Privacy Policy

PromptFree is operated by Disainilahendused OÜ, an Estonian private limited company. In this policy, "PromptFree", "we", "us", and "our" refer to Disainilahendused OÜ and the PromptFree service.

Contact: hello@promptfr.ee.

Account data: email address, authentication provider, user ID, and basic profile data returned by Supabase Auth or Google sign-in.

Billing data: Stripe customer ID, subscription status, product, price, renewal period, tax details, invoices, billing address, and payment method metadata. Full card numbers are handled by Stripe, not by PromptFree.

Product usage data: prompt views, pricing page views, checkout-start events, checkout-success events, blocked copy attempts, prompt copy actions, prompt access level, and prompt slugs.

Support data: messages sent to hello@promptfr.ee and any details you include in those messages.

Technical data: session cookies, IP-derived request data, browser/device data, logs, and security data needed to run the service.

To create and secure accounts.

To provide free and paid access to prompt content.

To process checkout, tax calculation, subscriptions, invoices, and billing support.

To prevent abuse and protect paid prompt content.

To improve prompt relevance, product quality, pricing flow, and copy access flow.

To answer support requests and keep required business records.

Contract: to provide account access, prompt access, checkout, subscription management, and support.

Legitimate interests: to secure the service, measure product usage, improve the catalog, and prevent misuse.

Legal obligation: to keep accounting, tax, fraud-prevention, and compliance records where required.

Consent: where consent is required for optional features or communications.

Supabase provides authentication, database, and server-side data storage. PromptFree stores its Supabase project data in a European Supabase region.

Stripe processes checkout, subscriptions, taxes, invoices, customer portal sessions, and payment data.

Vercel hosts the application and provides product analytics.

Google may process data when you choose Google sign-in.

CDN and asset hosting providers serve preview media and public site assets.

PromptFree uses necessary cookies for authentication and session handling.

PromptFree uses product analytics to understand page views, checkout flow, and prompt copy behavior. These analytics are used to improve the service, not to sell personal data.

We do not sell personal data.

We share data only with service providers needed to operate PromptFree, comply with law, process payments, prevent abuse, or respond to lawful requests.

Some providers may process data outside Estonia or the European Economic Area. Where required, transfers rely on lawful transfer mechanisms such as standard contractual clauses or equivalent safeguards.

Account data is kept while your account exists.

Billing, invoice, tax, and transaction records are kept as long as required by law.

Support emails are kept as long as needed to handle the request and maintain business records.

Analytics and logs are kept only as long as needed for product, security, and operational purposes.

You may request access, correction, deletion, restriction, objection, or export of your personal data, where applicable under GDPR.

You may withdraw consent where processing is based on consent.

You may complain to the Estonian Data Protection Inspectorate or your local EU data protection authority.

To make a request, contact hello@promptfr.ee. We may need to verify your identity before acting on the request.

We use access controls, server-side entitlement checks, payment-provider separation, and managed hosting/database providers to protect data. No online service can guarantee perfect security.

We may update this policy when the product, providers, legal duties, or business structure changes. The current version is posted on this page.