Skip to content
HOME

Privacy Policy

LAST UPDATED · 2026 / 04 / 23

1. What we collect

To run the service, we collect:

  • Account data — email address, a bcrypt-hashed password, display name. We do not store cleartext passwords.
  • Subscription data — plan tier, status, start / end dates.
  • Payment data — full card numbers, CVC, and similar sensitive fields are handled and stored by third-party payment processors (e.g. Stripe, ECPay). We only receive a success / failure status and an order ID.
  • Usage logs — login timestamps, IP address (for security auditing only), and aggregated browsing / click statistics.

2. How we use data

  • Member services, identity verification, subscription gating
  • Account-related email (subscription status, password change, policy updates)
  • Service improvement and prompt-popularity analytics
  • Compliance with lawful requests from authorities

3. Storage and security

Member data is stored in Cloudflare D1 (SQLite). Every connection is encrypted over HTTPS. Passwords are bcrypt-hashed one-way, so a database leak cannot reveal them. Sessions are signed JWT cookies with httpOnly + secure + sameSite protections.

4. Third-party services

We rely on:

  • Cloudflare — CDN, hosting, database, Turnstile bot protection.
  • Payment providers (Stripe / ECPay etc.) — handle subscription billing.
  • Google AdSense — displays third-party ads on free pages, may personalise ads based on browsing behaviour and cookies (Google may use DoubleClick cookies or similar). See Google partner sites policy. Pro subscribers do not load the AdSense script and are not ad- tracked. Visitors who have not consented to personalised ads still see ads, but Google serves them non-personalised.
  • Google Analytics 4 (GA4) — aggregate traffic and page interaction analytics to help us improve content. We use Consent Mode v2 and default to denying all tracking cookies until the user clicks “Accept all” in the cookie banner. GA writes cookies including _ga and _ga_*. See Google Privacy Policy. You can install the Google Analytics opt-out add-on to disable GA tracking across the web. Pro subscribers do not load GA.

These services process data per their own privacy policies. We do not sell member data or share it with third parties unrelated to operating the service.

5. Cookies and tracking

Two groups of cookies:

  • Essential — login session cookie (pc_session) to keep you signed in, Turnstile verification tokens. Disabling these breaks login and submissions.
  • Ad / analytics (free / anonymous visitors only) — Google AdSense may write __gads / __gpi cookies to support ad delivery. Adjust your preferences at Google Ads Settings. Personalised ads are off by default for EU / UK visitors.

We do not use cookies to track you across other sites. Pro members see no AdSense script at all.

6. Member rights and cookie preferences

Under applicable data protection law you can:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and related data (subject to legal retention periods for billing records)

To exercise any of the above, email the contact address below. We reply within 7 business days.

To re-open the cookie preference banner and re-choose AdSense / GA tracking, click here:

7. Retention

After you delete your account, we remove personally identifying data from the database within 30 days. Transaction records required for tax / legal purposes are retained in a de-identified form for the statutory period.

8. Changes to this policy

Material changes will be posted on this page and emailed to members. Continued use of the Site after a change constitutes acceptance of the updated policy.

9. Contact

For privacy questions or data access / deletion requests: promptcraft@prompt.luvai.net