The Prompt Index ("we" or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our free AI prompt resource website. Please read this policy carefully.
Information We Collect
We collect minimal information necessary to provide our services:
- Account Information: Username and email address when you create an account
- Password: Securely hashed and stored
- Usage Data: How you interact with our website (such as prompts viewed, submissions made, and upvotes)
- Basic Device Information: Browser type and version to ensure proper website functionality
- IP Address: When you agree to our Terms of Service for specific features (such as our AI T-shirt design tool), we collect and store your IP address for verification purposes and to maintain a record of consent
Submitted Prompts and Public Discoverability
When you submit a prompt to our platform, we collect and process the following information with your explicit consent:
- Prompt Content: The full text of your submitted prompt, including any variables, instructions, and technical configurations
- Author Information: Your username or custom author name
- Submission Metadata: Category, title, recommended models, temperature settings, max tokens, and additional notes
- Consent Records: Documentation of your consent to make your prompt publicly discoverable, including timestamp, IP address, and user agent
Legal Basis for Processing
We process your submitted prompts based on your explicit consent (GDPR Article 6(1)(a)). Before submitting a prompt, you must actively consent to making it publicly discoverable. This consent is:
- Freely Given: You can choose not to submit prompts without affecting your ability to use other features
- Specific: Consent is specifically for making submitted prompts publicly discoverable
- Informed: We clearly explain what public discoverability means before you consent
- Unambiguous: Requires an active opt-in checkbox that is unchecked by default
What Public Discoverability Means
When you consent to submit a prompt, it becomes publicly discoverable, which means:
- Your prompt will be displayed in our public database
- Anyone can find your prompt through our search functionality
- Your username or custom author name will be publicly visible
- Your prompt may appear in search engine results
- Other users can view, copy, and use your prompt
Information We Collect via the Chrome Extension
When you use The Prompt Index Chrome Extension, we may collect the following additional information:
- Authentication Information: Username and password to verify your identity and manage your session.
- Website Content: AI-generated prompts that you save and manage using the extension.
- Storage: Local storage to remember your session and preferences.
How We Use Your Information
We use your information to:
- Manage your account and provide access to our services
- Enable features such as prompt submission and upvoting
- Send important updates about our service
- Improve our website and user experience
- Maintain the security of our platform
- Respond to user inquiries and provide support
- Display submitted prompts publicly when you have provided explicit consent
- Maintain records of consent for compliance with legal obligations
Data Retention
We retain different types of information for varying periods:
- Account information: Retained as long as your account remains active
- IP addresses: Stored in connection with Terms of Service agreements for the AI T-shirt design tool to provide evidence of consent and for fraud prevention purposes
- Usage data: May be retained in aggregated, anonymized format for analytical purposes
- Submitted Prompts: Retained while your account is active and for 30 days after account deletion, unless you specifically request earlier deletion
- Consent Records: Retained for 3 years after consent is withdrawn to comply with legal obligations and demonstrate GDPR compliance
We offer several AI-powered tools that process your data through third-party services. Below, you'll find detailed information about each tool, what data is processed, and how your privacy is protected.
AI Humanizer Tool
What Data is Sent to OpenAI
When you use our AI Humanizer tool, your input text is sent to OpenAI Inc. (United States) for processing using their GPT language model. This is necessary to provide the humanization service.
