Back to Home

Privacy Policy

Last Updated: November 6, 2025

LGPD Compliance: This policy complies with the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018).

Introduction

At SocialPrompts.ai, we are committed to maintaining the privacy and protection of your personal information. This Privacy Policy describes our practices regarding the collection, use, storage, sharing, and protection of your information.

This policy complies with the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018) and other applicable data protection legislation.

By using SocialPrompts.ai, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, you should not use our Service.

1. Definitions

For the purposes of this Privacy Policy:

  • "Personal Data": Information relating to an identified or identifiable natural person
  • "Data Subject": The natural person to whom the personal data refers
  • "Processing": Any operation performed on personal data (collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction)
  • "Controller": The natural or legal person responsible for decisions regarding the processing of personal data (SocialPrompts.ai)
  • "Operator": The natural or legal person that processes personal data on behalf of the controller (our suppliers and service providers)
  • "Service": The SocialPrompts.ai website, applications, and all related services

2. Data Collected

2.1 Data Provided Directly by You

2.1.1 Account Creation

When you create an account on SocialPrompts.ai, we collect:

  • Full name
  • Email address
  • Username (chosen by you)
  • Password (stored in encrypted form)
  • Profile photo (optional)
  • Biography (optional)

2.1.2 Additional Profile Information

You may choose to provide additional information, including:

  • Custom biography
  • Social media links
  • Notification preferences
  • Privacy settings

2.1.3 Created Content

We collect content that you create and share on the platform:

  • Created prompts (private and public)
  • Descriptions and usage contexts of prompts
  • Tags and categorizations
  • Comments and interactions with other users' prompts
  • Feedback and ratings

2.2 Automatically Collected Data

2.2.1 Technical and Device Data

When you access SocialPrompts.ai, we automatically collect:

  • IP address
  • Device type (desktop, mobile, tablet)
  • Operating system and version
  • Browser and version
  • Screen resolution
  • Approximate geographic location (IP-based)
  • Internet service provider (ISP)

2.2.2 Usage and Navigation Data

We track how you interact with the Service:

  • Pages visited and navigation sequence
  • Time spent on each page
  • Prompts viewed, created, and saved
  • Features used
  • Searches performed within the platform
  • AI credits consumed
  • Access dates and times
  • Links clicked
  • Errors encountered

2.2.3 Performance Data

To improve user experience, we collect:

  • Page load times
  • Feature response times
  • Error and failure rates
  • System performance metrics

2.3 Payment Data

2.3.1 Financial Information via Stripe

When you purchase a paid plan or additional credits, payment information is collected and processed by Stripe, our third-party payment processor.

Important: SocialPrompts.ai does not directly store complete credit card information.

We collect and store only:

  • Stripe customer ID (unique identifier)
  • Last 4 digits of the card
  • Card brand (Visa, Mastercard, etc.)
  • Card expiration date
  • Transaction history (amounts, dates, status)
  • Subscription status (active, canceled, paused)

Complete card information is securely stored by Stripe, which is PCI DSS Level 1 certified (the highest security level in the card industry).

2.3.2 Billing Data

We maintain records of:

  • Payment history
  • Invoices issued
  • Contracted plan
  • Credits purchased and consumed
  • Subscription renewal dates

2.4 Cookies and Similar Technologies

We use cookies and similar technologies for:

2.4.1 Essential Cookies (Required)

  • Authentication: Keeping you logged into your account
  • Security: Preventing fraudulent activities
  • Functionality: Remembering your preferences and settings

2.4.2 Performance Cookies (Optional)

  • Analytics: Understanding how users interact with the Service
  • Optimization: Improving speed and performance
  • A/B Testing: Testing new features

2.4.3 Cookie Management

You can manage your cookie preferences through:

  • Browser settings
  • Privacy panel in your account
  • Opt-out of analytical cookies

Important: Disabling essential cookies may affect the functionality of the Service.

