Effective May 14, 2026 · Last updated May 14, 2026

Privacy Policy

We collect the minimum information needed to deliver your products and run a working business. We do not sell your data, and we do not track you across the web. This policy explains what we collect, why, how long we keep it, and the rights you have under GDPR and CCPA.

1. Introduction

Promptos is an independent digital products company. This Privacy Policy describes how we collect, use, store, and share personal information when you visit promptos.store, purchase a product, or contact us. By using the website or buying a product, you accept this Policy.

2. Information We Collect

Information you provide directly

  • Order information. Name, email address, billing address, and payment information. Payment information is processed by Shopify Payments, Stripe, PayPal, Apple Pay, Google Pay, or Shop Pay. We do not store full card numbers on our servers.
  • Account information. If you create an account, we store your email and a hashed password.
  • Communication. Email content and metadata when you contact support or reply to a newsletter.
  • Newsletter signups. Email address only.

Information collected automatically

  • Server logs. IP address, user-agent string, requested URL, timestamp, referring URL. Retained for 30 days for security and abuse detection.
  • Analytics. Aggregated, anonymized usage data (pageviews, country-level geography, device class) via a privacy-respecting analytics provider. No cross-site tracking, no persistent fingerprinting.
  • Cookies. See Cookie Policy for the full list.

3. How We Use Information

  • Order fulfillment. Deliver products, send receipts, handle refunds.
  • Customer support. Respond to your messages and resolve issues.
  • Product updates. Notify you when a product you bought is updated (you can opt out).
  • Newsletter. Send the Tuesday email if you opted in.
  • Marketing. Only with opt-in. You can unsubscribe at any time.
  • Security and fraud prevention. Detect and prevent abuse of the service.
  • Legal compliance. Meet tax, accounting, and other legal obligations.

4. Legal Basis for Processing (GDPR)

For visitors in the European Economic Area and the UK, we rely on the following lawful bases:

  • Contract performance. To deliver the products you purchased.
  • Legitimate interest. Operating a working business, including limited analytics, security, and fraud prevention.
  • Consent. Marketing emails and non-essential cookies, where you have opted in.
  • Legal obligation. Tax records, accounting, responding to lawful requests.

5. Sharing and Disclosure

We share information only as needed and only with the categories of recipients below.

Service providers

  • Shopify. E-commerce platform, order processing, payment intake.
  • Cloudflare / Oxygen. Hosting and content delivery.
  • Email service provider. Transactional and newsletter email delivery.
  • Analytics provider. Aggregated, anonymized usage statistics.

Each service provider is contractually required to protect your information.

Legal requirements

We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of Promptos, our customers, or others.

Business transfers

If Promptos is acquired or merged, your information may be transferred to the successor entity, subject to the same protections set out in this Policy.

With your consent

For any sharing outside the above categories, we will ask you first.

6. Data Retention

  • Order records. Retained for 7 years to meet tax and accounting obligations.
  • Account data. Retained while your account is active. Deleted within 30 days of account closure request.
  • Server logs. 30 days.
  • Newsletter list. Until you unsubscribe.

7. Your Rights (GDPR)

If you are in the European Economic Area or UK, you have the right to:

  • Access. Request a copy of the personal information we hold about you.
  • Rectification. Ask us to correct inaccurate information.
  • Erasure. Ask us to delete your personal information (subject to legal retention requirements).
  • Restriction. Ask us to limit how we use your information.
  • Portability. Receive your information in a structured, machine-readable format.
  • Objection. Object to processing based on legitimate interest.
  • Withdraw consent. Where processing is based on consent, withdraw at any time.
  • Complain to a supervisory authority. You may also lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@promptos.store. We respond within 30 days.

8. Your Rights (CCPA)

If you are a California resident, you have the right to:

  • Know. Request the categories and specific pieces of personal information we have collected.
  • Delete. Request deletion of your personal information.
  • Opt-out of sale. Promptos does not sell your personal information, so this right is automatically respected.
  • Non-discrimination. We will not discriminate against you for exercising your rights.

To exercise these rights, email privacy@promptos.store.

9. International Data Transfers

Personal information may be transferred to and processed in countries other than your own. When we transfer EU/UK personal data outside of those jurisdictions, we rely on appropriate safeguards including Standard Contractual Clauses.

10. Children's Privacy

Promptos is intended for users aged 16 and over. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, contact us at privacy@promptos.store and we will delete it.

11. Security

We use industry-standard security measures including HTTPS, encrypted storage, principle-of-least-privilege access controls, and regular security reviews. No system is perfectly secure; we will notify affected users of any breach as required by applicable law.

12. Cookies and Tracking

We use a small number of essential and analytics cookies. We do not use cross-site advertising or behavioural-targeting cookies. See the Cookie Policy for the full list and how to manage your preferences.

13. Third-Party Links

Our website may contain links to third-party sites (such as Shopify checkout, model providers, or external articles). This Policy does not apply to those sites. Review the privacy policies of any third-party site you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to active customers and posted on this page with a revised effective date.

15. Contact

For privacy questions or to exercise your rights, email privacy@promptos.store. For all other support requests, email support@promptos.store.