Privacy Policy

What we collect

We collect only what we actually need to run the Service:

• Account data — your email address and a hashed password when you register. If you subscribe to a paid plan, our payment processor handles card details directly; we never see or store your full payment card information.
• Usage data — which features you use, how often, and basic session metadata (browser type, device type, rough geographic region). This helps us understand what's working and what to improve.
• Content you create — the prompts, product outlines, images, and other outputs you generate while using the platform, so we can save your work between sessions.
• Communications — if you email us, we keep a record of the conversation so we can follow up properly.

We do not buy third-party data about you, and we do not collect data beyond what's listed above.

How we use it

• To operate the Service — saving your work, processing payments, and managing your account.
• To improve the platform — understanding usage patterns to decide which features to build or fix.
• To send you transactional emails — things like password resets, billing receipts, and service alerts. These are not optional because they're necessary for the Service to function.
• To send you product updates and news — only if you have opted in. You can unsubscribe at any time via the link in any marketing email.

We do not sell your data. We do not use your content to train AI models shared with third parties.

Data storage and security

Your data is stored on servers in the EU and/or UK. We apply industry-standard security practices: encrypted data in transit (TLS), encrypted passwords (bcrypt), and access controls so only the team members who need your data to do their job can see it.

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it (for example, billing records for tax purposes, which we keep for 7 years).

No system is perfectly secure. If we discover a breach that affects your personal data, we will notify you as soon as practicable and no later than 72 hours after we become aware, in line with GDPR requirements.

Cookies

We use cookies for three purposes:

• Essential cookies — keeping you logged in and maintaining your session. These are strictly necessary and cannot be turned off.
• Analytics cookies — understanding how people use the platform in aggregate. We use privacy-focused analytics that do not fingerprint individual users or share data with advertising networks.
• Preference cookies — remembering UI choices like your preferred view or last-used settings.

We do not use advertising or tracking cookies. We do not participate in cross-site tracking networks.

Your rights (GDPR)

If you are in the UK or EU, you have the following rights under GDPR. You can exercise any of them by emailing hello@prasutagus.com.

• Access — request a copy of all personal data we hold about you.
• Rectification — ask us to correct any inaccurate or incomplete data.
• Erasure — ask us to delete your personal data. We will comply unless we are required by law to retain it.
• Portability — receive your data in a structured, machine-readable format so you can transfer it to another service.
• Restriction — ask us to stop processing your data in certain ways while a dispute is being resolved.
• Objection — object to processing based on legitimate interests, including direct marketing.

We will respond to all requests within 30 days. If your request is complex or you have submitted multiple requests, we may extend this by a further two months — but we will tell you if that is the case.

You also have the right to lodge a complaint with your national data protection authority. In the UK, that is the Information Commissioner's Office (ICO) at ico.org.uk.

Third-party services

We use a small number of third-party services to operate the platform. Each processes only the data necessary for their function:

• Payment processor — handles subscription billing. They process your payment card details directly; we never see your full card number.
• Email delivery — sends transactional and marketing emails on our behalf.
• Infrastructure / hosting — the servers and databases that store your data.
• AI model providers — process the inputs you submit to generate outputs. These are processed under data processing agreements; your inputs are not used to train their general models.

We do not share your data with advertisers, data brokers, or any party for marketing purposes.

Questions about your privacy

If you have any questions about how we handle your data — or if you want to exercise any of your rights — contact us at hello@prasutagus.com. We take privacy seriously and we'll respond promptly.