🔒 How Your Data is Protected
- Retention: OpenAI retains API data for 30 days (abuse prevention only), then permanently deletes it
- Training: OpenAI does NOT use API data to train or improve their models
- Security: All data transfers use TLS 1.3 encryption
- Location: Data is processed in OpenAI's US data centers
Legal Basis for International Transfer (UK/EU to USA)
We transfer your data to OpenAI in the United States based on:
- Your explicit consent (requested before first use)
- Standard Contractual Clauses (SCCs) - EU Commission approved transfer mechanism
- UK International Data Transfer Agreement (IDTA) - UK ICO approved transfer mechanism
- Data Processing Agreement (DPA) with OpenAI ensuring GDPR compliance
Your Rights Regarding OpenAI Processing
You can:
- Withdraw consent at any time (this will prevent use of the AI Humanizer tool)
- Object to processing in the United States
- Request deletion of your data from OpenAI (within their 30-day retention period)
OpenAI's Privacy Policy: openai.com/policies/privacy-policy
OpenAI's API Data Usage: openai.com/policies/api-data-usage-policies
Data Retention - AI Humanizer
| Data Type |
Retention Period |
Reason |
| Humanization History (Basic plan) |
30 days (auto-deleted) |
Service feature |
| Humanization History (Pro plan) |
Until you delete it |
Service feature |
| Usage statistics |
13 months |
Subscription management |
| OpenAI processing |
30 days (abuse prevention) |
OpenAI API policy |
| Error logs |
30 days (auto-deleted) |
Security & debugging |
| Consent records |
3 years after withdrawal |
Legal compliance |
Prompt Optimizer Tool
What Data is Processed
When you use our Prompt Optimizer tool, the following data is processed:
- Input prompts: Your original prompt text is sent to OpenAI Inc. (United States) for optimization processing
- Custom instructions: Any custom framework instructions you provide are sent to OpenAI
- Usage statistics: We track daily usage counts to enforce tier limits (stored for 13 months)
🔒 Data Storage & Privacy
- Your prompts are NOT stored: We do not save your input prompts or optimized outputs to our servers
- Local browser storage only: Prompt history (last 10) is stored locally in your browser for convenience - you can clear this anytime
- OpenAI retention: OpenAI retains API data for 30 days (abuse prevention only), then permanently deletes it
- No training use: OpenAI does NOT use Prompt Optimizer data to train or improve their models
- Encryption: All data transfers use TLS 1.3 encryption
Legal Basis for International Transfer (UK/EU to USA)
We transfer your prompt data to OpenAI in the United States based on:
- Your explicit consent (requested before first use)
- Standard Contractual Clauses (SCCs) - EU Commission approved transfer mechanism
- UK International Data Transfer Agreement (IDTA) - UK ICO approved transfer mechanism
- Data Processing Agreement (DPA) with OpenAI ensuring GDPR compliance
Your Rights
You can:
- Withdraw consent at any time (this will prevent use of the Prompt Optimizer tool)
- Object to processing in the United States
- Clear local history using the "Clear All" button or your browser settings
- Request deletion of your usage statistics (contact us at steve@thepromptindex.com)
OpenAI's Privacy Policy: openai.com/policies/privacy-policy
OpenAI's API Data Usage: openai.com/policies/api-data-usage-policies
Data Retention - Prompt Optimizer
| Data Type |
Retention Period |
Reason |
| Input prompts |
Not stored (processed in real-time only) |
Privacy by design |
| Optimized outputs |
Not stored (processed in real-time only) |
Privacy by design |
| Browser history (optional) |
Until you clear browser data |
Convenience feature (local storage) |
| Usage statistics |
13 months |
Tier limit enforcement |
| OpenAI processing |
30 days (abuse prevention) |
OpenAI API policy |
| Error logs |
30 days (auto-deleted) |
Security & debugging |
| Consent records |
3 years after withdrawal |
Legal compliance |
Persona Studio Tool
What Data is Collected and Processed
When you use our Persona Studio tool, we collect and process the following data:
- Chat messages: Your messages sent to AI personas are sent to OpenAI Inc. (United States) for AI response generation
- Chat history: For logged-in users only - conversation history is stored on our UK servers
- Personas you create: Name, description, avatar image, system prompts, tags, and conversation starters
- Usage statistics: We track daily chat counts to enforce tier limits
- Persona metadata: Chat counts, creation dates, and approval status for submitted personas
🔒 How Your Data is Protected
- Retention: OpenAI retains API data for 30 days (abuse prevention only), then permanently deletes it
- Training: OpenAI does NOT use API data to train or improve their models
- Security: All data transfers use TLS 1.3 encryption
- Location: Chat messages are processed in OpenAI's US data centers; chat history stored on our UK servers
- Chat History: Stored while your account is active; automatically deleted after 24 months of inactivity
- Guest Users: Non-logged-in users' chat messages are NOT stored in our database - conversations exist only during the browser session
