Privacy Policy

Last updated: March 21, 2026

1. Introduction

Prompturement ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service at prompturement.app.

2. Data We Collect

Account Data

• Name and email address — provided during registration
• Password — stored as a bcrypt hash, never in plain text

Usage Data

• AI tool usage (which tools, credit consumption, timestamps)
• Documents and text you upload for analysis (contracts, RFQs, etc.)

Billing Data

• Subscription plan and status
• Payment processing is handled entirely by Stripe. We do not store credit card numbers.

Technical Data

• Session cookies (encrypted, HTTP-only)
• IP addresses in audit logs

3. How We Use Your Data

• To provide and operate the Service
• To process payments and manage subscriptions
• To send transactional emails (verification, password reset, billing)
• To monitor usage for billing and rate limiting
• To improve the Service

4. Data Processing and AI

When you use our AI tools, your input data is sent to Google Gemini API for processing. We do not use your data to train AI models. Google's data processing is governed by their API terms of service.

5. Data Storage

Your data is stored on Microsoft Azure servers in the West Europe region. We use:

• Azure SQL Database for user accounts and usage logs
• Azure Cosmos DB for tool-specific data (contracts, sessions, etc.)
• Azure Communication Services for email delivery

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete all associated data within 30 days. Audit logs may be retained for up to 12 months for security purposes.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

• Access — export your data via the account settings
• Rectification — update your profile information
• Erasure — delete your account and all data
• Portability — download your data in JSON format
• Object — contact us to object to specific processing

8. Cookies

We use the following cookies:

• prc_session — encrypted session cookie (essential, 7-day expiry)
• ARRAffinity — Azure load balancer affinity cookie (essential)

We do not use analytics or advertising cookies.

9. Third-Party Services

• Stripe — payment processing (Stripe Privacy Policy)
• Google Gemini API — AI processing (Google AI Terms)
• Microsoft Azure — infrastructure and email

10. Security

We implement industry-standard security measures including encrypted sessions, bcrypt password hashing, HTTPS enforcement, security headers (CSP, HSTS, X-Frame-Options), and rate limiting.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

12. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@prompturement.com.