Privacy Policy

itisaprompt is a community platform where users discover, share, vote on, and save AI prompts. We are committed to protecting your privacy and handling your data transparently. This policy covers data collected through our website, authentication system, user-generated content features, email communications, and in-app prompt execution tools.

We act as both a data controller (for data we collect directly from you) and a data processor (for content you submit and store through our service).

We use the information we collect to:

• Create and manage your account and authenticate your identity.
• Display your public profile, submitted prompts, and contributions.
• Send transactional emails: email confirmation on signup, password reset links, and notification emails you have opted into.
• Send the weekly prompt digest email (opt-in; you can unsubscribe at any time from your Settings page).
• Detect, investigate, and prevent spam, abuse, fraud, and violations of our Terms of Service.
• Improve and personalise the Service — e.g., surfacing relevant prompts based on your browsing and interaction history.
• Generate aggregate, anonymised analytics to understand how the platform is used.
• Fulfil your Prompt Studio requests using your own API keys, which are decrypted in-memory only at execution time.
• Comply with our legal obligations.

We do not sell your personal data. We do not use your data for advertising targeting. We do not use AI/ML to make automated decisions that produce legal or similarly significant effects about you.

We share your data only in the following circumstances:

We use the following third-party services. Their privacy policies govern their handling of any data shared with them:

We do not use advertising cookies, remarketing pixels, or any third-party tracking technology for marketing purposes.

• Account data (email, username, profile): retained for as long as your account is active. If you delete your account, we permanently delete your profile, email address, and authentication records within 30 days.
• Submitted prompts: prompts you submit remain on the platform after account deletion in anonymised form (author shown as '[deleted]') unless you request full deletion.
• Comments: same policy as prompts — anonymised on account deletion unless you request removal.
• Submission IP addresses: deleted after 90 days.
• Analytics events: aggregated and purged of personally identifiable data after 12 months.
• Encrypted API keys: deleted immediately when you remove them from Settings, or when you delete your account.
• Email logs: transactional email logs (delivery status, not content) retained for 90 days.

We implement industry-standard safeguards to protect your data:

• All data in transit is encrypted using TLS 1.2 or higher.
• Passwords are hashed using bcrypt via Supabase's auth system — we never store or transmit plaintext passwords.
• API keys stored in the Prompt Studio are encrypted at rest using AES-256 before writing to the database.
• Database access is controlled by Row-Level Security (RLS) policies — each user can only read and write their own data.
• Authentication uses JSON Web Tokens with short expiry, refreshed via HTTP-only cookies.
• We conduct regular dependency audits and apply security patches promptly.

No system is 100% secure. In the event of a data breach that affects your personal information, we will notify you and relevant supervisory authorities within 72 hours of becoming aware, as required by GDPR Article 33.

Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, email us at privacy@itisaprompt.com. We will respond within 30 days.

To delete your account, go to Settings or contact us at privacy@itisaprompt.com.

The Service is not directed at children under the age of 13 (or 16 in the EU / UK where a higher age of digital consent applies). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@itisaprompt.com and we will delete that data without delay.

itisaprompt is operated from and primarily stores data in the United States and/or the European Union via our sub-processors. If you access the Service from outside those regions, your data may be transferred to, stored in, and processed in a country with different data protection laws than your own.

For transfers from the EEA/UK to third countries, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent transfer mechanisms provided by our sub-processors to ensure your data receives an adequate level of protection.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

• Posting a prominent notice on the Service at least 14 days before the change takes effect.
• Sending an email notification to the address associated with your account.

Your continued use of the Service after the effective date of any update constitutes your acceptance of the revised policy. If you do not agree, you may delete your account before the changes take effect.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our privacy team:

If you are in the EU and have an unresolved privacy concern, you also have the right to contact your local data protection authority.