Skip to main content

Privacy Policy

Last updated: April 10, 2026

PromptReports.ai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform at promptreports.ai (the "Service"). This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored as a salted hash — we never store plaintext passwords)
  • Profile information you choose to provide (avatar, bio, organization)
  • Authentication data from third-party OAuth providers (Google, GitHub) if you use social login

1.2 Usage Data

We automatically collect:

  • IP address and approximate geolocation (country/region level)
  • Browser type, operating system, and device information
  • Pages visited, features used, and time spent on the platform
  • Referral sources and search queries that led you to our site
  • Error logs and performance metrics

1.3 Research Content

When you use the Service, we process:

  • Research queries and prompts you submit
  • Documents and files you upload for analysis
  • Reports generated through the Service
  • Custom templates, workflows, and prompt configurations
  • Marketplace listings and associated metadata

1.4 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. We receive from Stripe a tokenized reference, the last four digits of your card, card brand, expiration date, and billing address for record-keeping and fraud prevention.

2. How We Use Your Information

We use your information to:

  • Provide and improve the Service: Generate reports, run verifications, process marketplace transactions, and deliver features you request.
  • Authenticate and secure your account: Verify your identity, prevent fraud, and protect against unauthorized access.
  • Process payments: Manage subscriptions, per-report purchases, and marketplace payouts through Stripe.
  • Communicate with you: Send service-related notifications, respond to support requests, and deliver product updates (with your consent for marketing communications).
  • Analyze and improve: Understand how users interact with the platform, identify bugs, and improve our AI models and verification pipeline.
  • Comply with legal obligations: Fulfill tax reporting requirements, respond to lawful requests from authorities, and enforce our Terms of Service.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you have subscribed to, including report generation, verification, and marketplace transactions.
  • Legitimate interests (Art. 6(1)(f)): Analytics, fraud prevention, platform security, and service improvement, where these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): Marketing communications, non-essential cookies, and optional data processing. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): Tax reporting, responding to lawful data requests, and compliance with applicable regulations.

4. Data Retention

  • Account data: Retained for the duration of your account. After account deletion, personally identifiable data is purged within 30 days, except as required by law.
  • Research content: Your reports and research data are retained while your account is active. After deletion, content is removed within 30 days unless it has been published on the marketplace (in which case buyer access is maintained).
  • Usage logs: Aggregated and anonymized after 90 days. Raw logs containing personal identifiers are deleted after 90 days.
  • Payment records: Retained for 7 years as required by tax and financial regulations.
  • Support communications: Retained for 2 years after resolution for quality assurance and legal purposes.

5. Third-Party Services

We share data with the following third-party service providers, each of which processes data under their own privacy policies:

ProviderPurposeData Shared
OpenRouter.aiAI model inference for report generation and verificationResearch queries, prompts, and content for AI processing
StripePayment processing and subscription managementName, email, payment method, billing address, transaction amounts
VercelApplication hosting and edge deliveryIP addresses, request metadata, performance data
UpstashRedis caching and rate limitingSession tokens, rate limit counters, cached query results
Google AnalyticsWebsite analytics and usage measurementAnonymized usage data, page views, device information (with consent)

We require all third-party service providers to maintain appropriate security measures and to process your data only as instructed by us. We do not sell your personal data to any third party.

6. Your Rights

Under the GDPR and applicable privacy laws, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, machine-readable format.
  • Right to Restriction (Art. 18): Request that we limit the processing of your personal data.
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@promptreports.ai. We will respond within 30 days. If you are in the EU, you also have the right to lodge a complaint with your local supervisory authority.

7. Cookie Policy

We use the following types of cookies:

  • Essential cookies: Required for authentication, security, and basic platform functionality. These cannot be disabled.
  • Analytics cookies: Used by Google Analytics to measure how you interact with the platform. These are set only with your consent.
  • Preference cookies: Store your settings such as theme preference and cookie consent choice.

You can manage cookie preferences through the cookie consent banner displayed on your first visit, or by adjusting your browser settings. Note that disabling essential cookies may prevent the Service from functioning correctly.

8. International Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. When transferring data outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms to ensure an adequate level of data protection.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@promptreports.ai.

10. Data Security

We implement industry-standard security measures to protect your personal data, including encryption in transit (TLS 1.2+), encryption at rest for sensitive data, regular security audits, role-based access controls, and automated vulnerability scanning. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related inquiries, data subject requests, or complaints:

PromptReports.ai
Email: privacy@promptreports.ai
General support: support@promptreports.ai
Website: promptreports.ai/contact