Privacy Policy

Effective: July 1, 2025

This document describes how PromptJuggler processes personal data as required by GDPR and applicable Hungarian law.

1. Controller Information

Controller: Szigeti Tamás EV Registered address: 2484 Gárdony, Mikszáth Kálmán utca 29 Email: privacy@promptjuggler.com

2. What data we process

Account Data

  • Email address (collected for both password login and social login)
  • Password hash (for password-based accounts)
  • OAuth profile information including name and email
  • Tenant name (chosen by the user)

Billing Data

  • Stripe customer ID and Stripe subscription IDs (stored in our database)
  • Billing address and VAT ID retrieved from Stripe on the fly for invoice creation (not stored persistently in our systems)

Execution & Usage Data

  • Configuration data created by the user (e.g., settings, definitions, and other setup necessary to use the Service)
  • Metadata generated when the user initiates any processing operation, including timestamps, runtime metrics, status information, error messages, and similar operational information
  • Input, output, and intermediate data created or processed during user-initiated operations (stored only for the purpose of providing the Service)
  • Content processed through the Service is not used for analytics, service improvement, or manual review, unless the user explicitly requests debugging assistance

Website Analytics

  • Cookieless analytics via Umami (self-hosted)
  • Potential geo‑location derived from IP, with IP discarded after resolution (where supported)

Error & Debug Data

  • Sentry events without IP address collection
  • User agent may be collected (for frontend debugging)

Support Data

  • Emails received via support channels, including names, attachments, logs, and any information contained in the messages

Other

  • No fingerprinting scripts
  • No Cloudflare or similar bot-protection systems
  • No reCAPTCHA

3. Purposes and legal bases

Account Creation and Authentication Legal basis: Contract performance – users create an account to access the service, and the data processed is required to provide that access.

Service Operation (executing user‑initiated actions) This covers all automated features where the user provides inputs and receives outputs, including any form of task, prompt, job, workflow, agent, or similar system. Legal basis: Contract performance – these actions are processed solely because the customer initiates them.

Error Reporting and Diagnostics Legal basis: Contract performance – error monitoring is essential for operating a functional and stable service.

Analytics Legal basis: Legitimate interest – minimal, cookieless analytics used only to understand general system usage and improve stability, without identifying users.

Support Communication Legal basis: Legitimate interest – responding to inquiries, support requests, and presales questions.

4. Data retention

Run history (standalone execution data, workflow runs, and associated metadata) Retention depends on the user’s subscription tier: 7, 30, 90, or 180 days. After this period, data is automatically deleted.

Chat history (threaded conversation data used as context for multi-turn interactions) Retention depends on the user’s subscription tier: 30, 90, 180, or 365 days. The retention period is measured from the last interaction on the thread. As long as a thread remains active, its conversation history is retained. After the applicable period of inactivity, the thread and its data are automatically deleted.

User configuration data (any saved setup such as prompts, definitions, settings, or other configuration created by the user) Stored indefinitely until the user modifies or deletes it.

Analytics data Collected only in minimal, non-identifying, cookieless form. Retained in aggregated, non-identifiable form for as long as needed for service stability.

Error reporting and diagnostics Error events are retained for 90 days.

Billing data We do not store billing addresses, VAT numbers, invoice IDs, or invoice metadata in our own systems. Required billing data is processed only by our payment and invoicing providers.

Support communication Emails and messages sent to us are retained indefinitely unless the sender requests deletion.

5. Sub-processors and international transfers

We use a small number of external service providers to operate the service. These providers act as sub-processors when they handle personal data on our behalf. All sub-processors are bound by appropriate data-processing agreements and, where applicable, Standard Contractual Clauses for international transfers.

External providers connected by the user

The Service allows users to connect their own external providers (such as LLM APIs) using their own API keys. When a user sends data to these providers through the Service, we act as a technical intermediary only. These providers process data under the user’s own agreement with them and are not our sub-processors.

For a list of third-party services that process data on our behalf, see our Sub-processor List.

International transfers: Some sub-processors may process data outside the EU. Where this occurs, transfers are protected by the European Commission’s Standard Contractual Clauses or equivalent safeguards.

6. Security measures

We implement measures intended to protect personal data and maintain the reliability of the service.

Encryption All data transmitted between clients and the service uses HTTPS/TLS. Data stored by our hosting provider is encrypted at rest.

Access control Access to production systems is restricted. Only authorised personnel may access production data. Access requires secure SSH key authentication and occurs through non-public infrastructure.

Backups Backups are created automatically by the hosting provider. Access to backups is restricted.

Logging and monitoring We perform logging and monitoring necessary to maintain the stability and security of the service.

For details on cookies and tracking technologies, see our Cookie and Tracking Policy.