Legal Basis for International Transfer (UK/EU to USA)
We transfer your chat data to OpenAI in the United States based on:
- Your explicit consent (requested before first use for logged-in users)
- Standard Contractual Clauses (SCCs) - EU Commission approved transfer mechanism
- UK International Data Transfer Agreement (IDTA) - UK ICO approved transfer mechanism
- Data Processing Agreement (DPA) with OpenAI ensuring GDPR compliance
Your Rights Regarding Persona Studio
You can:
- Withdraw consent at any time (this will prevent use of the Persona Studio chat tool)
- Delete individual chats using the trash icon in chat history
- Delete all chats using the "Delete All" button in the history modal
- Delete personas you've created at any time from your My Personas dashboard
- Set personas to private instead of public if you don't want them visible to others
- Object to processing in the United States
- Request deletion of your data from OpenAI (within their 30-day retention period)
OpenAI's Privacy Policy: openai.com/policies/privacy-policy
OpenAI's API Data Usage: openai.com/policies/api-data-usage-policies
Guest Users (Not Logged In)
Important: If you use Persona Studio without logging in:
- Your chat messages are still sent to OpenAI for AI response generation
- We do NOT save your chat history to our database
- Conversations exist only during your current browser session
- No long-term data retention occurs for guest users
- You are limited to 5 chats per day
Public Persona Submission
When you submit a persona for public approval, you consent to:
- Making your persona publicly visible to all users if approved by our moderation team
- Your persona name, description, avatar, and tags being displayed publicly
- Other users being able to chat with your persona
- Your username being credited as the creator
- Your persona appearing in search results and leaderboards
Note: You can set personas to "private" instead of submitting for public approval. Private personas are only visible to you and do not require publication consent.
Data Retention - Persona Studio
| Data Type |
Retention Period |
Reason |
| Chat history (logged-in users) |
While account is active; auto-deleted after 24 months of inactivity |
Service feature |
| Chat messages (guest users) |
Not stored (session only) |
Privacy by design |
| Personas (private) |
Until you delete them |
Service feature |
| Personas (public/approved) |
Until you delete them or account deletion |
Public service feature |
| Usage statistics |
13 months |
Tier limit enforcement |
| OpenAI processing |
30 days (abuse prevention) |
OpenAI API policy |
| Error logs |
30 days (auto-deleted) |
Security & debugging |
| Consent records |
3 years after withdrawal |
Legal compliance |
Special Category Data Warning
⚠️ Important Privacy Notice
Do NOT share sensitive personal information in chats, including:
- Health or medical information
- Racial or ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic or biometric data
- Sexual orientation
If you share such data, it will be processed under your explicit consent (GDPR Article 9).
Voice Recorder & Transcription Tool
What Data is Collected and Processed
When you use our Voice Recorder tool, we collect and process the following data:
- Audio recordings: Voice or uploaded audio files sent to OpenAI Inc. (United States) for transcription
- Transcriptions: Full text transcription of your audio
- AI-generated summaries: Summaries and tags created by AI analysis
- Usage statistics: Daily recording counts to enforce tier limits
- Metadata: Recording title, language, duration, file size, timestamps
🔒 How Your Data is Protected
- Retention: OpenAI retains audio data for 30 days (abuse prevention only), then permanently deletes it
- Training: OpenAI does NOT use your recordings to train or improve their models
- Security: All data transfers use TLS 1.3 encryption
- Location: Audio processing occurs in OpenAI's US data centers; transcriptions stored on our UK servers
- Guest users: Recordings automatically deleted after 24 hours
- Basic plan users: Recordings automatically deleted after 30 days
- Pro plan users: Recordings retained until you delete them
Legal Basis for International Transfer (UK/EU to USA)
We transfer your audio data to OpenAI in the United States based on:
- Your explicit consent (requested before first use)
- Standard Contractual Clauses (SCCs) - EU Commission approved transfer mechanism
- UK International Data Transfer Agreement (IDTA) - UK ICO approved transfer mechanism
- Data Processing Agreement (DPA) with OpenAI ensuring GDPR compliance
Guest Users (Not Logged In)
Important: If you use Voice Recorder without logging in:
- Your recordings are still sent to OpenAI for transcription and AI processing
- Recordings are automatically deleted after 24 hours
- You cannot access recording history after your browser session ends
- Daily usage tracked via browser fingerprint (IP address + User Agent hash)
- You are limited to 1 recording per day
To save your recordings permanently, please create a free account.
