Store Prompts ("we", "us", "our") operates the website at storeprompts.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.
1. Information We Collect
We collect the following information when you create an account and use our service:
- Account information: Email address and password (stored as a bcrypt hash, never in plain text)
- User content: Prompts you create, custom categories, and shared prompt links
- Payment information: Processed securely through Stripe. We store your Stripe customer ID, subscription status, and subscription ID. We do not store your credit card details.
- Usage data: Prompt copy counts, user feedback on prompts, and account activity
- Authentication tokens: Temporary verification and password reset tokens
2. How We Use Your Information
We use your information to:
- Provide and maintain the Store Prompts service
- Authenticate your account and manage sessions
- Process payments and manage subscriptions
- Send transactional emails (account verification, password resets)
- Enforce usage limits for free tier accounts
3. Third-Party Services
We use the following third-party services to operate Store Prompts:
- Supabase: Database hosting and storage (PostgreSQL)
- Stripe: Payment processing for subscriptions and lifetime purchases
- Google Analytics: Anonymous website usage analytics
- Resend: Transactional email delivery (verification and password reset emails)
- Google OAuth: Optional sign-in via Google account
- Vercel: Website hosting and serverless functions
Each third-party service has its own privacy policy governing how they handle your data.
4. Cookies
We use the following cookies:
- token: An HttpOnly, secure authentication cookie containing a JSON Web Token (JWT). Expires after 2 hours. Essential for keeping you logged in.
- _csrf: A CSRF protection cookie used to prevent cross-site request forgery attacks. Expires after 1 hour.
We do not use tracking cookies. Google Analytics uses its own cookies for anonymous usage statistics.
5. Data Security
We take the security of your data seriously:
- Passwords are hashed using bcrypt before storage
- All API communication is encrypted over HTTPS
- Database access is protected with Row Level Security (RLS) policies
- CSRF protection on all authenticated API endpoints
- HttpOnly, secure cookies prevent client-side token theft
- Security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection) are enforced on all pages
6. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We only share data with the third-party services listed above as necessary to operate the service.
When you create a shared prompt link, the prompt title and content become accessible to anyone with the link. You can revoke shared links at any time.
7. Your Rights
You have the right to:
- Access your account data at any time through the application
- Update your email address or password
- Delete your prompts, categories, and shared links
- Request deletion of your account and all associated data
To request account deletion, contact us at the email address below.
8. Data Retention
We retain your data for as long as your account is active. If you delete your account, all associated data (prompts, categories, shared links) is permanently removed from our database through cascading deletes.
9. Children's Privacy
Store Prompts is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
11. Contact Us
If you have questions about this Privacy Policy, contact us at support@storeprompts.com.
See also: Terms of Service