Promptly
Back to Home

Privacy Policy

Last updated: February 18, 2026

1. Controller

The data controller for the processing of your personal data in connection with the Promptly marketplace is:

  • [Company Name]
  • [Registered Address]
  • Chamber of Commerce (KVK): [KVK Number]
  • Contact: [Contact Email]

2. Purposes and Legal Bases

We process personal data for the following purposes:

2.1 Account and authentication

We collect your email, display name, username, and photo to create and manage your account. Firebase Authentication is used for sign-in. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR). Without this data, we cannot provide the service.

2.2 Profile and public information

Display name, username, photo, cover image, description, and social links (X, Instagram, Facebook) may be shown on your public profile. Legal basis: Performance of a contract and your consent where applicable.

2.3 Purchases, credits, and payouts

We process purchase history, cart data, credits, subscription plans, and payout requests to process payments and deliver digital content. Payment processing is handled by Stripe. Legal basis: Performance of a contract.

2.4 Content (prompts, comments, ratings)

We store prompts, comments, ratings, favorites, and follow relationships to operate the marketplace. Legal basis: Performance of a contract.

2.5 Preferences and local storage

Theme preference, cart (for guests), and UI preferences (e.g. hideMyPrompts, showFeaturedImage) are stored in your browser. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) to improve user experience. See our Cookie Policy for details.

3. Recipients and International Transfers

We share data with the following recipients:

  • Firebase / Google Cloud (Auth, Firestore, Storage): Data is processed under a Data Processing Agreement. Google may transfer data outside the EEA under Standard Contractual Clauses. See Firebase Data Processing Terms.
  • Stripe (payment processing): Payment and transaction data are shared with Stripe. Stripe operates under a DPA and may process data in the EU via Stripe Payments Europe Ltd. See Stripe Privacy Center.

4. Retention

We retain personal data as follows:

  • Account data: Until you delete your account, plus a reasonable period for backups and legal obligations.
  • Purchase and transaction data: As required for tax and legal compliance (typically 7 years in the Netherlands).
  • Content (prompts, comments): Until you delete it or your account is closed.
  • Local storage: Until you clear it or withdraw consent; cookie consent is stored until withdrawn.

5. Your Rights

Under the GDPR, you have the right to:

  • Access (Art. 15): Obtain a copy of your personal data.
  • Rectification (Art. 16): Correct inaccurate data.
  • Erasure (Art. 17): Request deletion of your data (subject to legal exceptions).
  • Restriction (Art. 18): Limit processing in certain cases.
  • Data portability (Art. 20): Receive your data in a structured, commonly used format.
  • Object (Art. 21): Object to processing based on legitimate interest.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at [Contact Email]. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl

6. Provision of Data

Providing account and payment data is necessary to enter into and perform the contract. If you do not provide it, we cannot create your account or process purchases. Profile and content data are voluntary to the extent you choose to add them.

7. Security

We implement appropriate technical and organizational measures to protect your personal data. Our processors (Firebase, Stripe) are bound by data processing agreements and maintain relevant certifications.

8. Contact

For questions about this Privacy Policy or to exercise your rights, contact us at [Contact Email].