Privacy Policy
Last updated: 16 March 2026
This document is a draft and will be reviewed by a lawyer before being considered final.
1. Data controller
AutoPrompt (“the platform”, “we”) is operated by GUDULEA-DAVID BOGDAN P.F.A., registered at Str. 23 August, Nr. 246S, Otopeni, tax ID 43407637, registered with the Trade Registry under no. F23/702/2020. For questions about your personal data: bogdan.gudulea.david@gmail.com.
2. What data we collect
We collect and process only what is necessary to provide the service: • Account data: email address, password (stored in encrypted form by our authentication provider). • Usage data: projects you create (name, creation date), generated prompts (content you enter and the assembled result), ratings and feedback on prompts, and optionally automatic quality scores. • Technical data: session identifiers (cookies required for authentication), theme preference (light/dark) stored locally in your browser. If you consent to analytics, we may receive aggregated usage data (e.g. pages visited) through our analytics provider.
3. Purpose and legal basis
We process data for: (a) providing the platform (account, projects, prompt generation, save, rating, scoring) — legal basis: performance of contract; (b) improving the service and analysing usage (analytics) — legal basis: your consent (you can decline optional cookies); (c) complying with legal obligations — legal basis: legal obligation.
4. Who we share data with (processors)
We use providers that process data on our behalf (processors): • Supabase — database hosting and authentication (EU/US; check your project region). • Vercel — application hosting and, if you accept, analytics. • OpenAI — for the automatic prompt scoring feature (portions of content are sent for analysis). All processors are bound by data processing agreements (DPA) to confidentiality and security. For transfers outside the European Economic Area we use appropriate safeguards (e.g. standard contractual clauses).
5. Retention
We keep your data for as long as your account is active. When you delete your account, we remove associated data (projects, prompts, ratings, subscriptions) automatically. Some data may be retained in backups for a limited period for operational or legal reasons; it is then deleted.
6. Your rights (GDPR)
As a data subject you have the right to: access your data, rectification, erasure (“right to be forgotten”), restriction of processing, objection, and portability (a copy of your data in a structured format). You can delete your account directly in settings (Dashboard → Account → Delete account) and download a copy of your data (Download my data). You may lodge a complaint with a supervisory authority (e.g. in Romania: ANSPDCP).
7. Cookies and similar technologies
We use cookies necessary for the platform to work (session, authentication). Optionally we use analytics to understand how the site is used; these are only enabled with your consent. You can change your preferences at any time (Cookie preferences link in the footer).
8. Security
We take technical and organisational measures (access control, encryption, RLS policies in the database) to protect your data. Content you enter (prompts) may contain personal information; you are responsible for not entering unnecessary sensitive data.
9. Minors
The service is not intended for persons under 16. If we learn that an account was created by a minor, we will delete the associated data.