Your Rights Regarding Voice Recorder
You can:
- Withdraw consent at any time (this will prevent future use of the Voice Recorder)
- Delete individual recordings: Use the trash icon in the note list
- Export recordings: Download audio files and transcriptions
- Object to processing in the United States
- Request deletion of your data from OpenAI (within their 30-day retention period)
OpenAI's Privacy Policy: openai.com/policies/privacy-policy
OpenAI's API Data Usage: openai.com/policies/api-data-usage-policies
Data Retention - Voice Recorder
| Data Type |
Retention Period |
Reason |
| Audio files (guest users) |
24 hours (auto-deleted) |
GDPR data minimization |
| Recordings & transcriptions (Basic plan) |
30 days (auto-deleted) |
Service feature |
| Recordings & transcriptions (Pro plan) |
Until you delete them |
Service feature |
| Usage statistics |
13 months |
Tier limit enforcement |
| OpenAI processing |
30 days (abuse prevention) |
OpenAI API policy |
| Error logs |
30 days (auto-deleted) |
Security & debugging |
| Consent records |
3 years after withdrawal |
Legal compliance |
Special Category Data Warning
⚠️ Important Privacy Notice
Do NOT record sensitive personal information, including:
- Health or medical information
- Racial or ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic or biometric data
- Sexual orientation
If you record such data, it will be processed under your explicit consent (GDPR Article 9).
Prompt Builder Tool
What Data is Collected and Processed
When you use our Prompt Builder tool, we collect and process the following data:
- Workflow content: Workflow names, descriptions, and content (may contain information you choose to include)
- Collaboration data: Email addresses when you share workflows with collaborators
- Activity logs: IP addresses and browser information for security and activity logging (only collected with your explicit consent)
- OpenRouter API key: Temporarily stored in your browser session if you choose to connect your account for testing (never stored on our servers)
- AI Fill processing: Workflow descriptions and structure sent to OpenAI Inc. (United States) when you use the AI Fill feature
🔒 How Your Data is Protected
- Workflow storage: Workflows are saved to sync across your devices and enable collaboration features
- OpenAI retention: OpenAI retains AI Fill data for 30 days (abuse prevention only), then permanently deletes it
- Training: OpenAI does NOT use API data to train or improve their models
- Security: All data transfers use TLS 1.3 encryption
- OpenRouter (Optional): Your API key is stored only in your browser session and deleted when you log out
- Activity logging: Only collected with your explicit consent and can be withdrawn at any time
How We Use This Data
- To save and sync your workflow projects across devices
- To enable collaboration features when you share workflows
- To provide the AI Fill feature via OpenAI's API
- To allow optional testing via OpenRouter (if you connect your account)
- To maintain security and detect unauthorized access (with consent)
International Data Transfers
OpenAI (United States): When you use the AI Fill feature, your workflow description and structure are sent to OpenAI's servers in the United States. This processing is covered by:
- Data Processing Agreement (DPA) with OpenAI ensuring GDPR compliance
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Addendum (IDTA) approved by the UK ICO
- Your explicit consent (requested before first use)
Important: OpenAI does not use your data to train their models.
