🌍 100% of profits donated directly to GiveWell charities.

Promppp
Promppp
Sign in

© 2026 Promppp. All rights reserved.

PrivacyTerms

Privacy Policy

Last updated: January 26, 2025

Heggie Design (“we,” “us,” or “our”) operates Promppp (the “Service”), a community-driven platform for discovering, sharing, and discussing AI prompts. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

1. Information We Collect

1.1 Information You Provide Directly

When you use our Service, we may collect:

  • Account Information: Email address, name, and password (stored as a bcrypt hash) when you create an account using email/password authentication.
  • Profile Information: Username (3-20 characters), bio (up to 500 characters), and profile avatar image.
  • Date of Birth: Required for age verification to access age-restricted (NSFW) content. This date is immutable once set and is used solely to verify you are 18 years or older.
  • Content You Create: Prompts (including titles, descriptions, and content up to 10,000 characters), comments, tags, and images you upload.
  • Payment Information: When you subscribe to premium features, payment information is collected and processed by Stripe. We store your Stripe customer ID, subscription status, and billing period dates, but we do not store your credit card numbers or full payment details.

1.2 Information Collected Automatically

  • Usage Data: We track your votes (upvotes/downvotes), saved prompts, and prompt copy counts to provide personalized features and aggregate statistics.
  • Session Information: We maintain server-side sessions to keep you logged in, stored securely in our database with expiration dates.
  • Analytics Data: With your consent, we collect page views, interactions, and performance metrics through Vercel Analytics and Google Tag Manager.

1.3 Information from Third-Party Authentication

If you sign in using Google or GitHub OAuth, we receive your name, email address, and profile image from these providers. We also store OAuth access tokens and refresh tokens to maintain your authenticated session.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Service
  • Create and manage your account and profile
  • Process transactions and manage subscriptions
  • Send transactional emails (account verification, password resets, payment receipts)
  • Verify your age for access to age-restricted content
  • Calculate and display karma scores based on community engagement
  • Enforce our community guidelines and terms of service
  • Analyze usage patterns to improve our Service (with your consent)
  • Respond to your comments, questions, and support requests

3. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information and improve your experience. You can manage your preferences through our cookie consent banner.

3.1 Types of Cookies We Use

  • Necessary Cookies: Required for the website to function properly, including session management and security tokens. These cannot be disabled.
  • Preference Cookies: Remember your settings such as theme preferences (light/dark mode) and cookie consent choices. Stored in localStorage.
  • Analytics Cookies: Help us understand how visitors interact with our website through Vercel Analytics and Google Tag Manager. Requires your consent.
  • Marketing Cookies: Used by Google AdSense to deliver relevant advertisements. Requires your consent. Note: 100% of our advertising revenue is donated to charity.

3.2 Consent Management

We implement Google Consent Mode v2. By default, all non-essential cookies are denied until you provide consent. You can update your preferences at any time through our cookie settings.

4. Data Sharing and Third-Party Services

We do not sell your personal information. We share your information with the following third-party service providers who perform services on our behalf:

4.1 Payment Processing

Stripe: Processes all payments and subscriptions. When you make a payment, your payment information is sent directly to Stripe. We receive confirmation of payment status but do not store your full payment card details. Stripe's privacy policy: https://stripe.com/privacy

4.2 Email Services

Resend: Delivers transactional emails including account verification, password resets, and subscription confirmations. We share your email address and name with Resend for this purpose.

4.3 Hosting and Infrastructure

Vercel: Hosts our website and provides:

  • Blob Storage for user-uploaded images (prompts and avatars)
  • Analytics for website performance monitoring (with your consent)
  • Speed Insights for Core Web Vitals tracking

4.4 Analytics and Advertising

  • Google Tag Manager: Manages analytics tracking (with your consent)
  • Google AdSense: Displays advertisements (with your consent). All advertising revenue is donated to charity.

4.5 Authentication Providers

If you choose to sign in with Google or GitHub, those providers may collect information in accordance with their own privacy policies.

5. Data Storage and Security

5.1 Data Storage

  • Database: Your account data, profile information, and content are stored in a PostgreSQL database.
  • Images: Uploaded images are stored on Vercel Blob Storage and served via a CDN. Avatar images are automatically processed to 400x400 pixels in WebP format.
  • Passwords: Stored using bcrypt hashing with 12 rounds of salting. We never store plaintext passwords.

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encrypted connections (HTTPS) for all data transmission
  • Secure password hashing using bcrypt
  • Server-side session management with expiration
  • Email verification for new accounts
  • CSRF protection for all forms

6. Data Retention

  • Account Data: Retained until you delete your account
  • Content: Prompts, comments, votes, and saves are retained until you delete them or delete your account
  • Session Data: Sessions expire automatically and are cleaned up periodically
  • Email Verification Tokens: Expire after 24 hours
  • Payment Records: Retained as required for tax and accounting purposes, even after account deletion, per Stripe's retention policies

7. Your Rights and Choices

7.1 Access and Portability

You can access your personal information through your account settings. You may request a copy of your data by contacting us.

7.2 Correction

You can update your profile information, email, and password through your account settings. Note that your date of birth cannot be changed once set.

7.3 Deletion

You can delete your account at any time through your account settings. When you delete your account:

  • Your profile, prompts, comments, votes, and saves are permanently deleted
  • Your uploaded images are removed from our storage
  • Any active subscriptions are canceled
  • This action is irreversible

7.4 Cookie Preferences

You can manage your cookie preferences through our consent banner or by adjusting your browser settings.

7.5 Marketing Communications

We currently only send transactional emails. If we introduce marketing emails in the future, you will be able to opt out at any time.

8. GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for processing at any time

To exercise these rights, please contact us at mike@heggie.design. We will respond to your request within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

10. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

Additionally, users must be 18 years or older to access age-restricted (NSFW) content on our platform. We verify age through date of birth collection before granting access to such content.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in compliance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: mike@heggie.design
  • Business: Heggie Design
  • Location: Salt Lake City, Utah, United States