Privacy Policy

Last Updated: December 7, 2025

Prompt Framework Studio ("we," "our," or "us"), operated by Simplicate AI, LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application.

Information We Collect

Personal Information

When you register for an account, we collect:

• Email address
• Password (encrypted using bcrypt hashing)
• Account creation date
• Premium subscription status

Usage Data

We automatically collect certain information when you use our service:

• Session information (stored securely in encrypted session cookies)
• Login timestamps and session activity
• IP address and geographic location (for security purposes)
• Browser type and device information (user agent)
• Pages visited and features used

User-Generated Content

We store content you create or save:

• Prompts you generate using our frameworks
• Saved prompt titles and descriptions
• Framework preferences and form inputs
• Timestamps of prompt creation and modifications

How We Use Your Information

We use the collected information for:

1. Account Management

   • Creating and maintaining your account
   • Authenticating your login sessions
   • Managing your subscription tier (Free or Premium)

2. Service Delivery

   • Providing access to prompting frameworks
   • Saving and retrieving your prompts
   • Enabling premium features for eligible users

3. Security

   • Preventing unauthorized access
   • Enforcing rate limits to prevent abuse
   • Detecting and preventing fraudulent activity
   • Monitoring for security threats

4. Service Improvement

   • Understanding how users interact with our frameworks
   • Improving application performance and user experience
   • Developing new features

Data Storage and Security

Security Measures

We implement industry-standard security measures:

• Passwords are hashed using bcrypt (10 salt rounds)
• HTTP-only secure session cookies
• Helmet.js security headers and Content Security Policy
• Rate limiting on sensitive endpoints (5 requests per 5 minutes)
• Encrypted session storage
• CSRF protection

Data Storage

• Database: Your data is stored in a secure database (SQLite for development, PostgreSQL for production)
• Sessions: Session data is stored persistently and encrypted
• Location: Data is stored on servers located in the United States

Data Retention

• Active accounts: Data is retained while your account is active
• Inactive accounts: We may delete accounts inactive for 2 years
• Deleted accounts: Data is permanently deleted within 30 days of account deletion

Data Sharing and Disclosure

We do NOT sell your personal information to third parties.

We may share your information only in the following circumstances:

1. Legal Requirements: When required by law, court order, or government regulation
2. Service Protection: To protect our rights, property, or safety, and that of our users
3. Business Transfer: In connection with a merger, acquisition, or sale of assets (users will be notified)
4. With Your Consent: When you explicitly authorize us to share your information

Your Rights and Choices

You have the following rights regarding your data:

Access and Portability

• View all prompts you've saved in your prompt library
• Export your prompts (Premium users)

Account Management

• Update your email address
• Change your password
• Delete your account and all associated data

Opt-Out

• Stop using the service at any time
• Request account deletion

How to Exercise Your Rights

To exercise any of these rights, contact us at pfs-support@simplicate.ai or use the account management features within the application.

Cookies and Tracking

We use cookies for:

• Session Management: Maintaining your logged-in state (essential cookies)
• Security: CSRF protection and session validation

We do NOT use:

• Third-party advertising cookies
• Cross-site tracking cookies
• Analytics cookies (currently)

You can control cookies through your browser settings, but disabling essential cookies will prevent you from using the service.

Third-Party Services

Our application does not currently integrate with third-party services for analytics, advertising, or other purposes. If this changes, we will update this policy and notify users.

Children's Privacy

Prompt Framework Studio is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

International Users

If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our service, you consent to this transfer.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying a notice on our home page
• Sending an email notification (for significant changes)

Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of discovering the breach, in accordance with applicable laws.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: pfs-support@simplicate.ai
Address: Simplicate AI, LLC, 575 Guy Paine Rd, Suite B, Macon, GA 31206-2009

Additional Information for EU Users (GDPR)

If you are located in the European Union, you have additional rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at pfs-support@simplicate.ai.

Additional Information for California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

• Right to Know: Request information about data collection and usage
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact us at pfs-support@simplicate.ai.