Privacy Policy

Last updated: March 16, 2026

1. Introduction

PromptFrom ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at promptfrom.com and our related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, name, and password (hashed). If you sign in via Google OAuth, we receive your name, email address, and profile picture URL from Google.
  • Uploaded Images: When you use the Service, you upload images for analysis. These images are processed in real-time by our AI analysis engine. See Section 4 for details on image data handling.
  • Payment Information: When you subscribe to a paid plan, payment processing is handled by LemonSqueezy. We do not directly collect or store credit card numbers, bank account details, or other financial information. We receive confirmation of payment status and subscription details from LemonSqueezy.
  • Communications: When you contact us via email or our contact form, we collect the information you provide, including your name, email address, and message content.

2.2 Information Collected Automatically

  • Usage Data: We collect information about how you use the Service, including pages visited, features used, analysis count, and interaction timestamps.
  • Device Information: We collect information about the device you use to access the Service, including device type, operating system, browser type and version, and screen resolution.
  • IP Address: We collect your IP address for security purposes, rate limiting, and to approximate your general geographic location.
  • Cookies and Similar Technologies: We use session cookies to maintain your login state and preferences. See Section 7 for more details.

2.3 Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email, and profile picture from Google's authentication service.
  • LemonSqueezy: Our payment processor provides us with subscription status, plan details, and transaction history (but not full payment card details).

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your image analyses and generate AI prompts
  • Manage your account and subscription
  • Enforce usage limits and prevent abuse
  • Send you service-related notifications (account confirmation, password resets, billing notifications)
  • Respond to your inquiries and support requests
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

We do not use your information to:

  • Train AI or machine learning models on your uploaded images
  • Sell your personal information to third parties
  • Send unsolicited marketing emails (unless you explicitly opt in)
  • Create user profiles for advertising purposes

4. Image Data Handling

Your uploaded images receive special treatment given their potentially sensitive nature:

  • Processing: Images are transmitted securely (HTTPS/TLS) to our servers and processed by our AI analysis engine in real-time.
  • Storage: Full-resolution images are not permanently stored on our servers. They are held in memory only during the analysis process and discarded after processing is complete.
  • Thumbnails: For Pro and Business tier users, we may store a small thumbnail version of analyzed images to display in your prompt history. These thumbnails are associated with your account and deleted when you delete the history entry or your account.
  • Third-Party Processing: Images are sent to our AI provider for vision analysis. Our provider's data handling is governed by their own privacy policy and data processing agreement. Your images are not used to train AI models.
  • No Training: We do not use your uploaded images to train, fine-tune, or improve any AI or machine learning models.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service Providers: We share data with third-party service providers who assist us in operating the Service, including:
    • AI processing providers for image analysis
    • LemonSqueezy (payment processing)
    • Google (OAuth authentication)
    • Hosting and infrastructure providers
  • Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: If PromptFrom is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

  • Account Data: We retain your account information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
  • Analysis History: Your prompt history is retained for as long as your account is active. You may delete individual history entries at any time.
  • Usage Logs: Anonymized usage analytics and server logs are retained for up to 90 days for security and performance monitoring.
  • Payment Records: Transaction records are retained as required by applicable tax and financial regulations.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for the Service to function. These include session cookies that maintain your login state (PHP session ID). These cannot be disabled.
  • Functional Cookies: Used to remember your preferences, such as theme settings or dismissed notices.
  • Analytics Cookies: We may use analytics services to understand how users interact with the Service. These cookies collect anonymized usage data.

We do not use advertising cookies or tracking pixels. We do not participate in cross-site tracking or behavioral advertising networks.

8. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

  • TLS/HTTPS encryption for all data in transit
  • Encryption of sensitive data at rest
  • Password hashing using industry-standard algorithms
  • Regular security reviews and updates
  • Access controls limiting data access to authorized personnel
  • Secure API key generation and storage

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to processing of your personal data for certain purposes
  • Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at privacy@promptfrom.com. We will respond to your request within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy.

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@promptfrom.com.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by businesses
  • The right to opt out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your CCPA rights

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including the rights described in Section 9 above. Our legal bases for processing your data include:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention and service improvement
  • Consent: Processing based on your explicit consent, which you may withdraw at any time
  • Legal Obligation: Processing required to comply with applicable laws

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a prominent notice on the Service. The "Last updated" date at the top of this policy indicates when it was last revised.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: