Last updated: April 3, 2026

Privacy Policy

This Privacy Policy explains how Boon IT SRL ("we," "us," or "our") collects, uses, and protects your personal data when you use Promptr for AI ("Promptr" or "the Service").

1. Data Controller

The data controller for your personal data is:

Boon IT SRL
Cluj-Napoca, Romania
Email: privacy@promptr.ai

2. Information We Collect and Legal Basis

Account Data

When you create an account, we collect:

  • Email address
  • Password (encrypted)
  • Name (optional)
  • Profile information from Google OAuth (if used)

Legal basis: Contract performance — we need this data to create and maintain your account.

Content Data

We store the content you create in Promptr:

  • Workspaces and their settings
  • Spaces within workspaces
  • Blocks (contexts, instructions, and prompts)
  • Tags and organizational metadata

Legal basis: Contract performance — storing and delivering your content is the core function of the Service.

Usage Data

We automatically collect:

  • Feature usage and activity logs
  • Browser type and version
  • Device information
  • IP address
  • Pages visited and actions taken within the Service

Legal basis: Legitimate interest — we use this data to improve the Service, maintain security, and understand how features are used. You can object to this processing at any time.

Extension Data

Our browser extension collects:

  • Extension preferences and settings
  • Which AI platforms you interact with (e.g., ChatGPT, Claude, Gemini), solely to enable prompt insertion functionality

What we do NOT collect: We do not read, store, or transmit your conversations with AI tools. The extension interacts only with text input fields on supported platforms to insert your saved content. No page content, chat history, or AI responses are collected.

Legal basis: Contract performance — this data is necessary to deliver the extension's core functionality.

3. How We Use Your Data

We use your data to:

  • Provide the Service: Authenticate your identity, manage your account, store and deliver your content
  • Process payments: Manage subscriptions and billing through our merchant of record
  • Communicate with you: Send service-related emails (account confirmations, security alerts, product updates)
  • Improve the Service: Analyze usage patterns, fix bugs, and develop new features
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with law: Meet legal and regulatory obligations

We do not sell your personal data. We do not use your content data to train AI models.

4. Third-Party Services

We share data with the following third-party services, each acting as a data processor under appropriate data processing agreements:

ServicePurposeData shared
Polar.shMerchant of record — handles payments, billing, tax compliancePayment and billing information (we never store your full card details)
Google OAuthAuthentication (if you choose to sign in with Google)Profile information received from Google
SupabaseDatabase and infrastructure hostingAll Service data (stored in EU data centers)
VercelWeb application hostingUsage data, IP addresses
PostHogProduct analyticsAnonymized usage data, feature interactions

We may update this list as our infrastructure evolves. The current version is always available at this page.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service.

After account deletion:

  • Your content data is deleted within 30 days
  • Backup copies are purged within 30 days of deletion
  • Anonymized, aggregated analytics data may be retained indefinitely (this data cannot identify you)
  • Data required by law (e.g., billing records for tax purposes) is retained for the legally required period

Usage data is retained for up to 24 months, after which it is deleted or anonymized.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access — Request a copy of all personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Portability — Receive your data in a structured, machine-readable format
  • Restriction — Request that we limit how we process your data
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

How to exercise your rights: Email privacy@promptr.ai with your request. We will verify your identity and respond within 30 days. If we need more time, we will notify you of the extension and the reasons for it.

You can also export your data directly from the Service at any time through your account settings.

7. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

8. Cookies and Tracking

We use cookies and similar technologies as follows:

Essential cookies (always active): Required for authentication, session management, and core functionality. The Service cannot function without these.

Analytics cookies (optional): Used to understand how the Service is used and to improve it. These are loaded only with your consent.

You can manage your cookie preferences through our cookie banner when you first visit the site, or at any time through your browser settings. Disabling essential cookies will prevent you from using the Service.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest
  • Access controls and role-based permissions for internal systems
  • Regular security assessments
  • Secure development practices

No system is completely secure. If you discover a security vulnerability, please report it to security@promptr.ai. We commit to acknowledging reports within 48 hours.

10. Children's Privacy

Promptr is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@promptr.ai.

11. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, through infrastructure providers), we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms under GDPR

12. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you by email at least 14 days before the changes take effect. Minor clarifications or formatting changes may be made without notice. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact and Complaints

For questions about this Privacy Policy or to exercise your data rights:

Boon IT SRL
Cluj-Napoca, Romania
Email: privacy@promptr.ai

If you are unsatisfied with our response, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro, or with your local data protection authority.