PromptHero ("we", "us", or "our") operates the website prompthero.comand the PromptHero mobile applications for iOS and Android (together, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: When you create an account, we collect your email address and username. We use passwordless authentication (magic links and one-time passwords), so we do not store passwords.
- Payment information: When you subscribe or purchase credits, payment is processed by Stripe, Inc. We store your Stripe customer ID to manage your subscription. We do not store credit card numbers, CVVs, or bank account details on our servers.
- User-generated content: Text prompts, generation parameters, and resulting AI-generated images or videos you create using the Service. Images you upload as input for AI generation (e.g. image-to-image).
- Profile information: Your username, profile picture, headline, social links, and preferred tools.
- Feedback and communications: Any feedback, support requests, or communications you send us through any medium.
1.2 Information Collected Automatically
- Device and usage data: IP address, browser type and version, operating system, device type and identifiers, screen resolution, pages visited, features used, actions taken, time spent on pages, and referring URLs.
- Location data: Approximate geographic location (city/country level) derived from your IP address. We do not collect precise GPS location data.
- Cookies and similar technologies: We use cookies and similar tracking technologies to maintain your session, remember preferences, and collect analytics data. You can control cookie settings through your browser.
- Log data: Server logs that record requests made to our Service, including timestamps, URLs, response codes, and error information.
1.3 Information From Third-Party Sources
- Authentication providers: If you sign in via Google or another OAuth provider, we receive your email address, name, and profile picture from that provider. We do not receive or store your password from these providers.
- Payment processor: Stripe provides us with transaction confirmations, subscription status updates, and payment failure notifications.
1.4 Mobile App: Device Permissions
Our mobile app may request access to specific device features. You can grant or deny these permissions at any time through your device settings.
- Photo library (read): Only when you choose to upload an image as input for AI generation (e.g. image-to-image or style transfer). We use the system photo picker, which limits access to only the photos you explicitly select. We do not access or scan your full photo library.
- Photo library (write):Only when you choose to save a generated image or video to your device gallery. We request this permission at the moment you tap "Save", not at app launch.
- Push notifications: To notify you when your AI generations are complete or to send account-related alerts. You can disable notifications at any time in your device settings.
We follow platform guidelines for both iOS (App Store) and Android (Google Play) and only request permissions that are tied to a visible feature you initiate. We do not access media, location, contacts, or other device data in the background.
1.5 Face Data
The Service does not collect, store, or process "face data" as a distinct data type. We do not perform facial recognition, face matching, face identification, or biometric analysis. We do not build or store facial templates, embeddings, faceprints, or any other data structure derived from the geometry of a face.
Some features (such as image-to-image generation) allow you to upload an image as input. Those images may contain faces. In that case:
- The image is transmitted to the third-party AI model provider fulfilling your request (see Section 15), solely to generate the output you asked for.
- The image is scanned by our content-moderation systems (see Section 4) to detect prohibited content before processing.
- The image is stored temporarily for the duration of the generation job and deleted within 24 hours. It is not linked to your account. See Section 5 for retention details.
- We do not use images containing faces to identify individuals, to train our own models, or for any purpose other than fulfilling your generation request and enforcing our safety policies.
You can avoid uploading images containing faces by not using image-to-image features.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service, including AI image and video generation
- Process transactions and manage your subscription and credits
- Send transactional communications (sign-in links, payment receipts, subscription updates, generation completion notifications)
- Personalize your experience (e.g. recommend prompts and models based on your activity and preferences)
- Moderate content to ensure compliance with our Terms of Service and applicable law
- Analyze usage trends to improve features, performance, and reliability
- Detect, prevent, and address fraud, abuse, security incidents, and technical issues
- Communicate with you about updates, new features, and promotions (you can opt out of marketing emails at any time)
- Display aggregated, anonymized user activity on our platform (e.g. trending prompts)
3. How We Share Your Information
We do not sell your personal information. We may share information in these limited circumstances:
- Service providers: Third-party companies that help us operate the Service, including Stripe (payment processing), Brevo (transactional and marketing emails), AWS (cloud infrastructure, image storage, content moderation via Rekognition), and Render (application hosting). These providers only access data necessary to perform their functions and are contractually bound to protect it.