OpenRouter (United States) - Optional: If you connect your OpenRouter account, test prompts are sent to OpenRouter's API in the United States. This is optional and only occurs when you explicitly test prompts. Your OpenRouter API key is stored only in your browser session and deleted when you disconnect or close your browser.
Your Rights Regarding Prompt Builder
You can:
- Export workflows: Download your workflows in JSON format at any time
- Delete workflows: Remove individual workflows or your entire workflow library
- Withdraw consent: Stop activity logging at any time (this will not affect workflow functionality)
- Request deletion: Request deletion of all Prompt Builder data including workflows and activity logs
- Access logs: View all activity logs related to your workflows
- Manage sharing: Control who has access to your workflows and revoke sharing at any time
- Disconnect OpenRouter: Your API key is immediately deleted when you disconnect or close your browser
Third-Party Processors
Data Retention - Prompt Builder
| Data Type |
Retention Period |
Reason |
| Workflows |
While account is active and 90 days after account deletion |
Service feature & recovery period |
| Activity logs |
12 months |
Security purposes |
| Share records |
While share link is active and 30 days after expiration |
Collaboration feature |
| OpenRouter API key |
Deleted immediately when you disconnect or close browser session |
Privacy by design (browser-only storage) |
| OpenAI processing (AI Fill) |
30 days (abuse prevention) |
OpenAI API policy |
| Consent records |
3 years after withdrawal |
Legal compliance |
StyleForge - CSS Framework Generator
What Data is Collected and Processed
When you use our StyleForge tool (login required), we collect and process the following data:
- Design descriptions: Your text descriptions of desired UI/UX designs sent to OpenAI Inc. (United States) for HTML/CSS generation
- Customization settings: Your chosen colors, typography, layout preferences, visual effects, and other design parameters
- Usage statistics: Monthly generation counts to enforce tier limits (retained indefinitely)
🔒 How Your Data is Protected
- No content storage: We do NOT save your prompts or generated HTML/CSS code to our servers
- Session-only processing: Generated frameworks exist only in your browser during the session
- OpenAI retention: OpenAI retains API data for 30 days (abuse prevention only), then permanently deletes it
- No training use: OpenAI does NOT use your design descriptions to train or improve their models
- Encryption: All data transfers use TLS 1.3 encryption
- Privacy by design: Generated code is NOT stored server-side - only usage counts are tracked
Legal Basis for International Transfer (UK/EU to USA)
We transfer your design prompts to OpenAI in the United States based on:
- Your explicit consent (requested before first use)
- Standard Contractual Clauses (SCCs) - EU Commission approved transfer mechanism
- UK International Data Transfer Agreement (IDTA) - UK ICO approved transfer mechanism
- Data Processing Agreement (DPA) with OpenAI ensuring GDPR compliance
Your Rights Regarding StyleForge
You can:
- Withdraw consent at any time (this will prevent future use of StyleForge)
- Download generated code directly from your browser before closing the session
- Request deletion of usage statistics (contact us at steve@thepromptindex.com)
- Object to processing in the United States
- Request deletion of your data from OpenAI (within their 30-day retention period)
Note: Since StyleForge does not store your generated designs, there is no design history to delete. Once you close your browser, the generated frameworks are permanently lost unless you download them.
OpenAI's Privacy Policy: openai.com/policies/privacy-policy
OpenAI's API Data Usage: openai.com/policies/api-data-usage-policies
Data Retention - StyleForge
| Data Type |
Retention Period |
Reason |
| Design prompts |
Not stored (processed in real-time only) |
Privacy by design |
| Generated HTML/CSS |
Not stored (browser session only) |
Privacy by design |
| Custom settings |
Not stored (processed in real-time only) |
Privacy by design |
| Usage statistics |
Retained indefinitely while account is active |
Tier limit enforcement |
| OpenAI processing |
30 days (abuse prevention) |
OpenAI API policy |
| Error logs |
30 days (auto-deleted) |
Security & debugging |
| Consent records |
3 years after withdrawal |
Legal compliance |
Important Privacy Notice
💡 Data Minimization
StyleForge is designed with privacy-first principles. Your creative work (prompts and generated designs) is NEVER stored on our servers. This means:
- No design history to browse or manage
- No risk of unauthorized access to your creative work
- Generated designs exist only during your browser session
- Remember to download your designs before closing your browser!
