Privacy Policy
Effective date: March 2026
PromptGuild is a small, bootstrapped platform. We collect the minimum data needed to run the service and take a straightforward position: your data belongs to you. This policy explains exactly what we collect, how we use it, and what rights you have.
1. What We Collect
When you sign in via GitHub or Google OAuth we receive your email address, display name, and profile avatar. We store only what is needed to identify your account — we do not receive your password or any private repository data.
If you purchase access, Stripe processes your payment. We never see or store your card number, expiry date, or CVV. Stripe returns a customer ID and payment status which we store to manage your access.
We collect basic usage analytics (pages visited, features used) in aggregate form to understand how the platform is being used and to improve it. This data is not tied to your identity.
2. How We Use Your Data
Your email and name are used to:
- Create and manage your PromptGuild account
- Send transactional emails (payment receipts, account notifications)
- Process your one-time payment via Stripe
- Announce significant platform changes that affect your account
We do not send marketing emails without your explicit opt-in. We do not sell, rent, or share your personal information with third parties for their own marketing purposes.
3. Third-Party Services
We use the following services to operate PromptGuild:
- Stripe — payment processing. Stripe is PCI-DSS compliant and SOC 2 certified. Their privacy policy governs how payment data is handled.
- Resend — transactional email delivery (receipts, account notices). Only your email address and name are shared.
- GitHub OAuth — authentication. We request only the minimum OAuth scopes needed to identify you (email, public profile).
- Google OAuth — authentication. We request only the minimum OAuth scopes needed to identify you (email, public profile).
- Cloudflare — CDN and DDoS protection. Server request logs (IP, user-agent, timestamp) are retained by Cloudflare per their own policies.
We do not use Google Analytics or any behavioural advertising tools.
4. Data Retention
Your account data is retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. You can delete your account yourself from Dashboard › Settings › Danger Zone, or email [email protected] and we will handle it for you.
Stripe retains payment records as required by financial regulations, independent of your PromptGuild account status. Aggregate, anonymised usage statistics may be retained indefinitely.
5. Your Rights
Regardless of where you are located, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion— request that we delete your account and personal data (GDPR “right to be forgotten”)
- Portability — receive a copy of your data in a structured, machine-readable format (e.g. JSON)
- Objection — object to processing of your data for legitimate interests
For self-service account deletion, go to Dashboard › Settings › Danger Zone.
To exercise any other right, email [email protected]. We will respond within 5 business days.
6. Cookies
We use session cookies to keep you signed in. These are HttpOnly, Secure, and scoped to promptguild.dev. They expire when you sign out or after a period of inactivity.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can clear session cookies at any time by signing out of your account.
7. Contact
Questions about this policy or your data? Email us at [email protected]. We aim to respond within 5 business days.