Privacy Policy

Last updated: June 2026

Note: This is an English translation provided for informational purposes. In case of any conflict between this document and the German Datenschutzerklärung, the German version governs.

1. Introduction

This Privacy Policy explains how PromptL ("we", "I", "the app") collects, uses, and protects your information when you use the PromptL iOS app and website at promptl.app.

PromptL is a personal project. Your privacy matters. This policy applies to all users of the PromptL app and website.

2. Data Controller

The data controller responsible for your data is:

Carina Nasir
Anna-Zammert-Allee 4
37073 Göttingen
Germany
Email: support@promptl.app

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

Email address
Password (stored as a secure hash — never in plain text)
Optional display name

3.2 User-Generated Content

Content you create and save in the app:

Prompts (title, content, tags, category)
Collections
Usage history (copy counts, view counts)

This data is stored in your account and synced to our backend. It is only accessible by you.

3.3 Usage Data

We collect limited anonymous usage data to improve the app:

App features used (e.g. copy prompt, search)
Crash reports and error data
Device type and iOS version (anonymized)
Device identifier (IDFV — Identifier for Vendor, a non-advertising identifier used to associate crash reports and analytics with a single device, without identifying you personally)

PromptL does not use push notifications and does not collect your advertising identifier (IDFA).

3.4 Subscription Data

If you purchase a PromptL Pro subscription, payment is processed by Apple via the App Store. We do not receive or store your payment card details. Subscription status is managed via RevenueCat (see Section 5).

3.5 Local Storage

The app stores a local cache of your prompts on your device using AsyncStorage. This data stays on your device and is not shared with third parties.

4. How We Use Your Data

To provide and sync your prompt library across your devices
To authenticate your account securely
To manage your subscription status
To improve app performance and fix bugs
To respond to your support requests

Legal basis (GDPR): Art. 6(1)(b) — performance of a contract; Art. 6(1)(f) — legitimate interests (security, bug fixing); Art. 6(1)(a) — consent where applicable.

5. Third-Party Services

PromptL uses the following third-party services:

Supabase (Backend & Database)

Supabase Inc. Your account data and prompts are stored in a Supabase PostgreSQL database with Row Level Security — only you can access your data. Data is processed on EU servers (Frankfurt region); no cross-border transfer to the USA. A Data Processing Agreement (DPA) is in place per Art. 28 GDPR.

supabase.com/docs/guides/platform/dpa

RevenueCat (Subscription Management)

RevenueCat, Inc., 633 Tasman Drive, San Jose, CA 95134, USA. RevenueCat manages subscription entitlements. It receives your anonymized App Store receipt and assigns subscription status. No payment data is shared with RevenueCat. Transfer to the USA via SCCs (Art. 46(2)(c) GDPR).

revenuecat.com/privacy

Sentry (Crash Reporting)

Sentry, Inc., 45 Fremont Street, San Francisco, CA 94105, USA. Sentry collects crash reports and error data to help us improve app stability. Data collected: stack traces, device type, iOS version, app version, anonymized user ID. No prompt content is included. Retention: 90 days. Transfer to the USA via SCCs (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in app stability). The legitimate interest is app stability and security for all users. Data collection is minimal (no prompt content, pseudonymized IDs only) and users benefit directly from the resulting stability improvements. This interest is not overridden by user privacy interests given the minimal nature of data processed.

sentry.io/privacy

PostHog (In-App Analytics)

PostHog, Inc., 2261 Market Street, San Francisco, CA 94114, USA. PostHog is used for in-app product analytics to understand feature usage and improve the app. Data collected: anonymized usage events, feature interactions, device type, iOS version. No personal content (prompt text) is included. Transfer to the USA via SCCs (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(a) GDPR (consent). PostHog is only initialized after you provide explicit consent on first app launch. You may withdraw consent at any time in app settings.

posthog.com/privacy

OpenAI (AI-Assisted Tagging)

OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA. When you use the optional AI tagging feature, text fragments of your prompt are sent to the OpenAI API to generate tag suggestions. OpenAI does not use API inputs for model training by default. Transfer to the USA via OpenAI DPA and SCCs (Art. 46(2)(c) GDPR). Legal basis: Art. 6(1)(a) GDPR (consent). Explicit consent is obtained before the AI tagging feature is first used. You may disable this feature at any time.

openai.com/policies/privacy-policy

Apple App Store (Payments & Platform)

All in-app purchases and subscriptions are processed by Apple. Apple's privacy policy governs the payment process. We do not receive your payment details. Additionally, Apple independently collects certain data through the App Store platform itself (such as download activity, app usage statistics, and diagnostics) governed solely by Apple's own privacy policy, over which we have no control.

apple.com/legal/privacy

Hostinger (Website Hosting)

Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. The promptl.app website is hosted by Hostinger. Server logs (IP address, access time, browser) are stored for up to 30 days.

hostinger.com/privacy-policy

iOS Extensions

iOS Share Extension

The Share Extension lets you save text from other apps directly into PromptL. It only receives text that you explicitly share. This text is stored in your PromptL account (Supabase, EU servers). No data is sent to third parties beyond what is already used for normal app operation.

iOS Keyboard Extension

Keystrokes do NOT leave your device. The Keyboard Extension only displays your saved PromptL prompts for quick access — it does not log, read, or transmit any keystrokes or text you type. All data remains local to your device.

Data Processing Agreements: DPAs per Art. 28 GDPR are in place (or will be concluded before production use) with all processors acting on our behalf: Supabase, PostHog, Sentry, and RevenueCat.

6. Data Retention

Account data and prompts are retained while your account is active. Accounts inactive for 24 months (no login) will be flagged: you will receive an email notification, and if no login occurs within 30 days of notification, the account and all data will be permanently deleted.
Account deletion: You can delete your account directly inside the app at any time — go to Profile → Settings → Delete Account. Alternatively, email support@promptl.app and we will delete your account manually. Upon deletion, all your personal data (account info, prompts, collections) is permanently removed within 30 days.
Server logs are deleted after 7–30 days.
Local device cache is cleared when you uninstall the app.

7. Data Security

All data in transit is encrypted via TLS/HTTPS. Your data at rest is stored in Supabase with Row Level Security (RLS) policies, ensuring only your account can read or modify your prompts and collections.

Passwords are never stored in plain text. Authentication is handled by Supabase Auth using industry-standard hashing.

8. Your Rights

Under GDPR you have the following rights:

Right of access (Art. 15 GDPR) — request a copy of your personal data.
Right to rectification (Art. 16 GDPR) — correct inaccurate data.
Right to erasure (Art. 17 GDPR) — request deletion of your data.
Right to restriction (Art. 18 GDPR) — limit how we process your data.
Right to data portability (Art. 20 GDPR) — receive your data in a portable format.
Right to object (Art. 21 GDPR) — you may object at any time to processing based on Art. 6(1)(f) (legitimate interests). To do so, contact us at support@promptl.app stating the specific processing you wish to object to. We will cease that processing unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent (Art. 7(3) GDPR) — where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal. For analytics consent, you can adjust settings within the app. For website cookie consent, use "Cookie-Einstellungen" in the footer.

To exercise any of these rights, contact us at: support@promptl.app

9. Children's Privacy

PromptL is not directed at children under 16. We do not knowingly collect personal information from children under 16 (Art. 8 GDPR / § 8 BDSG). If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to delete — request deletion of your personal information (subject to certain exceptions).
Right to opt out of sale — we do not sell your personal information to third parties.
Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise your California rights, contact us at: support@promptl.app

11. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our location is:

Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover
Germany
lfd.niedersachsen.de

12. Changes to This Policy

We may update this Privacy Policy as the app evolves. Material changes will be communicated via the app or by email. The current version is always available at promptl.app/privacy.

13. Contact

For any privacy-related questions or requests, please reach out at:
support@promptl.app

Version: June 2026