Legal

Privacy Policy

Effective May 1, 2025. Plain language. No surprises.

Overview

PromptLab, Inc. ("PromptLab," "we," or "us") operates the PromptLab platform, including promptlab.dev and related APIs. This Privacy Policy explains what data we collect, why we collect it, and how it is used. We believe privacy should be simple, so we keep this document as short and direct as possible.

What We Collect

  • Account dataName, work email, company name, and role — provided when you sign up.
  • Usage dataPages visited, features used, API call frequency, and error logs. Collected automatically.
  • Prompt contentPrompts you create, edit, and deploy are stored on our infrastructure to power version control and deployment features.
  • Billing dataPayment information is processed by Stripe. We never store raw card numbers.
  • Device & browser dataIP address, browser type, and OS — used to detect abuse and improve reliability.

How We Use Your Data

  • To provide the serviceVersioning, deployment, and analytics features require storing your prompts and configuration.
  • To improve the platformAggregate, anonymised usage data helps us prioritise features and fix bugs.
  • To communicate with youProduct updates, security alerts, and occasional announcements. You can unsubscribe at any time.
  • To prevent abuseRate limiting, fraud detection, and enforcing our Terms of Service.

Data Retention

We retain account data for the duration of your subscription plus 90 days after cancellation. Prompt history is retained per your plan limits. You can request full deletion of your account and data at any time by emailing privacy@promptlab.dev. Deletion requests are processed within 30 days.

Third-Party Services

We use a small number of trusted sub-processors: Stripe (billing), AWS (infrastructure), PostHog (product analytics), and Resend (email). Each is bound by data processing agreements aligned with applicable privacy law. We do not sell your data to third parties.

Your Rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data. To exercise these rights, email privacy@promptlab.dev. We will respond within 30 days.

Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We follow SOC 2 Type II security practices. See our Security page for more detail.

Changes to This Policy

We may update this policy as the product evolves. Material changes will be communicated via email and posted here with an updated effective date. Continued use after notification constitutes acceptance.

Contact

Questions about this policy? Email us at privacy@promptlab.dev or write to PromptLab, Inc., 340 Pine St, Suite 800, San Francisco, CA 94104.