Privacy Notice

Data controller

The data controller for personal data processed through aiprompt.fyi is Balico, LLC, trading as aiprompt.fyi. You can reach the controller at the contact email info@digikerma.com.

What we collect

• Account: your email address and Google profile (name, avatar) when you sign in.
• Usage: a count of audits you run, used to enforce the free-tier daily limit.
• Subscription state from Paddle: subscription status, period end, product purchased.
• Technical: IP address and basic device/browser information collected automatically for security and abuse prevention.
• The text of prompts you audit is processed transiently to generate AI refinements (Pro feature). We do not retain the prompt text itself in our database.

Why we process it (purposes & legal basis)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

• Contract performance — to create your account, deliver audits, run Pro features, and manage your subscription.
• Legitimate interests — to enforce free-tier limits, prevent fraud and abuse, secure the Service, and improve product quality.
• Legal obligation — to keep records required by tax, accounting, or other applicable law (mostly held by Paddle as Merchant of Record).
• Consent — where you explicitly opt in (e.g. signing in with Google).

What we do NOT collect

• Your payment card details — these go directly to Paddle and never touch our servers.
• The full text of your audited prompts beyond the duration of one request.
• Browsing behaviour outside of aiprompt.fyi.

Who we share data with

We use the following sub-processors: Paddle.com Market Limited (Merchant of Record — payments, subscription management, tax compliance, invoicing), Lovable Cloud (hosting, database, authentication), and Google Gemini via Lovable AI Gateway (generation of Pro industry refinements). We may also share data with professional advisers (legal, accounting) and with authorities where required by law. Each sub-processor is bound by their own data processing terms.

How long we keep data

• Account & profile data: for as long as your account is active, then deleted within 30 days of account deletion.
• Audit usage counts: retained for up to 12 months for rate-limit and abuse-prevention purposes.
• Subscription records: retained for the duration of your subscription and for up to 7 years thereafter to meet tax and accounting obligations (mostly held by Paddle).
• Prompt text submitted for audits: not stored — discarded after the request completes.

When data is no longer needed for these purposes, it is deleted or irreversibly anonymised.

Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), encryption at rest for our managed database, role-based access controls, row-level security on user data, and least-privilege access for administrators. No system is perfectly secure; we continuously review our practices.

Your rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent at any time. Where UK or EU GDPR applies, you also have the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact us at the email info@digikerma.com; we will respond within one month. Deleting your account removes your profile, usage records and subscription record from our database; payment records held by Paddle are retained per their policy.

International transfers

Our sub-processors may process data outside the UK/EEA. Where this happens, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Cookies

We use only essential cookies required for authentication and session management. We do not run third-party analytics or advertising trackers.

Contact

For privacy questions, contact Balico, LLC at the email shown on the home page.