Privacy Notice
Last updated: July 6, 2026
This Privacy Notice explains how Péter Horányi, sole proprietor, trading as PromptShielder ("we", "us", "our") collects and processes personal data. Péter Horányi is the data controller for the personal data described here.
1. Data we collect
- Account data: email address, display name, password hash, sign-in provider (e.g. Google).
- Subscription data: plan, status, subscription and customer identifiers, billing period dates. Payment card details are collected and processed by Paddle — we do not see or store them.
- Usage & telemetry: anonymous, aggregated analytics on our marketing pages (page views, referrers, approximate location). Analytics are not loaded on the workspace where you use the tool.
- Support messages that you send us.
- Prompt content: we do NOT collect the text you redact. All redaction runs in your browser; nothing is transmitted to our servers.
2. Purposes and legal basis
- Providing the Service (contract performance).
- Processing payments, subscriptions, tax, and invoicing (contract, legal obligation).
- Security, fraud prevention, abuse detection (legitimate interests).
- Improving the Service via aggregated analytics (legitimate interests).
- Customer support (contract, legitimate interests).
- Marketing communications, only where you have opted in (consent).
3. Recipients & sharing
We share personal data only with the following categories of recipients:
- Paddle.com Market Ltd, our Merchant of Record, for the sale of subscriptions, subscription management, payments, tax compliance, and invoicing.
- Hosting and infrastructure providers (Lovable Cloud / Supabase) that host our database and authentication service.
- Analytics provider: Google Analytics 4 (marketing pages only).
- Authorities where required by law, and professional advisers under confidentiality.
4. International transfers
Some recipients above are located outside the UK/EEA. Transfers rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and/or applicable adequacy decisions.
5. Retention
We retain account data while your account is active and for a limited period after closure to meet legal, tax, and dispute-resolution obligations. Subscription and invoicing records are retained per applicable tax law (typically 6–10 years). Analytics data is retained in aggregated form.
6. Your rights
Depending on your jurisdiction you may have rights to: access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. Response within one month. To exercise these rights, email privacy@promptshielder.com.
7. Security
We apply appropriate technical and organisational measures: encryption in transit (HTTPS), encryption at rest for stored data, role-based access controls, and row-level security on customer data.
8. Cookies
We use strictly necessary cookies for sign-in and session management, and analytics cookies on our marketing pages (Google Analytics 4 with IP anonymisation). You can manage cookies in your browser settings.
9. Contact
Data protection queries: privacy@promptshielder.com.