Privacy Policy
Last updated: June 24, 2026
Short version: We collect only what we need to run Promptary. We never sell your data. We never use your prompts to train AI models. Your data is stored in the EU.
1. Who we are
Promptary is operated by b4analytics, a sole proprietorship (ZZP) registered in the Netherlands.
Contact:
evkhv67@gmail.com
b4analytics is the data controller for all personal data processed through promptary.dev.
2. What data we collect
We collect the minimum data necessary to provide the service:
- Account data: email address and password (stored as a bcrypt hash)
- Content data: topics and prompts you create
- Usage data: copy counts per prompt (no granular event tracking)
- Billing data: handled entirely by Stripe — we store only your Stripe customer ID
- Technical data: server logs (IP address, request path, timestamp) retained for 7 days
We do not use cookies for tracking or analytics. The only cookie we set is promptary_theme which stores your light/dark mode preference.
3. How we use your data
- To provide and operate the Promptary service
- To send transactional emails (email verification, password reset)
- To process payments via Stripe
- To respond to support requests
We do not use your prompts or content to train AI models. We do not sell your data to third parties. We do not run advertising.
4. Legal basis for processing (GDPR)
- Contract performance: processing your account data to provide the service you signed up for
- Legitimate interests: server logs for security and debugging
- Legal obligation: retaining billing records as required by Dutch tax law
5. Data storage and security
All data is stored on servers located in Helsinki, Finland (EU), operated by Hetzner Cloud. Data never leaves the EU.
We use industry-standard security measures including bcrypt password hashing, HTTPS-only connections, httpOnly cookies, and isolated database users.
6. Third-party services
- Stripe — payment processing. Stripe is the Merchant of Record and handles all payment data under their own privacy policy.
- Resend — transactional email delivery (verification emails, password resets). Only your email address is shared.
- Hetzner Cloud — server infrastructure in Helsinki, Finland.
We have no advertising partners, analytics providers, or data brokers.
7. Data retention
- Active accounts: retained as long as your account exists
- Deleted accounts: all personal data and content purged within 30 days of deletion
- Billing records: retained for 7 years as required by Dutch tax law (Article 52 AWR)
- Server logs: retained for 7 days then automatically deleted
8. Your rights (GDPR)
As an EU resident, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request we limit how we process your data
To exercise any of these rights, email evkhv67@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
9. Children
Promptary is not intended for users under the age of 16. We do not knowingly collect data from children.
10. Changes to this policy
We may update this policy when we add new features or change how we handle data. We will update the "Last updated" date above and, for material changes, notify registered users by email.
11. Contact
Questions about this privacy policy? Email us at evkhv67@gmail.com.