Privacy Policy

Last Updated: September 30, 2025

1. Introduction

Welcome to Promptmonitor. This Privacy Policy explains how Bootstrapped LLC ("Promptmonitor," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our AI visibility tracking and analytics platform at promptmonitor.io (the "Service").

We are committed to protecting your privacy and being transparent about our data practices. This policy applies to all users of our Service worldwide.

Contact Information:
Bootstrapped LLC
2055 Limestone Rd
Wilmington, Delaware 19808, USA
Email: support@promptmonitor.io

2. Information We Collect

2.1 Information You Provide to Us

When you create an account or use our Service, we collect:

• Account Information: Name, email address, country, job title, company size, profile picture/avatar
• Authentication Information: When you sign in with Google, we receive your name, email, and profile picture from Google
• Company Information: Company name, website URL
• Payment Information: Processed securely through Stripe. We do not store your credit card details on our servers
• Project Information: URLs, prompts, keywords, and brand names you track within your projects
• Communications: Information you provide when contacting our support team via Crisp chat or email
• Marketing Preferences: Your subscription preferences for our email communications via Brevo

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Features you use, pages visited, time spent on the platform, queries submitted
• Analytics Data: Through Fathom Analytics (privacy-focused, GDPR-compliant) and our own Promptmonitor analytics
• Session Replay Data: Via OpenReplay to improve user experience and troubleshoot issues. This includes your user ID for support purposes, but excludes sensitive input fields and respects browser Do Not Track signals
• Technical Data: Browser type, device information, operating system, IP address (not permanently stored)
• Advertising Data: Via Google Tag Manager for LinkedIn, Reddit, and Google Ads conversion tracking

2.3 Your Website Visitors' Data (When You Use Our Analytics Feature)

When you install Promptmonitor analytics on your website:

• We collect anonymous, aggregated analytics data from your website visitors
• We do NOT collect: IP addresses, personally identifiable information, or any data that can identify individual visitors
• This feature is designed to be privacy-first and GDPR-compliant by default

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI visibility tracking platform
• Account Management: To create and manage your account, process payments, and provide customer support
• Authentication: To enable secure login via Google authentication
• AI Analysis: To generate visibility reports, track brand mentions across AI platforms, and provide competitive intelligence
• Communication: To send you service updates, billing notifications, and respond to your inquiries
• Marketing: To send promotional emails about new features and updates (you can opt out anytime)
• Analytics & Improvement: To understand how users interact with our Service and improve functionality
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Third-Party Services We Use

We work with trusted third-party service providers who help us operate our Service:

All third-party providers are carefully selected and contractually required to protect your data in accordance with applicable privacy laws.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share specific information
• Service Providers: With third-party vendors listed above who help us operate our Service
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
• Protection of Rights: To protect our rights, property, safety, or that of our users or the public

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 General Rights (All Users)

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information in your account settings
• Deletion: Delete your account and associated data, or delete specific projects from project settings
• Objection: Object to certain processing activities
• Data Portability: Receive your data in a structured, machine-readable format

6.2 GDPR Rights (EU/UK Users)

EU and UK users have additional rights under the General Data Protection Regulation:

• Right to restrict processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your supervisory authority

6.3 CCPA Rights (California Users)

California residents have rights under the California Consumer Privacy Act:

• Right to know what personal information we collect and how we use it
• Right to delete personal information
• Right to opt out of the "sale" of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

To Exercise Your Rights:

• Update your information directly in your account settings
• Delete projects from your project settings page
• For other requests, email us at support@promptmonitor.io with your request. We will respond within 30 days.

7. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active
• Project Data: Retained until you delete the project or your account
• Usage Data: Retained for up to 24 months for analytics purposes
• Payment Records: Retained for 7 years for tax and accounting purposes
• Support Communications: Retained for 3 years for quality assurance

When you delete a project from your project settings, all associated data (prompts, tracking configurations, reports) is permanently removed. After you delete your account, we may retain your data for a reasonable period as needed for legal, regulatory, or operational purposes.

8. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Secure Authentication: OAuth 2.0 via Google for secure login
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Regular security assessments and vulnerability testing
• Secure Infrastructure: Hosting with SOC 2 compliant providers (Vercel, DigitalOcean, Supabase)

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Our Service is operated from the United States. If you access our Service from outside the US, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Compliance with applicable data protection laws in your jurisdiction

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: To understand usage patterns (via Fathom Analytics and Google Tag Manager)
• Advertising Cookies: For conversion tracking from LinkedIn, Reddit, and Google Ads

You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of our Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on this page with a new "Last Updated" date
• Notify you via email for material changes
• Give you an opportunity to review changes before they take effect

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Do Not Track Signals

Some browsers have "Do Not Track" (DNT) features that send a signal indicating you do not wish to be tracked. Our session replay tool (OpenReplay) respects Do Not Track signals and will not record sessions when DNT is enabled in your browser. Our analytics tools (Fathom Analytics and Promptmonitor Analytics) are privacy-focused by default and do not track users across websites.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: support@promptmonitor.io
Mail: Bootstrapped LLC, 2055 Limestone Rd, Wilmington, Delaware 19808, USA

For GDPR-related inquiries, please specify "GDPR Request" in your subject line.
For CCPA-related inquiries, please specify "CCPA Request" in your subject line.

This Privacy Policy is effective as of September 30, 2025 and applies to all information collected by Promptmonitor.