Privacy Policy

Last updated: March 2026

Overview

PromptOps ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This policy describes how we handle your information when you use our services.

Data Controller: [FIRMENNAME], [ADRESSE]. For data protection inquiries, contact us at privacy@promptops.dev

Data We Collect

  • Account information (email, name) when you sign up
  • Prompt content and metadata that you store in PromptOps
  • Usage data (API calls, optimization runs, benchmarks)
  • Technical data (browser type, IP address) for security
  • Waitlist email address when you join our waitlist

How We Use Your Data

We use your data solely to provide and improve PromptOps services. We never sell your data to third parties. Your prompt content is encrypted at rest and in transit.

Legal Basis for Processing

We process your personal data on the following legal grounds under the EU General Data Protection Regulation (GDPR):

  • Contract performance (Art. 6(1)(b)): Account data and prompt content — necessary to provide the PromptOps service you signed up for.
  • Consent (Art. 6(1)(a)): Waitlist email address — collected with your explicit consent when you join the waitlist. You may withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f)): Usage analytics — we use cookieless, privacy-focused analytics to understand how our service is used and to improve it. Our interest is balanced against your rights by minimizing data collection.
  • Legitimate interest (Art. 6(1)(f)): Security data (IP address, browser type) — collected to protect against abuse, fraud, and unauthorized access.

Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Deletion (Art. 17): Request deletion of your personal data, subject to legal retention requirements.
  • Restriction (Art. 18): Request restriction of processing in certain circumstances, such as when you contest data accuracy.
  • Portability (Art. 20): Request your data in a structured, machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interests, including profiling.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Opt-out: Opt out of marketing communications at any time.

To exercise any of these rights, contact us at privacy@promptops.dev. We will respond within 30 days.

Right to lodge a complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority. The competent authority is: [AUFSICHTSBEHÖRDE, z.B. Landesbeauftragte/r für Datenschutz und Informationsfreiheit, BUNDESLAND].

Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account, we remove your personal data and prompt content within 30 days, except where retention is required by law. Aggregated, anonymized data may be retained for analytics purposes.

Third-Party Services

We use the following third-party services to operate PromptOps. Each processor has been vetted for GDPR compliance:

  • Vercel Inc. (San Francisco, USA) — Hosting and edge network infrastructure. Data processed under Standard Contractual Clauses (SCCs).
  • Vercel Analytics — Cookieless, privacy-focused web analytics. No personal data is shared or stored. Compliant with GDPR without consent requirement.
  • Formspree Inc. (USA) — Waitlist form submissions (email addresses only). Data processed under Standard Contractual Clauses (SCCs).
  • LLM providers: When you run benchmarks or optimizations, your prompts are sent to the models you select. We do not store LLM responses beyond your session. Specific providers depend on your configuration.
  • Payment processing: Handled by PCI-compliant payment processors. We never store credit card numbers.

International Data Transfers

Some of our service providers are based in the United States. When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs with all US-based processors (Vercel, Formspree).
  • Data minimization: We transfer only the minimum data necessary for each service to function.
  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Cookies & Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party tracking cookies or advertising pixels. Our analytics solution is cookieless and does not track individual users across sites.

Data Security

We implement industry-standard security measures to protect your data:

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Role-based access controls for internal team access.
  • Regular security audits and penetration testing.
  • SOC 2 compliance available on Enterprise plans.

Children's Privacy

PromptOps is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or by posting a notice on our website at least 30 days before the changes take effect.

Contact

Questions about this policy? Email us at privacy@promptops.dev

Enterprise customers may request a Data Processing Agreement (DPA) by contacting legal@promptops.dev