Privacy Policy

PROMITLY ("we", "us", "our") operates the website at promitly.com — an AI prompt library. Our servers are hosted in the European Union (Ireland, AWS eu-west-1) via Supabase.

For data protection enquiries, contact us here.

When you create an account, we collect:

• Your email address — used to verify your identity and send account-related emails only.
• Your name — stored as provided during signup (optional display name).
• Your saved prompt IDs — a list of which prompts you have bookmarked.
• Account creation timestamp — used to calculate account age.

We do not collect payment information, location data, browsing history, or device fingerprints. We do not use third-party advertising trackers.

We process your data for the following purposes:

• Account authentication — to let you sign in and access your account.
• Service delivery — to save and retrieve your bookmarked prompts.
• Security — to protect against abuse, fraud, and unauthorised access.
• Legal compliance — to meet our obligations under applicable law.

Legal basis under GDPR: contract performance (Article 6(1)(b)) for account features, and legitimate interests (Article 6(1)(f)) for security and service integrity.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your data is stored securely in Supabase (PostgreSQL database hosted in the EU). Access is protected by:

• Row Level Security (RLS) — you can only access your own data, enforced at the database level.
• Encrypted connections — all data is transmitted over HTTPS/TLS.
• Hashed passwords — passwords are never stored in plain text (handled by Supabase Auth).

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 24 hours.

If you are located in the European Economic Area, you have the following rights:

• Right of access — request a copy of the data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure ('right to be forgotten') — delete your account and all data instantly from the Account page, or by contacting us.
• Right to data portability — receive your data in a machine-readable format.
• Right to restrict processing — ask us to stop processing your data while a dispute is resolved.
• Right to object — object to processing based on legitimate interests.
• Right to lodge a complaint — with your national data protection authority (e.g. ICO in the UK, CNIL in France).

To exercise any right, contact us here. We will respond within 30 days.

Delete your account instantly: Go to Account → Delete account. Your account and all data are permanently removed immediately.

We use only essential cookies required for authentication (session tokens set by Supabase Auth). These are strictly necessary and cannot be opted out of while using an account.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

We use the following sub-processors to operate the service:

• Supabase (database, authentication) — EU-hosted, GDPR-compliant. Privacy policy: supabase.com/privacy
• Vercel (hosting) — used to serve the website. Privacy policy: vercel.com/legal/privacy-policy

All sub-processors are contractually bound to handle data in compliance with GDPR.

Your data is stored and processed within the European Union. If any data is transferred outside the EU, we ensure adequate safeguards are in place (Standard Contractual Clauses or equivalent).

PROMITLY is not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance.

For any privacy-related questions, data access requests, or deletion requests:

Contact us →

We aim to respond to all requests within 5 business days and are legally required to respond within 30 days.