# Privacy Policy
This Privacy Policy explains how Limen Labs LLC (“**Prompt Gauge**,” “**we**,” “**us**,” or “**our**”) collects, uses, shares, and protects information when you access or use our websites, applications, APIs, and other services that teach people how to use AI (collectively, the “**Services**”).
By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.
---
## 1. Who We Are & How to Contact Us
Controller: Limen Labs LLC
**Email:** support@promptgauge.com
---
## 2. Information We Collect
### 2.1 Information You Provide
- Account Data: Name, email, and any profile details you add.
Passwords are stored and managed by *Supabase**; Prompt Gauge never sees or stores your plaintext password.*
- Content You Submit: Prompts, test answers, progress data, files, messages, and AI outputs (“**User Content**”).
Please do *not** submit highly sensitive data (e.g., government IDs, medical records, or payment card numbers).*
- Support Communications: Emails or other messages you send to us.
### 2.2 Information We Collect Automatically
- Usage Data: Feature interactions, session duration, clicks, referring pages, and error logs.
- Device & Network Data: IP address, browser/OS, device type, and coarse location derived from IP.
- Cookies & Similar Technologies: Used for authentication, preferences, and analytics (see Section 9).
### 2.3 Information From Third Parties
- **Authentication & Database:** Supabase processes login credentials and stores account data.
- **Payments:** Stripe processes subscription payments. We receive payment status and subscription metadata; we never store full card numbers.
- **AI Processing:** OpenAI generates certain responses. Prompts and outputs may be sent to OpenAI for inference.
- **Email Delivery:** Resend sends system emails (e.g., password resets, confirmations).
---
## 3. How We Use Your Information
We use information to:
1. Provide the Services (account creation, authentication, AI processing, payment handling, email delivery).
2. Improve, troubleshoot, and develop new features and content.
3. Communicate with you (transactional emails, updates, security alerts, optional marketing with your consent).
4. Ensure security and prevent abuse, fraud, and spam.
5. Comply with legal obligations and enforce our rights.
AI Notice: Prompts and other User Content may be processed by OpenAI to generate outputs. Do not enter confidential information you are unwilling to share with us and our providers.
---
## 4. Legal Bases (EEA/UK Only)
We process personal data on the bases of Contract, Legitimate Interests (security, improvement), Consent (where required, e.g., certain cookies/marketing), and Legal Obligation.
---
## 5. Sharing of Information
We share personal data only as needed:
- Service Providers: Supabase, Stripe, OpenAI, Resend, analytics, and customer-support tools.
- Business Transfers: As part of a merger, acquisition, or asset sale.
- Legal & Safety: To comply with law or protect rights, property, or safety.
- With Your Consent: Or as you direct.
We do not sell personal information and do not share it for cross-context behavioral advertising without consent.
---
## 6. International Transfers
Your data may be processed in countries outside your own (including the United States). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.
---
## 7. Data Retention
- Account data: Kept while your account is active and for up to 24 months after deletion (unless we need to keep it longer for legal reasons).
- Prompts/outputs & usage logs: Retained up to 24 months for debugging, abuse prevention, and product improvement.
- We may retain de-identified or aggregated data indefinitely.
---
## 8. Security
We apply reasonable administrative, technical, and organizational measures (e.g., HTTPS encryption, access controls, provider-level at-rest encryption). No method is 100 % secure, and we cannot guarantee absolute security.
---
## 9. Your Rights & Choices
Depending on your location you may have rights to access, correct, delete, restrict, object, or port your data, and to withdraw consent where processing is based on consent. Contact us at support@promptgauge.com to exercise your rights.
Cookies: Most browsers let you block or delete cookies; doing so may affect functionality.
Marketing Opt-Out: Unsubscribe links are included in marketing emails.
---
## 10. Children’s Privacy
Prompt Gauge is designed for learners of all ages but is not directed to children under 13 (or under 16 where applicable). We do not knowingly collect data from such children without verifiable parental consent. Contact us if you believe a child has provided data in violation of this policy.
---
## 11. Third-Party Services
Our Services may link to or integrate third-party services. Their privacy practices are governed by their own policies; we are not responsible for them.
---
## 12. AI Model Training & Human Review
- Prompt Gauge itself does not use your data to train proprietary AI models unless you opt in.
- OpenAI and other AI vendors process data under their terms; review their documentation to understand retention and training policies.
- Limited human review may occur for abuse detection and system reliability, subject to strict access controls.
---
## 13. California Privacy (CCPA/CPRA)
Sections 2–5 describe the categories collected, sources, purposes, and disclosures. We do not sell personal information. California residents may exercise rights via support@promptgauge.com.
---
## 14. Changes to This Policy
We may update this Privacy Policy from time to time. We will post changes in the Services and, where required, notify you. Continued use means you accept the updated Policy.
---
## 15. Contact
For any questions or privacy requests, email support@promptgauge.com.