Privacy Policy
Last updated: 5 March 2025
1. Data controller
The data controller for prmpt.bio is:
MOONQUEST di Gazzoni Matteo (Sole proprietorship)
Registered office (Sede legale): Quartiere XXV Aprile 17, 36061 Bassano del Grappa (VI), Italy · VAT no. (P.IVA): 04626340246 · Fiscal code (C.F.): GZZMTT89P11A703I · REA: VI-418063 (Vicenza) · Certified email (PEC): matteo.gazzoni@pec.it
Privacy contact: ping@moonquest.dev
2. What data we collect
Account data
When you create an account through our authentication provider (Clerk), we collect the email address you provide. Clerk manages your authentication credentials on our behalf; we never store passwords directly.
Creator profile data
If you register as a creator, you may provide a username, display name, bio, avatar image, website URL, and social-media handles (e.g. X/Twitter). This information is publicly visible on your creator profile page.
Content data
Creators publish prompts, example output images, call-to-action links, and store product links. This content is stored in our database and displayed publicly.
Usage data (cookieless analytics)
We use PostHog in cookieless mode to collect anonymous usage events — such as page views, prompt copies, and share clicks. These events include a prompt identifier and creator identifier but no personal information, IP address, or device fingerprint. PostHog does not set any cookies on your browser.
Technical data
Our hosting provider (Vercel) automatically collects standard server logs that may include your IP address, browser user-agent string, and the pages you visit. These logs are used for security, debugging, and infrastructure monitoring, and are retained according to Vercel's data-retention policies.
AI-processed data
When creators use our image-analysis features, image URLs and associated prompt text are sent to third-party AI providers (FAL AI and Google Gemini) for processing. No visitor data is sent to these services — only creator-uploaded content.
3. How we use your data
- Providing the service: authenticating you, displaying your creator profile and prompts, processing images.
- Analytics: understanding how pages are used so we can improve the product (cookieless, anonymous).
- Security: detecting abuse, preventing fraud, and maintaining infrastructure integrity.
- Communication: sending transactional emails (e.g. invitation links) via Clerk.
4. Legal bases (GDPR Art. 6)
- Performance of a contract (Art. 6(1)(b)): processing your account and profile data is necessary to provide the prmpt.bio service you signed up for.
- Legitimate interest (Art. 6(1)(f)): anonymous, cookieless analytics to improve the product; server logs for security and abuse prevention.
- Consent (Art. 6(1)(a)): where required by law, for example if we introduce optional marketing communications in the future.
5. Third-party processors
We share data only with processors that are necessary to operate the service:
| Provider | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication | Email, auth credentials |
| PostHog | Analytics | Anonymous events (no PII) |
| Neon (Postgres) | Database | Creator profiles, prompts |
| Cloudflare R2 | File storage & CDN | Avatar & output images |
| Vercel | Hosting | Server logs (IP, user agent) |
| FAL AI / Google Gemini | Image analysis | Image URLs, prompt text |
6. Cookies
prmpt.bio uses only essential authentication cookies set by Clerk to keep you signed in. We do not use advertising, tracking, or preference cookies. Our analytics service (PostHog) operates in fully cookieless mode and does not store anything on your device.
7. International data transfers
Some of our processors are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, as applicable to each provider.
8. Data retention
- Account data: retained until you delete your account.
- Creator profiles & prompts: retained until you delete them or request account deletion.
- Analytics events: retained according to PostHog's retention settings (anonymised, no PII).
- Server logs: retained per Vercel's standard log retention period.
9. Your rights under the GDPR
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your personal data.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at ping@moonquest.dev. We will respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority. In Italy, this is the Garante per la protezione dei dati personali.
10. Children
prmpt.bio is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Contact
For privacy questions or to exercise your rights, email ping@moonquest.dev.