Privacy Policy
Last updated: May 14, 2026
Table of Contents
1. Information We Collect
We collect information you provide directly to us, including:
- Account information: Name, email address, and password when you register
- Profile information: Any additional information you add to your profile
- Payment information: Handled entirely by Stripe. We do not store credit card numbers, bank account details, or CVV codes. See Section 6 for details.
- Content you submit: Prompts you submit, messages you send through the contact form, and any other content you voluntarily provide
- AI input data: When you use our AI tools, the prompts and content you submit are sent to our AI provider (Groq) for processing. We do not store the content of AI tool requests beyond logging for service stability and abuse prevention purposes.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process payments and manage subscriptions
- Send you account-related emails (confirmations, receipts, password resets)
- Respond to your comments, questions, and support requests
- Monitor usage patterns and detect technical issues
- Prevent fraud, abuse, and prohibited activity
- Send you marketing communications (only with your consent, and you can unsubscribe at any time)
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area, we process your personal data only when we have a valid legal basis, including:
- Contract performance: Processing necessary to fulfill our contract with you (provide the Service, process payments)
- Legitimate interests: Fraud prevention, security, and improving the Service (balanced against your rights)
- Consent: Marketing communications, optional cookies. You can withdraw consent at any time.
4. Cookies & Tracking
We use cookies and similar tracking technologies to operate our Service. A cookie banner on your first visit lets you choose which cookies to accept.
Essential cookies are always active and cannot be disabled. They are required for the Service to function โ including session management, authentication, and security.
Analytics cookies help us understand how visitors use the site. We use this data to improve the user experience.
Marketing cookies are used to deliver relevant advertisements. We do not run third-party ads on PromptVault; these are used for our own promotional communications.
You can change your cookie preferences at any time by contacting us. Note that disabling analytics or marketing cookies will not affect your access to the Service.
5. Data Sharing
We do not sell your personal information. We share data only in the following circumstances:
- Service providers: We share data with trusted third-party services who help us operate โ including Stripe (payments), Groq (AI processing), and our hosting provider. Each is contractually bound to protect your data.
- Legal requirements: We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights or prevent fraud.
- Business transfers: If PromptVault is acquired or merged, user data may be transferred as part of the transaction under the same privacy protections described here.
6. Stripe & Payments
Payment processing is handled entirely by Stripe, Inc. When you subscribe or make a purchase, you are redirected to Stripe's secure payment page. We never see or store your credit card number, expiry date, or CVV.
Stripe may share certain transaction data with us, including the last 4 digits of your card, the transaction date and amount, and a transaction ID. This information is stored in our database for billing records and to manage your subscription status.
For full details on how Stripe handles your data, see Stripe's Privacy Policy.
7. Data Retention
We retain your personal information for as long as your account is active, or as needed to provide the Service. If you cancel your account, we retain your data for a period of 90 days after cancellation for the following purposes:
- To process any pending refunds
- To respond to support requests
- To prevent fraud or abuse
After 90 days, your account data is deleted or anonymized, except for transaction records which we retain for 7 years to comply with financial reporting obligations.
8. Security
We take security seriously. We use SSL/TLS encryption on all data transmission. Your passwords are hashed using secure one-way hashing โ we cannot read your plain-text password. Payment data is handled exclusively by Stripe's PCI-DSS compliant infrastructure.
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate or incomplete data
- Deletion: Request that we delete your personal data (subject to legal retention requirements)
- Portability: Request your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent for optional processing at any time
To exercise any of these rights, email . We'll respond within 30 days. If you're unsatisfied with our response, you may file a complaint with your local data protection authority.
California (CCPA): We do not sell personal information. California residents have the right to request disclosure of data shared with third parties.
10. Children's Privacy
PromptVault is not intended for users under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor without parental consent, we will delete that information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we'll update the "Last updated" date and notify you via email. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
12. Contact
Data Controller: PromptVault
Email:
Website: https://aiprosecrets.com