AI Writing Assistant Tool
Data We Collect
- Document Content: Text you create or upload, including any personal data you choose to include
- Chat History: Your interactions with the AI assistant
- Usage Data: Timestamps, AI token usage, document counts
- Version History: Previous versions of your documents (limited to last 10 versions)
- Sharing Data: When you share documents - share tokens, passwords (hashed), access logs
How We Use Your Data
- AI Processing: Document content is sent to OpenAI's API for processing to provide writing assistance
- Service Delivery: To save your documents and maintain version history
- Usage Limits: To enforce subscription tier limits
- Service Improvement: Aggregated, anonymized usage statistics only
AI Provider Information
We use OpenAI (GPT models) to power this tool. Key points:
- Your data is NOT used to train OpenAI's models
- We have a Data Processing Agreement (DPA) with OpenAI
- Data is transferred to OpenAI servers (US-based) for processing
- OpenAI retains data for 30 days for abuse monitoring, then deletes it
- OpenAI Privacy Policy
Data Storage & Location
- UK Server: Document metadata, user information (Hostinger)
- US Servers: AI processing via OpenAI API
- International Transfers: Protected by EU Standard Contractual Clauses (SCCs) and UK IDTA
Data Retention
- Documents: Retained until you delete them
- Version History: Last 10 versions per document
- Usage Logs: 2 years, then automatically deleted
- Share Links: Until expiration date or manual deletion
Your Rights
- Access: Export all your data via account settings
- Deletion: Delete individual documents or all tool data
- Rectification: Edit your documents at any time
- Portability: Download your data in JSON format
- Withdraw Consent: Stop using AI features in account settings
- Object: Contact us to object to processing
Security Measures
- TLS/SSL encryption for data in transit
- Secure session management with HTTP-only cookies
- CSRF protection on all endpoints
- Password hashing for shared documents
- Regular security updates and monitoring
Consent
Before using AI features, you must explicitly consent to:
- Processing of your document content by AI
- Transfer of data to OpenAI (US)
- Storage of chat history and usage data
You can withdraw consent at any time in your account settings, which will disable AI features but preserve your documents.
AI Labs / AI Playground
What This Tool Does
AI Labs allows you to connect your personal OpenRouter account to test and compare different AI models. You authenticate directly with OpenRouter using their OAuth system.
Data We Process
| Data Type |
Purpose |
Storage Location |
Retention |
| OpenRouter API Key |
To make requests on your behalf |
Server session (encrypted) |
Until logout or session expiry |
| Prompts & Messages |
To send to AI models via OpenRouter |
Browser memory only (not stored on our servers) |
Cleared on page refresh |
| Model Parameters |
To configure AI responses |
Browser memory only |
Cleared on page refresh |
| Consent Record |
To demonstrate your agreement |
Our database (UK servers) |
Until you withdraw consent or delete account |
Data Flow
When you send a prompt:
- Your prompt is sent from your browser to our UK-based servers
- Our server forwards the prompt to OpenRouter (US-based) using your API key
- OpenRouter processes the request with your chosen AI model
- The response returns through our server to your browser
- We do not store your prompts or responses - they exist only in transit and in your browser memory
Third-Party Data Sharing
Your prompts are transmitted to:
- OpenRouter (openrouter.ai) - AI routing service based in the United States. OpenRouter then sends your prompts to the AI model provider you select (e.g., OpenAI, Anthropic, Google). Please review OpenRouter's Privacy Policy.
