Privacy Policy

1. Who we are

This Privacy Policy describes how promptgame.ai (“promptgame.ai”, “we”, “us”, “our”) collects, uses, and shares information when you use our website, applications, and services (the “Service”).

For privacy questions, visit promptgame.ai for contact options.

2. Information we collect

We collect the following categories of information:

Account information. When you create an account, we collect your email address, display name, and password (stored as a one-way hash). Optionally, you may add LinkedIn and GitHub profile URLs.

Subscription and billing. If you purchase a paid plan, our payment processor (Stripe) collects and processes your payment information. We do not store full credit card numbers on our servers. We receive limited transaction details (last four digits of the card, billing country, transaction status).

Organization information. If you create or join an organization, we collect the organization name, member roles, activation status, and seat counts.

Usage and progress. We collect information about how you use the Service, including quests completed, points earned, levels reached, streaks, certificates awarded, time spent in lessons, and the prompts you submit during exercises.

Device and log data. We collect technical information such as IP address, browser type, operating system, referring URLs, pages visited, timestamps, and crash reports.

Cookies and local storage. We use essential cookies and browser local storage to keep you signed in, remember your preferences, and preserve your in-progress lessons. See Section 6 for details.

Communications. If you contact us by email, we keep a record of the conversation.

3. How we use information

We use information to:

• Provide, operate, and maintain the Service.
• Process payments and manage subscriptions.
• Personalize your experience (track progress, suggest quests).
• Generate and verify certificates, including any public-facing verification page if you choose to share a certificate.
• Display you on leaderboards (only if you have leaderboard visibility enabled in your profile).
• Send essential service emails (receipts, password resets, security alerts, important policy changes).
• Send optional product updates and marketing emails (with your consent and an unsubscribe link in every email).
• Improve the Service, fix bugs, and develop new features.
• Detect, prevent, and respond to fraud, abuse, or security incidents.
• Comply with legal obligations.

We may also use anonymized, aggregated data (data that does not identify any individual) for analytics, research, and product development.

4. Legal bases (for users in the EEA, UK, and similar regions)

We process personal information based on the following legal bases:

• Contract: to provide the Service you signed up for.
• Legitimate interests: to operate, secure, and improve our business, where those interests are not overridden by your rights.
• Consent: for marketing communications and any other processing where consent is required. You can withdraw consent at any time.
• Legal obligation: to comply with tax, accounting, and legal requirements.

5. How we share information

We do not sell your personal information. We share information only in the following limited circumstances:

Service providers. We use third-party providers that process information on our behalf, under contracts that require them to protect your information. These include:

• Stripe: payment processing and subscription management.
• Vercel: hosting and content delivery.
• Supabase: database, authentication, and file storage.
• Email providers: transactional emails (receipts, password resets) and optional product updates.
• Analytics providers: privacy-respecting product analytics.

Public profile and leaderboard. If you enable leaderboard visibility (the default for new accounts), your display name, level, points, streak, and current realm will be visible to other users. You can opt out at any time from your profile settings.

Certificates. If you choose to share a certificate publicly (for example to LinkedIn), the page hosting that certificate will be accessible to anyone with the link.

Organizations. If you join an organization, the organization's admins will see your display name, email, points, level, current realm, completed quests, streak, and last active date so they can manage seats and report on training progress.

Legal requirements. We may disclose information if required by law, subpoena, or court order, or to protect the rights, property, or safety of promptgame.ai, our users, or others.

Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or material change in how your information is used.

6. Cookies and local storage

We use a small number of essential cookies and browser local storage entries:

• Authentication cookies keep you signed in.
• Local storage entries save your in-progress lesson state, preferences, and (before you sign in) your guest progress.
• Analytics cookies (where used) help us understand how people use the Service in aggregate. Where required by law, we ask for consent before setting these.

You can clear cookies and local storage at any time from your browser settings. Doing so may sign you out and reset not-yet-saved progress.

7. Data retention

We keep account information for as long as your account is active. After you delete your account or your subscription is cancelled and we determine the account is inactive, we delete or anonymize personal information within 90 days, except where we are legally required to retain it (for example, tax records).

Aggregated and anonymized data may be retained indefinitely for analytics and product development.

You can request deletion of your account and personal information at any time by contacting us through promptgame.ai, or by using the “Reset progress” and account deletion controls in your profile.

8. Your rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request that we correct inaccurate or incomplete information.
• Deletion: request that we delete your personal information, subject to legal exceptions.
• Portability: request a copy of your information in a machine-readable format.
• Opt-out: opt out of marketing emails (use the unsubscribe link in any marketing email or contact us).
• Object or restrict: object to or restrict certain processing.
• Withdraw consent: where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, contact us through promptgame.ai. We will respond within 30 days. We may need to verify your identity before processing your request.

California residents (CCPA/CPRA). California residents have specific rights, including the right to know what information we collect, the right to delete, and the right to opt out of the “sale” or “sharing” of personal information. We do not sell personal information. To exercise your rights, contact us through promptgame.ai.

EEA / UK residents. You also have the right to lodge a complaint with your local data-protection authority.

9. Security

We use industry-standard technical and organizational measures to protect your information, including encrypted connections (HTTPS), encrypted password storage, access controls, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

If we discover a security incident that affects your information, we will notify you and the appropriate authorities as required by law.

10. International data transfers

We are based in the United States and our service providers may process information in the United States or other countries. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in countries that may have different data-protection laws than your country. Where required, we use appropriate safeguards (such as standard contractual clauses) to protect your information during transfer.

11. Children's privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us through promptgame.ai and we will delete it.

The Service is designed for users 18 and older. If you are between 13 and 17, you may use the Service only with the involvement of a parent or legal guardian.

12. Do Not Track

Some browsers send a “Do Not Track” signal. Because there is no industry-wide standard for how to interpret these signals, the Service does not currently respond to them. We do, however, honour the privacy choices you set in your account settings and any consent banners we display.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

14. Contact

For privacy questions, requests, or concerns, visit promptgame.ai for contact options.