Privacy Policy

Prowpt.ai ("Prowpt", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at prowpt.ai and any associated services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1Information We Collect

2How We Use Your Information

We use your information for the following purposes:

• Provide, operate, and maintain the Service
• Process subscriptions, credit purchases, and payments
• Authenticate your identity and manage your account
• Send transactional emails (verification, password resets, payment receipts, subscription changes)
• Improve the Service through analytics and usage patterns
• Respond to support requests and communicate about your account
• Enforce our Terms & Conditions and prevent misuse
• Comply with legal obligations

3Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data based on the following legal grounds:

• Contract performance — to provide the Service you signed up for
• Legitimate interests — to improve the Service, prevent fraud, and ensure security
• Consent — where you have given explicit consent (e.g., optional analytics, marketing emails)
• Legal obligation — to comply with applicable laws and regulations

4Data Sharing & Third Parties

We may share your information with the following categories of service providers, strictly for operating the Service:

• Cloud infrastructure providers (AWS) — for hosting and data storage within the EU (Frankfurt region)
• Payment processors (Stripe) — for subscription and payment processing
• AI model providers (OpenAI, Anthropic, DeepSeek) — prompts and project context are sent for code generation and assistant features; we do not send your personal account information to AI providers
• Email delivery services — for transactional emails
• Analytics tools — anonymized usage data for product improvement (only when consent is given)

We do not sell, rent, or trade your personal information to third parties. We do not share your data for advertising purposes.

5Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax compliance, which may be retained for up to 7 years). Project data (source code, assets, configurations) is deleted when you delete a project or your account. AI conversation logs are retained for up to 90 days for debugging and quality improvement, then permanently deleted.

6Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Restriction — request that we limit the processing of your data
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@prowpt.ai. We will respond within 30 days. If you are in the EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority (in Portugal: CNPD — Comissão Nacional de Proteção de Dados).

7Data Security

We implement industry-standard security measures to protect your data, including: encryption in transit (TLS 1.2+) and at rest (AES-256), secure password hashing (bcrypt), role-based access controls, regular security audits, and infrastructure hosted within the EU (AWS Frankfurt). While no method of transmission over the Internet is 100% secure, we take every reasonable precaution to protect your information.

8International Data Transfers

Our primary infrastructure is hosted in the European Union (AWS eu-central-1, Frankfurt). When data must be transferred outside the EEA (e.g., to AI model providers in the United States), we rely on Standard Contractual Clauses (SCCs) and ensure that recipients maintain adequate data protection standards. We minimize the personal data included in such transfers — AI prompts contain project context and code, not your personal account information.

9Cookies & Local Storage

We use essential cookies and local storage for authentication (session tokens), language preferences, and theme settings. These are strictly necessary for the Service to function and do not require consent. For published apps that enable analytics, we use a consent-first approach: analytics cookies are only set after the end user explicitly grants consent through the cookie banner. We do not use third-party advertising or tracking cookies.

10Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal data, we will delete it promptly. If you believe a child has provided us with their data, please contact us at privacy@prowpt.ai.

11Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: privacy@prowpt.ai. The data controller is PROWPT AI, UNIPESSOAL LDA. (NIPC 519359437), based in Porto, Portugal.