Privacy Policy

1. The short version

We collect only what we need to run the product: the email address and Google profile name attached to your sign-in, the prompts and custom styles you choose to save, and basic usage metrics that help us improve. We never sell personal data. Your API keys for image-model providers stay in your browser; they are not transmitted to or stored by us.

2. What we collect

• Account data. Email, Google display name, OAuth provider ID. Stored in our Supabase database for the lifetime of your account.
• Content you create. Prompts, custom styles, generation history and any share cards or gallery submissions you choose to save. Tied to your account in Supabase.
• Local-only data. Your model API keys, in-progress prompt drafts and recent local history live in your browser's localStorage / IndexedDB only. They never reach our servers.
• Usage telemetry. Page views, button clicks and basic device info via privacy-respecting analytics. We do not use any advertising trackers.
• Logs. Server-side request logs are kept for up to 30 days for security and debugging.

3. How we use it

• To authenticate you and operate the service;
• To save and sync the prompts, styles and cards you create;
• To improve features and fix bugs based on aggregate usage patterns;
• To respond to support requests;
• To detect and respond to abuse, fraud or security incidents.

4. Subprocessors

We use a small set of third parties to run the product. Each is contractually bound to handle data with appropriate safeguards.

• Vercel — hosting and edge runtime.
• Supabase — authentication and database.
• Google — OAuth sign-in.
• Vercel Analytics / PostHog — privacy-respecting product analytics.
• Sentry — error monitoring (when enabled).

5. Bring-your-own API keys

When you generate images, your browser calls the chosen model provider (e.g. OpenAI, Replicate, Stability AI, Ideogram, Black Forest Labs, Google) directly using the API key you supplied. We are not in the request path. We do not see, log, store or transmit your API keys. If you clear your browser storage, those keys are gone — re-enter them in Settings.

6. Cookies

We use a small number of strictly-necessary cookies to keep you signed in (set by Supabase) and to measure aggregate page views. We do not use advertising or cross-site tracking cookies.

7. Your rights

You can access, export, correct or delete your account data at any time. Emailhello@promptarchitect.io and we'll respond within 30 days. Residents of the EU/UK and California have the additional rights granted by GDPR / CCPA, including the right to lodge a complaint with a supervisory authority.

8. Data retention

Account data and saved content live until you delete them or close your account. Server logs are kept up to 30 days. Aggregate analytics are retained in summarised form indefinitely.

9. Children

Prompt Architect is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

10. Changes

We may update this Policy. Material changes will be announced in the app or by email. The “Last updated” date at the top reflects the current version.

11. Contact

Privacy questions or requests: hello@promptarchitect.io.