Privacy Policy

1. Introduction

PromptMaster is a personal portfolio and pre-revenue software project operated by Ali Emre Aksoy. This privacy policy explains how we collect, use, store, and protect your personal data when you use our service.

We are committed to protecting your privacy and handling your data transparently and in accordance with the General Data Protection Regulation (GDPR).

2. Data We Collect

When you use PromptMaster, we collect the following data:

• Account information: email address, authentication provider (email/password, Google, or GitHub)
• App ideas: the free-text descriptions you submit for prompt generation (20 to 5,000 characters)
• Preferences: your selected AI tool, experience level, budget, and timeline for each generation
• Generated outputs: the prompts, roadmaps, research, and safety notices produced by our service
• Moderation results: automated content safety scores and flags for your submitted ideas
• Usage data: generation counts and timestamps for rate limiting purposes

3. How We Use Your Data

We use your data for the following purposes:

• Service delivery: processing your ideas through our generation pipeline to produce prompts, roadmaps, and analyses
• Content moderation: automatically screening submitted ideas for harmful or unsafe content
• Rate limiting: tracking generation counts to enforce fair usage limits
• Account management: authentication, plan status, and subscription management

We do not sell your data to third parties. We do not use your ideas to train AI models. Your generated outputs belong to you.

4. Lawful Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal grounds:

• Contract performance (Art. 6(1)(b)): processing your account data, ideas, and preferences is necessary to provide the generation service you request when using PromptMaster.
• Legitimate interest (Art. 6(1)(f)): content moderation, rate limiting, and security logging are carried out to protect the service and its users from abuse. These processing activities are proportionate and do not override your fundamental rights.
• Consent (Art. 6(1)(a)): where you voluntarily provide your email address for the waitlist. You may withdraw consent at any time by contacting us.
• Legal obligation (Art. 6(1)(c)): where we are required to retain certain data to comply with applicable law.

5. Third-Party Services (Sub-processors)

To provide our service, we share data with the following third-party processors:

6. Data Residency

Your primary data (account, generations, moderation logs) is stored in the European Union (Frankfurt, Germany) via Supabase.

When you submit an idea for generation, the text of your idea is transmitted to OpenAI's API servers in the United States for processing. This transfer is necessary to provide the generation service and is covered by OpenAI's Data Processing Agreement.

7. Data Retention

Your account data and generation history are retained for as long as your account exists. You can delete individual generations from your history at any time.

When you delete your account, all associated data is permanently removed, including your profile, all generations, and all moderation logs. This deletion is irreversible.

8. Your Rights Under GDPR

As a data subject, you have the following rights under the General Data Protection Regulation:

• Right of access: you may request a copy of the personal data we hold about you
• Right to rectification: you may request correction of inaccurate data
• Right to erasure (Art. 17): you may delete your account and all associated data from your Settings page
• Right to data portability: you may request your data in a portable format
• Right to restrict processing: you may request that we limit how we process your data
• Right to object: you may object to the processing of your personal data

To exercise any of these rights, please contact us at the email address provided below.

9. Cookies

PromptMaster uses only essential cookies required for the service to function:

• Authentication session cookies: managed by Supabase Auth to keep you logged in
• Cookie consent preference: stored in your browser's local storage to remember your consent choice
• Theme preference: stored in your browser's local storage to remember your light/dark mode choice

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

10. Content Moderation

All submitted ideas are automatically screened using OpenAI's Moderation API before being processed. This is a safety measure to prevent the generation of harmful, illegal, or abusive content.

If the moderation API is temporarily unavailable, your idea will be blocked (fail-closed policy) and you will be asked to try again. Moderation results, including safety scores and flagged categories, are logged for auditing purposes.

There is currently no human review process. All moderation decisions are automated.

11. Children's Privacy

PromptMaster is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the “Effective date” at the top of this page. We encourage you to review this page periodically.

13. Contact

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at:

info@prompt-master.dev