- Third-party AI model providers: When you generate images or videos, your text prompts and any input images are transmitted to third-party AI model providers (currently Replicate, Together AI, and others). By using the generation features of the Service, you consent to this transmission. You may withdraw consent by discontinuing use of generation features. See Section 15 for full details.
- Analytics providers: We use Google Analytics and Google Tag Manager (website) and Mixpanel (mobile app) to analyze usage patterns and improve the Service. These providers receive anonymized usage data and are bound by data processing agreements.
- Public content: Prompts and images you mark as public are visible to other users and may appear in search engines. Your public profile (username, avatar, prompt count, streak) is visible to others. Private generations are only visible to you.
- Legal requirements: We may disclose information if required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of PromptHero, our users, or others.
- Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
4. Content Moderation and Safety
To keep PromptHero safe and comply with our Terms of Service, we use both automated systems and human review to moderate user-generated content:
- Automated moderation: We use AWS Rekognition (image analysis), OpenAI moderation API (text and image classification), and keyword filtering to detect potentially harmful content before and after generation.
- Input image moderation: Images you upload as generation inputs are scanned for safety before processing. Images that fail moderation are rejected and deleted within 24 hours.
- Zero tolerance: Content depicting or suggesting minors in inappropriate contexts is strictly prohibited and results in immediate account termination.
Moderation metadata (flags, confidence scores, categories) is retained for safety, compliance, and audit purposes.
5. Data Retention
- Account data: Retained for as long as your account is active.
- Generated content: Public prompts and images are retained indefinitely. Private content is retained while your account is active.
- Temporary upload files: Images uploaded as generation inputs are stored temporarily, deleted within 24 hours, and are not linked to your account in the database.
- Account deletion: If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, compliance, or legitimate business purposes. Content previously made public may persist in cached or archived forms.
- Moderation records: Retained for safety and compliance purposes even after account deletion.
6. Data Security
We implement industry-standard security measures including:
- Encryption in transit via TLS/HTTPS for all communications
- Passwordless authentication (magic links and OTPs) to eliminate password-based attacks
- Access controls and least-privilege principles for internal systems
- Secure payment processing through Stripe (PCI DSS compliant)
- Regular monitoring for unauthorized access and anomalies
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You transmit information to us at your own risk.
7. Your Rights and Choices
Depending on your location, you may have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Request deletion of your account and associated personal information
- Data portability: Request your data in a machine-readable format
- Opt out: Unsubscribe from marketing communications at any time via the link in any marketing email
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time
- Device permissions: Revoke any app permission (photo access, notifications) at any time through your device settings
To exercise these rights, contact us at hello@prompthero.com. We will respond within 30 days.
8. Children's Privacy and Age Restrictions
The Service is not intended for children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If we learn that we have inadvertently collected information from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately at hello@prompthero.com.
PromptHero is rated 18+ on both the Apple App Store and Google Play due to the potential for mature AI-generated content. We implement age restriction mechanisms to limit access to content that exceeds the app's rating for underage users.
9. International Data Transfers
Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence. By using the Service, you consent to the transfer of your information to these countries. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers.