International Data Transfers
Your prompts are transferred to OpenRouter in the United States. This transfer is necessary to provide the service and is covered by:
- Your explicit consent when connecting to OpenRouter
- The necessity of transfer to perform the service you requested
Legal Basis for Processing (GDPR)
- Consent (Article 6(1)(a)) - You explicitly consent before connecting to OpenRouter
- Contract (Article 6(1)(b)) - Processing necessary to provide the service you requested
Your Rights for This Tool
- Withdraw Consent: Disconnect from OpenRouter at any time using the "Disconnect" button
- Data Deletion: Your prompts are not stored. Refresh the page to clear browser memory. Your consent record can be deleted upon request.
- Access: Contact us to receive a copy of your consent record
What We Don't Do
- We do not store your prompts or AI responses
- We do not train AI models on your data
- We do not have access to your OpenRouter account beyond the session
- We do not share your data with any party other than OpenRouter (which you connect to directly)
When you use our PDF text extraction (OCR) tool, we process your data as follows:
Data We Collect
| Data Type |
Purpose |
Retention |
Legal Basis |
| Uploaded PDF files |
Text and image extraction |
Deleted within 60 minutes |
Consent |
| Extracted text and images |
Providing download to you |
Deleted within 60 minutes |
Consent |
| Usage records (anonymized) |
Rate limiting, service improvement |
6 months |
Legitimate interest |
Third-Party Processing
Your uploaded PDF files are sent to Mistral AI (based in France, EU) for OCR processing. Mistral AI:
- Operates under a Data Processing Agreement
- Does not use your documents to train their AI models
- May retain data temporarily for troubleshooting and analytics as per their DPA
- Processes data within the EU (France)
International Transfers
Your data may be transferred from the UK to the EU (France) for processing by Mistral AI. This transfer is protected by the UK adequacy decision for the EU, meaning the EU is recognized as providing adequate data protection standards.
Your Rights for OCR Data
You can:
- Withdraw consent at any time (this will prevent future use of the tool)
- Request deletion of your usage records
- Access your usage history
To exercise these rights, contact us at [your email] or use the consent management options in your account settings.
Data Security
- Files are stored in non-web-accessible directories
- Download links require secure session tokens
- Automatic deletion after 60 minutes
- No permanent storage of document content
AI Agent Rooms
What Data We Collect
When you use AI Agent Rooms, we collect and process:
- Persona Data: Names, descriptions, and system prompts you create for AI personas
- Knowledge Files: Documents you upload to enhance persona capabilities (PDFs, text files, etc.)
- Room Data: Room names, descriptions, and configuration settings
- Conversation Data: Messages you send and AI-generated responses within rooms
How We Process Your Data
| Data Type |
Processing Activity |
Legal Basis |
| Persona prompts & messages |
Sent to OpenAI for AI response generation |
Consent (Article 6(1)(a) UK/EU GDPR) |
| Knowledge files |
Uploaded to OpenAI, converted to vector embeddings for retrieval |
Consent (Article 6(1)(a) UK/EU GDPR) |
| Conversations |
Stored in our UK database for your continued access |
Contract performance (Article 6(1)(b) UK/EU GDPR) |
Third-Party AI Processing (OpenAI)
AI Agent Rooms uses OpenAI's API to power AI responses. When you use this tool:
- Your messages and persona configurations are sent to OpenAI's servers in the United States
- Uploaded files are processed and stored by OpenAI as vector embeddings
- OpenAI acts as our data processor under a Data Processing Agreement (DPA)
- OpenAI does NOT train their models on your data - we have opted out of training data usage
OpenAI's privacy practices: OpenAI Privacy Policy
International Data Transfers
Your data is transferred to the United States (OpenAI) under:
- EU Standard Contractual Clauses (SCCs) as approved by the European Commission
- UK International Data Transfer Addendum (IDTA) to the EU SCCs
These mechanisms ensure your data receives adequate protection when transferred outside the UK/EEA.
Data Retention
- Personas: Retained until you delete them or your account
- Knowledge Files: Stored by OpenAI until you delete the associated persona
- Conversations: Retained until you clear them or delete the room
- Consent Records: Retained for 7 years for legal compliance
Your Rights for This Tool
You can exercise the following rights directly within the tool:
- Delete: Remove personas, rooms, and conversations using the delete buttons in the interface
- Access: View all your stored data within the tool interface
- Withdraw Consent: Contact us to withdraw AI processing consent (this will disable your access to Agent Rooms)
For data export requests or complete account deletion, contact us at [your email].
