Privacy Policy
Last updated: 2025-12-01
This Privacy Policy describes how PromptCost (“we”, “us”, “our”) processes personal data when you use our website and services.
We process data in accordance with the GDPR. Andreas Horpas is the data controller for this service.
1. Data We Collect
Account: Email, name (from Google), auth metadata.
Service usage: Prompts, analysis metadata, token estimates, selected model, usage logs (timestamp, features), IP (security), device/browser info.
Payments: Processed via Stripe; we don’t store full card numbers.
Cookies: Auth/session, preferences, optional analytics (only if you consent).
2. How We Use Data
- Provide and maintain the service
- Authenticate users
- Cost estimation and analytics
- Security, abuse/fraud prevention
- Performance and UX improvement
- Payments and purchase history
- Support and communication
We do not sell personal data.
3. Legal Basis (GDPR)
Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests; Art. 6(1)(c) legal obligations; Art. 6(1)(a) consent (cookies/analytics).
4. Storage & Security
Supabase (PostgreSQL with RLS), Google Cloud. Encryption in transit and at rest.
5. Sharing
Google (auth/hosting), Supabase (DB), Stripe (payments), analytics if enabled. No advertisers. A list of subprocessors is available on request.
6. International Transfers
Supabase, Google, Stripe may process data outside the EU. Protected by SCCs/adequacy decisions.
7. Your Rights
Access, rectification, deletion, restriction, portability, withdraw consent, complain to DSB (Austria).
Contact: horpas.andreas@gmail.com
8. Retention
Kept as needed for service and legal obligations (e.g., payment records up to 7 years under Austrian law).
9. Children
Not intended for children under 13.
10. Contact
Email: horpas.andreas@gmail.com
Complaints: Austrian Data Protection Authority (DSB).