Privacy Policy

1. Who we are and how to contact us

PromptVaults operates the Service and acts as the data controller for personal information collected directly through the Service. Contact us at hello@promptvaults.net.

2. Scope

This Policy covers information we collect online via our website, subdomains, APIs, and public machine-readable files (e.g., resources listed under /ai-json/). It does not cover third-party websites or services linked from the Service.

3. Information we collect

A. Information you provide

• Account and profile data (name, email, password hashes, organization, role).
• Content you submit (prompts, text, files, feedback, support requests).
• Payment information processed by our payment providers (we receive limited billing metadata, not full card numbers).

B. Information collected automatically

• Usage and device data: IP address, browser/OS, referring URLs, pages viewed, session timestamps, clicks, error logs.
• Cookies and similar: session cookies, preference cookies, analytics and performance cookies. See Cookies.
• Server logs and security telemetry: firewall events, rate-limit counters, bot signatures.

C. Information from integrations

• Third-party services you connect (e.g., analytics, storage, identity providers) may share identifiers or tokens necessary to operate the integration.

4. How we use information

• Provide and operate the Service, including authentication, personalization, and feature delivery.
• Secure the Service, prevent fraud/abuse, enforce terms, and maintain availability.
• Measure performance, debug issues, and improve products (analytics, A/B testing, quality checks).
• Communicate with you about updates, billing, support, and security notices.
• Comply with law, respond to lawful requests, and protect our rights and users.

5. Legal bases (EEA/UK)

Where GDPR or UK GDPR applies, we rely on the following legal bases: contract (to provide the Service), legitimate interests (security, improvement, fraud prevention), consent (non-essential cookies/marketing where required), and legal obligation (compliance with law).

6. How we share information

• Service providers that perform services on our behalf (hosting, storage, logging, analytics, email delivery, payments, customer support). They access information only to perform services for us and under appropriate safeguards.
• Legal and safety disclosures to comply with law, enforce terms, or protect rights, property, or safety.
• Business transfers in connection with a merger, acquisition, financing, or sale of assets.

We do not sell personal information in the traditional sense. For California and similar jurisdictions, we do not “sell” or “share” personal information for cross-context behavioral advertising.

7. Public and machine-readable content

We may publish public machine-readable files for developer or AI consumption (e.g., a manifest at /ai-json/index.json). These datasets are intended for indexing and search with attribution to source URLs. Do not include personal information in content you make public.

8. Retention

We keep information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by category (e.g., billing records may be retained for tax and accounting requirements).

9. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit, access controls, least-privilege practices, and regular logging/monitoring. No system is perfectly secure; you are responsible for maintaining the confidentiality of your credentials and promptly notifying us of any suspected compromise.

10. Your choices

• Account settings: update profile information, passwords, and preferences where available in the product UI or by contacting us.
• Emails: you can opt out of non-transactional emails using unsubscribe links or by contacting us.
• Cookies: adjust browser settings to block or delete cookies, and use any cookie controls we provide. Some features may not function without cookies.

11. Your privacy rights

Your rights depend on your jurisdiction and may include:

• Access, correction, deletion, and portability of personal information.
• Objection or restriction to certain processing.
• Withdrawal of consent where processing is based on consent.
• Appeal of decisions in certain US states if we decline your request.

To exercise rights, email hello@promptvaults.net. We may need to verify your identity and jurisdictional residency. Authorized agents may submit requests as permitted by law with proof of authorization.

California residents: We honor rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information where applicable. We do not sell or share personal information for cross-context behavioral advertising.

EEA/UK residents: You may lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can address your concerns.

12. “Do Not Track” and global privacy controls

We do not currently respond to browser “Do Not Track” signals. Where required by law, we will treat recognized global privacy control signals as opt-out requests for relevant processing categories.

13. Children’s privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will take appropriate steps to remove it.

14. International data transfers

We may transfer, store, and process information in countries other than your own, including the United States. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

15. Cookies and similar technologies

We use cookies and similar technologies to operate and improve the Service.

Types of cookies

• Strictly necessary: essential for login, security, and core features.
• Functional: remember preferences and settings.
• Analytics: measure usage and performance (aggregated metrics and crash reports).
• Optional: where offered, features like embedded media or experiments.

You can manage cookies through your browser settings and any controls we provide. Blocking cookies may impact functionality.

16. Automated decision-making

We do not make decisions with legal or similarly significant effects based solely on automated processing. Certain features may rank or prioritize content automatically to improve usability and security.

17. Changes to this Policy

We may update this Policy from time to time. We will post the revised version at /privacy with an updated effective date. Material changes may also be communicated by additional notice.

18. Contact

Questions or requests regarding privacy can be sent to hello@promptvaults.net.

19. Jurisdiction

This Policy is governed by the laws of the State of Michigan, USA, without regard to conflict of laws principles. Disputes are subject to the exclusive jurisdiction of the state and federal courts located in Eaton County, Michigan, unless otherwise required by applicable law.