← Back to Home

Privacy Policy

Last updated: December 12, 2024

1. Introduction

Promptly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS keyboard application.

Prevádzkovateľ údajov:
Michal Novotník
V. Clementisa 1212/16
050 01 Revúca
Slovak Republic
IČO: 44617925
Email: support@aipromptly.app

2. Information We Collect

2.1 Information You Provide

• Account Information: Device ID (anonymized) for subscription validation
• Custom Actions: Action titles and instructions you create (stored locally on device)
• API Keys: Your OpenAI API key (BYOK plan only, stored securely in iOS Keychain)

2.2 Information Automatically Collected

• Usage Data: Request counts, timestamps (for enforcing usage limits)
• Technical Data: App version, iOS version (for debugging)

2.3 Information NOT Collected

We DO NOT collect:

• Text content you type or process through the keyboard
• Personal identifiable information (name, email, phone)
• Precise location data (website analytics collects only anonymized country code)
• Browsing history or app usage outside Promptly

2.4 Website Analytics (Website Only, Not in the App)

On our website (aipromptly.app) we use privacy-focused, cookie-free analytics to understand website traffic. This does not run in the app - only on the website.

What we collect: Page URLs (including language preference like ?lang=en, excluding other query parameters), referrer domains (not full URLs), anonymized IP addresses (e.g., 192.168.xxx.xxx - anonymized before processing), approximate country (via offline database on our server), device type (mobile/tablet/desktop), browser and OS families (aggregated categories only, no versions), UTM parameters (source/medium/campaign) if present. No cookies, no full IPs, no personal data, no cross-site tracking.

Legal basis: Legitimate Interest (GDPR Art. 6(1)(f)) - understanding website usage.
Retention: 90 days, then automatic deletion.
Country detection: MaxMind GeoLite2 database stored locally on our server - no external API calls, no data sharing with third parties.

2.5 Data Storage Location

Your data is processed and stored in the following locations:

• Backend servers: EUROPEAN UNION - Slovakia
• OpenAI API: United States (with Standard Contractual Clauses)
• Apple services: Worldwide (Apple infrastructure)

3. How We Use Your Information

We use collected information for:

• Processing AI requests through OpenAI API
• Validating subscriptions and enforcing usage limits
• Improving app performance and fixing bugs
• Complying with legal obligations

3.1 Legal Basis for Processing

We process your data under the following legal grounds (GDPR Art. 6):

Data Type	Legal Basis	Purpose
User text input	Contractual necessity (Art. 6(1)(b))	AI text processing
Bearer token	Contractual necessity	Authentication
Usage counts	Legitimate interest (Art. 6(1)(f))	Rate limiting, fraud prevention
Subscription status	Contractual necessity	Feature access management
Device information	Legitimate interest	Anti-abuse protection

4. Data Sharing and Third Parties

4.1 OpenAI

When you use AI features, your text input is sent to OpenAI for processing. OpenAI's data handling is governed by their Privacy Policy.

4.2 Apple

Subscription purchases are processed through Apple's App Store. Apple handles payment information according to their privacy policy.

4.3 International Data Transfers

Some of our service providers are located outside the European Union:

• OpenAI (USA): Text processing via API. Data transfer is protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
• Apple (Worldwide): Subscription processing via App Store infrastructure.

We ensure all international transfers comply with GDPR Chapter V requirements.

4.4 No Data Selling

We DO NOT sell, rent, or trade your personal information to third parties.

5. Data Security

We implement security measures including:

• HTTPS encryption for all network communications
• iOS Keychain for secure API key storage
• App Group sandboxing for data isolation
• No server-side storage of text content

6. Data Retention

We retain your data for the following periods (GDPR Art. 13(2)(a)):

Data Type	Retention Period
User text input	Not stored (processed in real-time only)
Bearer authentication token	Until account deletion or 180 days of inactivity
Usage statistics	30 days
Subscription records	Duration of subscription + 7 years (tax law)
System logs	30 days maximum
Inactive accounts	Automatically deleted after 180 days of inactivity

You can request deletion of your account and all associated data at any time by contacting us.

6.1 Data Breach Notification

In the event of a data breach that affects your personal data, we will (GDPR Art. 33-34):

• Notify you within 72 hours of discovering the breach
• Inform you about the nature of the breach
• Provide guidance on steps you can take to protect yourself
• Report the breach to relevant supervisory authorities as required by law

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Delete your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Objection: Object to data processing

To exercise these rights, contact us at: support@aipromptly.app

7.1 Automated Decision-Making

We use automated systems for (GDPR Art. 22):

• Rate limiting: Enforcing monthly request limits (30 requests/month for FREE plan)
• Fraud detection: Blocking suspicious activity to protect our service

These automated systems do not involve profiling or decisions that significantly affect you beyond service access. You have the right to contest any automated decision by contacting us at support@aipromptly.app.

8. Children's Privacy

Promptly is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have collected such data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the App or website. Continued use after changes constitutes acceptance.

10. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Email: support@aipromptly.app

11. EU Representative

For EU-specific inquiries, our representative can be reached at the above contact information.