Privacy Policy
Last updated: January 7, 2026
Our Commitment
PromptVault is committed to protecting your privacy and handling your data responsibly. This policy explains how we collect, use, and safeguard your information in accordance with global privacy regulations and AI ethics frameworks.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address - For account identification and communication
- Password - Stored securely using bcrypt hashing (we never store plain text passwords)
- Subscription status - To manage your access level
1.2 Payment Information
Payment processing is handled by Stripe. We do not store your credit card details. Stripe may collect:
- Credit/debit card information
- Billing address
- Transaction history
See Stripe's Privacy Policy for details.
1.3 Usage Data
We automatically collect:
- Prompts you unlock and access
- Feature usage patterns
- Browser type and device information
- IP address (for security purposes)
2. How We Use Your Information
| Purpose |
Legal Basis (GDPR) |
| Provide and maintain the service |
Contract performance |
| Process payments and subscriptions |
Contract performance |
| Send service-related communications |
Legitimate interest |
| Improve our products and services |
Legitimate interest |
| Prevent fraud and abuse |
Legitimate interest |
| Comply with legal obligations |
Legal obligation |
3. AI and Data Processing
3.1 AI Transparency
PromptVault provides AI prompt templates. We are transparent about our AI practices:
- No AI training on user data: We do not use your personal data to train AI models
- Third-party AI services: Our prompts are designed for use with third-party AI services (ChatGPT, Claude, etc.). When you use our prompts with these services, their respective privacy policies apply
- Prompt content: The prompts we provide are created by humans and do not contain AI-generated personal data
3.2 AI Risk Management Principles
Following NIST AI RMF guidelines, we commit to:
- Transparency: Clear disclosure of how AI is used in our service
- Accountability: Defined responsibility for AI-related decisions
- Privacy enhancement: Minimizing data collection and protecting user privacy
- Fairness: Ensuring our prompts do not promote bias or discrimination
4. Data Sharing and Third Parties
We share data only with:
We do not sell your personal information to third parties.
5. Data Security
We implement industry-standard security measures:
- Encrypted data transmission (HTTPS/TLS)
- Secure password hashing (bcrypt)
- Regular security assessments
- Limited access to personal data
- Secure session management with JWT tokens
6. Your Rights
6.1 GDPR Rights (EU/EEA Users)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
6.2 CCPA Rights (California Users)
- Know: What personal information we collect
- Delete: Request deletion of your information
- Opt-out: Of the sale of personal information (we do not sell data)
- Non-discrimination: Equal service regardless of exercising rights
To exercise your rights, contact us at: legal@promptstash.online
7. Data Retention
We retain your data for:
- Account data: Duration of your account plus 30 days after deletion
- Payment records: 7 years (legal/tax requirements)
- Usage logs: 90 days
8. Cookies and Tracking
We use minimal cookies:
- Essential cookies: Session management and authentication
- Preference cookies: Remember your settings (e.g., theme preference)
We do not use third-party tracking or advertising cookies.
9. International Data Transfers
Your data may be processed in the United States. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) where applicable
- Working with service providers who maintain adequate data protection
10. Children's Privacy
PromptVault is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.
11. Changes to This Policy
We may update this policy periodically. We will notify you of significant changes via email or prominent notice on our website. Continued use after changes constitutes acceptance.
12. Contact Us
For privacy-related inquiries:
- Email: legal@promptstash.online
- Response time: Within 30 days