
The data controller responsible for your data is:
Healcy.App UG (haftungsbeschränkt)
Anna-Zammert-Allee 4
37073 Göttingen
Germany
Email: privacy@promptl.app
3.1 Account Information
When you create an account, we collect your email address and password (stored as a secure hash — never in plain text).
3.2 User-Generated Content
Content you create and save in the app, such as prompts, tags, and collections. This data is stored securely and is only accessible by you.
3.3 Usage Data
To improve the app, we securely collect limited anonymous usage metrics (features used) and crash reports. We do not collect advertising identifiers (IDFA).
3.4 Subscription Data
Payments and subscriptions are processed by Apple. We do not receive or store your payment details. Subscription statuses are managed via RevenueCat.
3.5 Local Storage
PromptL stores a local cache of your prompts on your device. This stays on your device and ensures fast, offline capable access.
- To provide and sync your prompt library across devices.
- To authenticate your account securely.
- To manage your subscription status.
- To improve app performance, stability, and fix bugs.
- To respond to support requests.
Legal basis (GDPR): Art. 6(1)(b) — contract performance; Art. 6(1)(f) — legitimate interests (security, bugs); Art. 6(1)(a) — consent.
We utilize the following services to run PromptL. All providers are bound by Data Processing Agreements in accordance with the GDPR:
Supabase (Backend & Database)
Accounts and prompt data are securely stored using Supabase PostgreSQL databases hosted in the EU (Frankfurt region). Data is protected using strict Row Level Security policies.
RevenueCat (Subscriptions)
Manages subscription entitlements. Only receives anonymized App Store receipts. No personal payment data is shared.
Sentry (Crash Reporting)
Collects anonymized crash logs to help identify and fix app issues. No private prompts are sent to or stored in Sentry.
PostHog (Analytics)
Used for minimal, anonymized in-app product analytics based purely on consent. No prompt text is included.
OpenAI (AI-Assisted Features)
When you explicitly use AI features to tag or refine prompts, text fragments may be sent to the OpenAI API. OpenAI does not use API data to train its models.
We retain your data for as long as your account remains active.
Account Deletion: You have full control. You can permanently delete your account directly from the app’s settings at any time or by contacting us. Once deleted, all associated data and prompts are permanently wiped from our databases.
Data in transit is encrypted using TLS. Your data at rest is stored in isolated Supabase environments utilizing highly restrictive Row Level Security (RLS) policies. Only an authenticated request directly from your active session can retrieve your prompts.
- Right of access to request a copy of your personal data.
- Right to rectification to correct inaccurate data.
- Right to erasure to delete your data footprint.
- Right to restriction of processing.
- Right to data portability.
- Right to object to legitimate interest processing.
- Right to withdraw your consent at any point without penalty.
To exercise any of these, contact us at privacy@promptl.app.
California residents have the right to know and the right to delete their personal data. We do not under any circumstances sell personal information to third parties.
If you have any questions or privacy-related requests, please contact:
privacy@promptl.app