PromptGen AI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at https://promptgen-ai.com.
1. Information We Collect
1.1 Information You Provide
- Email address — collected when you sign in via Google OAuth.
- Google account information — your name, profile picture, and Google ID, as provided by Google during authentication.
- Uploaded images — images you upload for analysis. These are processed in memory and deleted immediately after analysis. We do not store your images.
1.2 Information Collected Automatically
- Usage data — number of analyses performed, credits used, and subscription plan.
- Log data — IP address, browser type, pages visited, and timestamps, collected for security and debugging purposes.
- Cookies — session and preference cookies (see Section 5).
1.3 Payment Information
We do not collect or store payment card information. All payment processing is handled by Paddle (our payment processor). We receive only transaction confirmations and subscription status from Paddle.
2. How We Use Your Information
- To provide, operate, and maintain the PromptGen AI service.
- To authenticate your identity via Google OAuth.
- To manage your subscription, credits, and billing.
- To send you service-related emails (account notifications, billing receipts).
- To improve and optimize our AI models and service performance.
- To detect and prevent fraudulent or abusive use of the service.
- To comply with legal obligations.
3. Third-Party Service Providers
We share your information with the following third parties only as necessary to operate the service:
| Provider |
Purpose |
Data Shared |
| Google OAuth |
User authentication |
Email, name, profile picture, Google ID |
| Supabase |
Database & backend infrastructure |
User profile, usage data, subscription status |
| Paddle |
Payment processing & subscription management |
Email, subscription plan, billing events |
| Google Gemini API |
AI image analysis |
Uploaded image (transient, not stored by us) |
We do not sell your personal data to third parties.
4. Image Data
Images you upload are sent to our AI analysis pipeline for prompt generation. We do not store, log, or retain your images after analysis is complete. Images are processed transiently in memory and discarded immediately. We do not use your images to train AI models.
5. Cookies and Tracking
We use the following types of cookies:
- Essential cookies — required for authentication and session management. Cannot be disabled.
- Preference cookies — store your settings (e.g., UI preferences). Can be cleared via your browser.
- Analytics cookies — basic, anonymized usage statistics to improve the service. No personal identifiers.
You can control cookies through your browser settings. Disabling essential cookies may prevent the service from functioning correctly.
6. Data Retention
- Account data (email, name, usage history) — retained for as long as your account is active, plus 90 days after deletion.
- Images — deleted immediately after analysis. No retention.
- Log data — retained for up to 30 days for security purposes, then automatically deleted.
- Billing records — retained for 7 years as required by applicable financial regulations.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate or incomplete data.
- Deletion — request deletion of your account and associated data.
- Portability — request your data in a portable format.
- Objection — object to processing of your data for certain purposes.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
To delete your account, you may also do so directly from your account settings page.
8. Data Security
We implement industry-standard security measures including:
- HTTPS/TLS encryption for all data in transit.
- Encrypted storage for user data at rest via Supabase.
- Restricted access controls — only authorized personnel can access user data.
- Regular security reviews of our infrastructure.
No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Children's Privacy
Our service is not directed to children under 14 years of age. We do not knowingly collect personal information from children under 14. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send an email notification.
11. Contact Us
For privacy-related questions or to exercise your data rights: