Privacy Policy

1. Introduction

This Privacy Policy explains how PromptedVisions, operated by Igor Hayfetz, collects, uses, stores, and protects your personal information. By using the platform, you consent to the data practices described in this policy.

2. Data Controller

Igor Hayfetz is the sole operator and data controller for PromptedVisions. As an independent developer, Igor is personally responsible for all data processing activities.

Contact for Data Requests: ai@promptedvisions.com

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Email address - Required for account creation and authentication
• Display name - Provided by Google Sign-In or chosen by you
• Firebase UID - Unique identifier from Firebase Authentication

3.2 Profile Information (Optional)

During onboarding, you may provide:

• Research field (e.g., Biology, Chemistry, Physics)
• Experience level (e.g., Graduate Student, Industry Researcher)
• Use case description (how you plan to use the platform)

3.3 Authentication Data

We use Firebase Authentication which stores:

• Firebase ID tokens (for session management)
• Authentication cookies (httpOnly, secure)
• Login timestamps
• OAuth provider information (Google Sign-In)

3.4 Subscription & Payment Data

For paid services, we collect:

• Subscription tier (Free, Pay Per Paper, Subscription)
• Subscription status (Active, Inactive, Cancelled)
• Credits remaining (usage tracking)
• Payment processing is handled entirely by Stripe - we never store credit card information

3.5 Generated Content

When you use the AI research generation platform, we store:

• Workflow metadata (title, configuration, timestamps)
• Generated research papers and artifacts
• Stage-level results and intermediate outputs
• All content stored in Google Cloud Storage

3.6 Technical & Log Data

For security and operational purposes, we automatically collect:

• IP address
• Browser type and version
• Device information
• Access timestamps
• API request logs (stored in Google Cloud Logging)

4. How We Use Your Information

We use your information for the following purposes:

4.1 Service Provision

• Account creation and authentication
• AI research workflow generation
• Subscription and credit management
• Service improvement and bug fixes

4.2 Communication

• Account-related notifications (e.g., workflow completion)
• Security alerts
• Response to support inquiries

4.3 Legal Compliance

• Fraud prevention and security
• Compliance with applicable laws
• Enforcement of Terms of Service

5. Data Sharing and Third Parties

We use minimal third-party services, each with their own privacy policies:

5.1 Firebase (Google)

Purpose: Authentication, hosting
Data Shared: Email, display name, authentication tokens
Privacy Policy: firebase.google.com/support/privacy

5.2 Google Cloud Platform

Purpose: Data storage (Datastore, Cloud Storage), AI processing (Vertex AI)
Data Shared: User data, generated content, technical logs
Privacy Policy: cloud.google.com/privacy

5.3 Stripe

Purpose: Payment processing
Data Shared: Billing email, transaction amounts (Stripe handles all card data)
Privacy Policy: stripe.com/privacy

5.4 No Data Selling

We do not sell, rent, or trade your personal information to third parties. Your data is only shared with the essential service providers listed above for operational purposes.

6. Data Security

We implement industry-standard security measures:

• Encryption in transit: HTTPS/TLS for all connections
• Encryption at rest: Google Cloud default encryption
• Authentication: Firebase Authentication with OAuth 2.0
• Access control: Users can only access their own data
• Session management: Secure httpOnly cookies with expiration
• Rate limiting: Protection against brute force attacks

Important: No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You use the platform at your own risk.

7. Data Retention

We retain your data as follows:

• Account data: Until you delete your account, then 30 days
• Generated content: Until you delete it or your account is terminated
• Payment records: 7 years (tax compliance)
• Security logs: 90 days (for fraud prevention)

8. Your Data Rights

You have the following rights regarding your personal data:

8.1 Right to Access

You can request a copy of your personal data by emailing ai@promptedvisions.com.

8.2 Right to Correction

You can update your profile information directly in the dashboard or request corrections via email.

8.3 Right to Deletion

You can delete your account at any time from the dashboard. This will permanently delete:

• Your account information
• Generated workflows and papers
• Profile data
• Associated metadata

Note: Payment records may be retained for tax compliance (7 years).

8.4 Right to Data Portability

You can request an export of your data in machine-readable format (JSON) by emailing ai@promptedvisions.com.

8.5 Right to Object

You can object to data processing for certain purposes. However, this may limit your ability to use the platform.

9. Cookies and Tracking

We use minimal cookies for essential functionality:

9.1 Essential Cookies

• Authentication cookies: Firebase session tokens (httpOnly, secure)
• Session cookies: User state management

9.2 No Tracking or Analytics

We do not use tracking cookies or third-party analytics. No Google Analytics, Facebook Pixel, or similar tracking technologies are implemented.

For more details, see our Cookie Policy.

10. Children's Privacy

PromptedVisions is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact ai@promptedvisions.com and we will delete the data.

11. International Data Transfers

PromptedVisions uses Google Cloud Platform services hosted primarily in the United States. By using the platform, you consent to the transfer and processing of your data in the U.S. and other countries where Google operates data centers.

Google Cloud Platform complies with GDPR and other international data protection regulations.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact for Privacy Matters