Legal

Privacy Policy

Last updated: June 11, 2026

This policy by BDI Solutions LLC, a limited liability company organized under the laws of the US state of New Mexico, with its registered office at 1209 Mountain Road Pl Ne Ste N, Albuquerque, NM 87110, USA, registration number 0008052148 ("we", "us", "our", or the "Operator"), explains how we collect, use, and share information when you visit prompthafen.de or use related products and services (together, the "Service").

"Prompthafen" is the brand under which the Operator provides the Service. The Operator is the sole controller for personal data processed through this Service.

If you do not agree with our practices, please do not use the Service. You can contact us at [kontakt@prompthafen.de].

Summary

  • What data do we process? Data you provide, such as name, email, billing address, and account data, plus data collected automatically, such as IP address, usage data, and cookies.
  • Do we process special categories of data? No.
  • Do we receive data from third parties? To a limited extent, from login providers, analytics services, and public sources.
  • Why do we process data? To provide, improve, and secure the Service, process payments, communicate with you, and comply with law.
  • Do we sell data? No.
  • What rights do you have? People in the EU/EEA, United Kingdom, Switzerland, and certain US states have the rights described below.

1. Data We Collect

Data Provided by You

  • email addresses
  • names
  • billing addresses
  • usernames and passwords
  • phone numbers, if provided
  • contact preferences
  • prompts, notes, favorites, and your own content created in your workspace

Payment data is processed by our payment providers, such as Stripe and PayPal. We do not store full card details.

We do not collect special categories of personal data.

Social login data: If you register through a third-party account, such as Google, we receive the profile data you authorize that provider to share.

Data Collected Automatically

  • Log and usage data: IP address, device information, browser type, pages viewed, features used, timestamps, error reports
  • Device data: device identifiers, operating system, browser, provider, system configuration
  • Approximate location: region inferred from IP address. We do not collect precise GPS location.

Data From Third Parties

To a limited extent, we may receive data from social platforms if you interact with us there, from analytics and advertising providers, and from public databases solely to verify business information.

2. How We Process Your Data

  • Provide the Service: access to prompts, guides, and platform features
  • Manage accounts: authenticate you and administer your account
  • Process payments: complete transactions through payment providers
  • Communicate: send service messages, answer support requests, and, with consent, send marketing messages
  • Improve the Service: analyze usage to improve features, preferably in aggregated or anonymized form
  • Security and fraud prevention: protect the Service and users from misuse and fraud
  • Legal obligations: comply with laws, court orders, and lawful requests

3. Legal Bases Under the GDPR

If you are in the EEA, United Kingdom, or Switzerland, we rely on:

  • Performance of a contract (Art. 6(1)(b) GDPR): to provide the Service you purchased
  • Consent (Art. 6(1)(a) GDPR): for marketing and optional cookies
  • Legitimate interests (Art. 6(1)(f) GDPR): for improvement, security, and fraud prevention
  • Legal obligation (Art. 6(1)(c) GDPR): where required by law, such as tax records

4. Sharing Your Data

We share data with:

  • Processors: hosting, payment processing, email delivery, analytics, customer support, each based on data-processing agreements under Art. 28 GDPR
  • Business transfers: in connection with a sale or transfer of the business or its assets
  • Legal requirements: where required by law, court order, or authority
  • With your consent: in other cases where you expressly agree

We do not sell personal data and do not share it for cross-context targeted advertising.

5. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, analytics, and, with consent where required, marketing. You can manage cookies through your browser settings or our cookie manager. We honor Global Privacy Control (GPC) signals where legally required.

6. Social Logins

If you register using a social login, such as Google or Apple, we receive the profile data that provider shares based on your authorization. We are not responsible for the provider's practices; use of that account is governed by the provider's terms.

7. International Data Transfers

Certain service providers, such as analytics, email, or cloud-hosting providers, and the Operator itself may use infrastructure in the United States. If you access the Service from outside your country of residence, your data may be transferred to and processed in countries that may not offer an equivalent level of data protection.

For transfers of personal data from the EEA, United Kingdom, or Switzerland to countries without an adequacy decision by the European Commission, we rely on appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • the EU-U.S. Data Privacy Framework where the relevant US provider is certified
  • your explicit consent for certain transfers where appropriate

8. Retention

We store personal data only as long as necessary for the purposes of collection, typically:

  • Account data: while your account is active, then up to 3 years for legal and accounting purposes
  • Transaction records: according to tax and commercial retention duties, generally up to 10 years in Germany
  • Usage analytics: anonymized data for up to 24 months
  • Marketing lists: until you unsubscribe

9. Data Security

We use technical and organizational measures under Art. 32 GDPR, including encryption in transit, access controls, and secure hosting. No method is 100% secure, and we cannot guarantee absolute protection.

10. Data Breach Notification

If a breach is likely to create a high risk to your rights, we will notify you and the competent supervisory authority under Art. 33 and 34 GDPR. For US users, notification follows applicable state law.

11. Children's Privacy

The Service is not directed to children under 16 for consent under Art. 8 GDPR. We do not knowingly collect data from children under this age without verified parental consent. If we learn of such collection, we delete the data promptly.

12. Your GDPR Rights

Under the GDPR, UK GDPR, and Swiss FADP, you have the right to:

  • access your data (Art. 15)
  • correct inaccurate data (Art. 16)
  • delete data (Art. 17)
  • restrict processing (Art. 18)
  • data portability (Art. 20)
  • object to processing (Art. 21)
  • not be subject to solely automated decisions with legal effect (Art. 22)
  • withdraw consent at any time
  • lodge a complaint with a supervisory authority

To exercise these rights, contact us at [kontakt@prompthafen.de]. We respond within one month, extendable by two further months for complex requests. You may complain to your competent data-protection supervisory authority.

13. Rights of Residents of Certain US States

Depending on your state of residence, such as California, Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws, you may have additional rights: access, correction, deletion, portability, opt-out of "sale" or "sharing" and targeted advertising, limitation of sensitive data use, non-discrimination, and, where provided, appeal of our decision.

We do not sell personal data, do not conduct cross-context targeted advertising, and do not conduct legally significant profiling under those laws. California residents are also covered by the CCPA/CPRA. To exercise rights, email [kontakt@prompthafen.de] with the subject "Privacy Rights Request" and your state of residence. We need sufficient information to verify your identity and will not discriminate against you for exercising rights.

14. Marketing Communications

You can unsubscribe from marketing at any time by clicking "unsubscribe" in our emails or contacting us. Necessary service messages for account administration may still be sent.

15. Do Not Track / GPC

We honor Global Privacy Control (GPC) signals. There is no uniform Do-Not-Track standard; where applicable, we treat GPC as a valid opt-out from sale or sharing under US state privacy laws.

16. Changes to This Policy

We may update this policy. Material changes will be marked with an updated "Last updated" date, and, where appropriate, we will notify you directly by email.

17. Accessing, Changing, or Deleting Data

You can view and update account data in account settings, export your data, or request deletion by contacting [kontakt@prompthafen.de]. We respond according to applicable law.

Contact

BDI Solutions LLC

1209 Mountain Road Pl Ne Ste N, Albuquerque, NM 87110, USA

Registration number: 0008052148
Email: [kontakt@prompthafen.de]