Stripe Payment Processing
Subscription payments are processed by Stripe Inc. (USA). We do not store your payment card details on our servers. Stripe processes payments on our behalf under their Data Processing Agreement.
Stripe's Privacy Policy: stripe.com/privacy
Legal Basis for Processing
We process your personal information on the following legal grounds:
- Performance of contract: To provide you with access to our services
- Legitimate interest: To improve our services and ensure security
- Consent: When you explicitly agree to certain data processing activities
- Legal obligation: When required by applicable law
Information Sharing
We do not sell, rent, or trade your personal information. We only share your information in the following limited circumstances:
- When required by law or to protect our legal rights
- To protect against misuse or unauthorized use of our website
- With service providers who assist in our operations (always with appropriate data protection agreements in place)
- Public Display: Submitted prompts and associated author information are displayed publicly when you have provided explicit consent for public discoverability
Cookie Usage
We use cookies to:
- Keep you logged in to your account
- Remember your preferences
- Understand how our website is used
- Improve our services
Your Rights Under UK GDPR
As a data subject, you have the following rights:
1. Right of Access (Article 15)
What it means: You can request a copy of all your personal data.
How to exercise: In the AI Humanizer History panel, click the download icon to export your data as JSON.
2. Right to Erasure / "Right to be Forgotten" (Article 17)
What it means: You can request deletion of your personal data.
How to exercise: In the AI Humanizer History panel, use the trash icon to delete individual items or all history. In Persona Studio, use the trash icon in chat history or delete personas from My Personas dashboard. For full account deletion, contact us at steve@thepromptindex.com.
3. Right to Withdraw Consent (Article 7(3))
What it means: You can withdraw consent for AI processing or analytics at any time.
Effect: Withdrawing OpenAI consent will prevent use of AI-powered tools (AI Humanizer, Prompt Optimizer, Persona Studio, Prompt Builder, etc.). Withdrawing analytics consent will stop cookie tracking.
How to exercise: Manage consent in your cookie settings or account preferences.
4. Right to Data Portability (Article 20)
What it means: You can receive your data in a machine-readable format (JSON).
How to exercise: Use the export feature in the AI Humanizer History panel or contact us at steve@thepromptindex.com to request export of your Persona Studio data (personas and chat history).
5. Right to Object (Article 21)
What it means: You can object to processing based on legitimate interests.
How to exercise: Contact us at steve@thepromptindex.com.
6. Right to Rectification (Article 16)
What it means: You can correct inaccurate personal data.
How to exercise: Update your account information in account settings.
Response Time: We respond to all rights requests within 1 month. For complex requests, we may extend this by 2 months and will notify you.
Contact for Rights Requests: steve@thepromptindex.com
Security Measures
We protect your data using industry-standard security measures:
- Encryption in transit: TLS 1.3 (HTTPS) for all connections
- Encryption at rest: Database encryption for stored data
- Session security: HttpOnly, Secure, SameSite=Strict cookies
- CSRF protection: Token-based validation on all state-changing requests
- Password security: Bcrypt hashing
- Access controls: Role-based access to administrative functions
- Regular audits: Security reviews and vulnerability scanning
- Privacy by design: Input text is NOT stored (processed in real-time only)
Your Rights Regarding Submitted Prompts
For submitted prompts, you have the following specific rights:
- Right to Withdraw Consent: You can withdraw your consent at any time by deleting your submitted prompts from your account dashboard
- Right to Deletion: You can request deletion of your submitted prompts at any time. We will process deletion requests within 7 days
- Right to Access: You can view all your submitted prompts in your account dashboard
- Right to Data Portability: You can download copies of your submitted prompts
To exercise these rights, visit your account dashboard or contact us at steve@thepromptindex.com.
Effective Date: March 14, 2025