10. Third-Party Links and Services
The Service may contain links to third-party websites or integrate with third-party services (e.g. AI model providers, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any information.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to:
- Request disclosure of the categories and specific pieces of personal information we have collected about you
- Request deletion of your personal information
- Opt out of the "sale" or "sharing" of your personal information (we do not sell personal information)
- Not be discriminated against for exercising your privacy rights
To exercise these rights, contact us at hello@prompthero.com.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal bases for processing your data include:
- Performance of a contract: Providing the Service, processing payments, managing your account
- Legitimate interests: Improving the Service, ensuring security, preventing fraud, content moderation
- Consent: Marketing communications, optional analytics cookies
- Legal obligations: Compliance with applicable laws and regulations
13. Data We Collect for App Store and Play Store Compliance
For transparency and compliance with Apple App Store and Google Play Store requirements, here is a summary of the data we collect and how it is used:
| Data Type | Collected | Purpose | Shared with Third Parties | Linked to Identity |
|---|---|---|---|---|
| Email address | Yes | Account, authentication, transactional emails | Stripe (payments), Brevo (emails) | Yes |
| Username / profile info | Yes | Public profile, community features | No (displayed publicly on platform) | Yes |
| Purchase history | Via Stripe | Subscription and credit management | Stripe (payment processing) | Yes |
| Photos/videos (uploaded as input) | Only when user initiates | Input for AI generation (image-to-image) | AI providers (Replicate, Together AI), AWS (moderation, storage) | No (deleted within 24 hours, not linked to account) |
| Photos/videos (AI-generated output) | Yes | AI generation output, stored with prompt | AWS (storage), AI providers (generation) | Yes |
| Product interaction (pages viewed, features used, prompts created) | Yes | Analytics, personalization, improving the Service | Google Analytics (web), Mixpanel (mobile) | Yes |
| Search history (on-platform) | Yes | Personalization, search improvements | No | Yes |
| Device identifiers | Yes | Analytics, fraud prevention | Google Analytics (web), Mixpanel (mobile) | No |
| IP address | Yes | Security, approximate location, analytics | Google Analytics, hosting providers | No |
| Coarse location (city/country from IP) | Yes | Analytics, content personalization | Google Analytics, Mixpanel | No |
| Push notification tokens | Yes (mobile, with permission) | Generation completion alerts, account notifications | Apple APNs / Google FCM (delivery only) | Yes |
| Crash and performance diagnostics | Yes | Bug fixing, performance monitoring | Hosting/monitoring providers | No |
| Precise location (GPS) | No | N/A | N/A | N/A |
| Contacts, calendar, or address book | No | N/A | N/A | N/A |
| Health, fitness, or biometric data | No | N/A | N/A | N/A |
| Financial information (beyond Stripe) | No | N/A | N/A | N/A |
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice (such as an in-app notification or email). Your continued use of the Service after changes become effective constitutes acceptance of the revised policy. If you do not agree with the changes, you may close your account.
15. Third-Party AI Data Sharing
PromptHero's core functionality involves sending your content to external AI systems to generate images and videos. In compliance with Apple App Store Guideline 5.1.2(i) and Google Play data disclosure requirements, this section provides full transparency about that process.
- What data is sent: When you submit a generation request, your text prompt, selected model parameters, and any image you upload as input are transmitted to the relevant third-party AI model provider to fulfill the request.
- Who receives it: Current providers include Replicate, Inc. and Together AI, Inc. This list may change as we integrate new models; we will update this section accordingly.
- Why: This transmission is necessary to generate the image or video you requested. Without it, the generation features of the Service cannot function.
- Your control: You may decline this data sharing by not using generation features. Account data (profile, billing) is not transmitted to AI model providers. Only the content directly required for generation (prompt text, parameters, and input images) is sent.
16. In-App Account Deletion
In compliance with Apple App Store and Google Play requirements, you can delete your account directly within the PromptHero app by navigating to Settings → Account → Delete Account. You can also delete your account on the website at prompthero.com/account/settings.
Initiating deletion will permanently remove your account and associated personal data within 30 days, subject to the retention exceptions described in Section 5. If you have an active paid subscription, you will be prompted to cancel it before deletion proceeds.
17. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
- Email: hello@prompthero.com
- Website: https://prompthero.com
PromptHero is incorporated in Delaware, USA. This policy is governed by the laws of Delaware, regardless of where you access the Service from.