PromptFinder

Privacy Policy

How we handle your data

Last updated: November 2025

🇩🇪 Deutsche Version

1. Data Controller

BG Online Media (haftungsbeschränkt)

Grünwiesenstraße 33

74321 Bietigheim-Bissingen

Germany

Represented by: Bernd Galter

Commercial Register: HRB 774462, Stuttgart District Court

VAT ID: DE331972080

support@prompt-finder.com

+49 176 22372958

2. Overview of Data Processing

PromptFinder is a platform for structured AI workflows. This overview summarizes the types of data processed and the purposes of processing.

Types of data processed:

  • Account data (e.g., name, email address)
  • Usage data (e.g., pages visited, workflows used)
  • Meta/communication data (e.g., IP addresses, access times)
  • Payment data (processed exclusively by our payment provider)

Important: Content you enter in workflow input fields (e.g., meeting notes, email drafts) is not stored on our servers. This data remains exclusively in your browser and is transmitted directly to the AI service you choose (e.g., ChatGPT).

3. Legal Basis

We process personal data based on the following GDPR provisions:

  • Art. 6(1)(a)Consent: You have given consent for processing.
  • Art. 6(1)(b)Contract: Processing is necessary for contract performance (e.g., providing the service, payment processing).
  • Art. 6(1)(f)Legitimate Interests: Processing is necessary for our legitimate interests (e.g., security, fraud prevention, service improvement).

4. Data We Collect

4.1 Account Data

When you register, we collect:

  • Email address (required)
  • Name (if provided)
  • Profile picture (when signing in via Google)

Legal basis: Art. 6(1)(b) GDPR (Contract performance)

4.2 Usage Data

To improve our service, we store:

  • Which workflows you use
  • Which options you select in dropdown fields
  • Favorited workflows
  • Time of usage

We do NOT store: Free-text inputs, content from input fields, meeting notes, email drafts, or any other personal content you enter in workflows.

Legal basis: Art. 6(1)(f) GDPR (Legitimate interests)

4.3 Technical Data

When you access our website, we automatically collect:

  • IP address (stored anonymously)
  • Browser type and version
  • Operating system
  • Date and time of access
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR (Legitimate interests – security, stability)

5. Cookies and Local Storage

5.1 Essential Cookies

We use technically necessary cookies for:

  • Authentication and session management (Supabase Auth)
  • Security features (CSRF protection)

These cookies are essential for website operation and cannot be disabled. Legal basis: Art. 6(1)(f) GDPR.

5.2 Local Storage

We use your browser's local storage to:

  • Save your progress in multi-step workflows
  • Remember the current step if you leave the page

This data remains exclusively in your browser and is not transmitted to our servers. You can clear local storage at any time in your browser settings.

5.3 No Tracking Cookies

We do not use marketing or tracking cookies. We do not use Google Analytics. We use Vercel Analytics, which is cookie-free and privacy-friendly (see Section 6.5).

6. Service Providers

We use the following service providers with whom we have data processing agreements:

Supabase Inc.

Authentication and Database

Server location: EU (Ireland)
Purpose: User accounts, data storage
Privacy: supabase.com/privacy

Vercel Inc.

Web Hosting

Server location: EU
Purpose: Website hosting
Privacy: vercel.com/legal/privacy-policy

LemonSqueezy LLC

Payment Processing

Purpose: Processing Pro subscriptions
Payment data is processed exclusively by LemonSqueezy.
We do not store credit card or bank details.
Privacy: lemonsqueezy.com/privacy

Hetzner Online GmbH

Email Hosting

Server location: Germany
Purpose: Processing email inquiries (support@prompt-finder.com)
Privacy: hetzner.com/legal/privacy-policy

6.4 Fonts

We use the fonts "Geist" and "Geist Mono". These are self-hosted and served from our own servers. There is no connection to Google servers, and your IP address is not transmitted to Google.

6.5 Analytics (Vercel Analytics)

We use Vercel Analytics, provided by Vercel Inc., to monitor the performance, stability and basic usage of our website. Vercel Analytics works without cookies and does not create user profiles.

As part of this service, technical information such as the requested URL, referrer URL, timestamp, user agent, approximate region and performance metrics may be processed in aggregated form. This data is used exclusively for statistical evaluations and for improving the stability and security of our service.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website operation).

More information: vercel.com/legal/privacy-policy

7. Data Sharing

We do not share your personal data with third parties unless:

  • You have given explicit consent (Art. 6(1)(a) GDPR)
  • It is necessary for contract performance (Art. 6(1)(b) GDPR), e.g., payment processing
  • There is a legal obligation (Art. 6(1)(c) GDPR)
  • It is necessary for legitimate interests (Art. 6(1)(f) GDPR)

We never sell your data to third parties.

8. Data Retention

We retain personal data only as long as necessary for the respective purposes:

  • Account data: Until account deletion
  • Usage data: 12 months after last activity
  • Technical logs: 30 days
  • Payment data: According to legal retention requirements (10 years)

9. Your Rights

Under GDPR, you have the following rights:

  • Art. 15Access: You can request information about your stored data.
  • Art. 16Rectification: You can request correction of inaccurate data.
  • Art. 17Erasure: You can request deletion of your data ("right to be forgotten").
  • Art. 18Restriction: You can request restriction of processing.
  • Art. 20Portability: You can receive your data in a machine-readable format.
  • Art. 21Objection: You can object to the processing of your data.
  • Art. 7(3)Withdrawal: You can withdraw consent at any time.

To exercise your rights, contact us at: support@prompt-finder.com

10. Right to Complain

You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed in violation of GDPR.

Supervisory Authority:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Lautenschlagerstraße 20

70173 Stuttgart, Germany

www.baden-wuerttemberg.datenschutz.de

11. SSL/TLS Encryption

This website uses SSL/TLS encryption for security. You can recognize an encrypted connection by the "https://" prefix and the lock icon in your browser's address bar.

12. Changes to This Policy

We reserve the right to update this privacy policy to comply with legal requirements or to reflect changes to our services. The updated policy will apply to your next visit.

Questions about privacy?

For questions about data collection, processing, or your rights, please contact:

support@prompt-finder.com