3. Purposes of Data Processing

We use your personal data for the following purposes, with legal basis under the LGPD:

3.1 Contract Performance (Art. 7, V of the LGPD)

  • Provide and operate the Service: Create and manage your account, process your requests
  • Process payments: Manage subscriptions, billing, and credits
  • Prompt optimization: Process your prompts through AI services
  • Prompt library: Store and organize your personal prompts
  • Community features: Enable sharing and discovery of public prompts

3.2 Legitimate Interest (Art. 7, IX of the LGPD)

  • Improve the Service: Analyze usage to enhance features
  • Develop new features: Identify needs and opportunities
  • Operational communications: Send notifications about your account and the Service
  • Customer support: Answer your questions and resolve issues
  • Security: Detect, prevent, and respond to fraud, abuse, and security breaches
  • Aggregate data analysis: Understand trends and usage patterns (anonymized data)

3.3 Consent (Art. 7, I of the LGPD)

We request your explicit consent for:

  • Marketing emails: News, promotions, and updates (you can unsubscribe at any time)
  • Analytical cookies: Behavioral tracking for improvements
  • Non-essential data sharing: When applicable

3.4 Legal Obligation Compliance (Art. 7, II of the LGPD)

  • Tax and accounting requirements: Maintain records as required by law
  • Court orders: Respond to legal requests from authorities
  • Applicable regulations: Comply with consumer protection and other laws

4. Data Sharing with Third Parties

4.1 Service Providers (Operators)

We share your data with third parties that help us operate the Service. These third parties act as data operators under our instructions:

4.1.1 Data Storage (Supabase)

  • Purpose: Database and authentication
  • Data shared: All account, profile, prompt, and usage data
  • Location: Servers may be located outside Brazil
  • Privacy Policy: https://supabase.com/privacy

4.1.2 Anthropic (AI Processing - Claude)

4.1.3 OpenAI (AI Processing - GPT)

  • Purpose: Alternative prompt optimization through artificial intelligence
  • Data shared: Content of prompts you request to optimize
  • Retention: OpenAI may retain data for up to 30 days for abuse monitoring
  • Privacy Policy: https://openai.com/privacy
  • Terms of Use: https://openai.com/terms

Important about AI: When using prompt optimization features, your prompts are sent for processing by these AI services. We strongly recommend not including confidential or sensitive information in prompts that will be optimized.

4.1.4 Stripe (Payment Processing)

  • Purpose: Process payments, manage subscriptions, and combat fraud
  • Data shared: Payment information, name, email, billing address
  • Security: PCI DSS Level 1 certification
  • Privacy Policy: https://stripe.com/privacy
  • Location: Global, with servers in multiple regions

4.1.5 Vercel (Hosting and Infrastructure)

  • Purpose: Host and operate the website and applications
  • Data shared: Technical data (IP, access logs, performance)
  • Location: Global server network (CDN)
  • Privacy Policy: https://vercel.com/legal/privacy-policy

4.2 Legal Sharing

We may disclose your personal data when:

  • Required by law: In response to court orders, subpoenas, or other legal requests
  • Protection of rights: To protect our legal rights, property, or safety
  • Fraud prevention: To detect, prevent, and investigate fraudulent activities
  • Emergencies: When necessary to protect the physical safety of any person

4.3 Business Transfers

In the event of a merger, acquisition, asset sale, or bankruptcy, your personal data may be transferred as part of the business assets. We will notify you via email and/or a prominent notice on the Service about any change in ownership or uses of your personal data.

4.4 Public Prompts (Sharing with Users)

When you choose to make a prompt public, the following information is visible to all SocialPrompts.ai users:

  • Prompt content
  • Title and description
  • Category and tags
  • Your username and profile photo
  • Creation date
  • Statistics (views, saves, ratings)

You control visibility: You can toggle between private and public at any time. Private prompts are visible only to you.

4.5 Aggregated and Anonymized Data

We may share or publicly disclose aggregated and anonymized data that cannot be used to identify you individually, such as:

  • Platform usage statistics
  • Prompt category trends
  • General engagement metrics

5. International Data Transfer

Some of our service providers are located outside Brazil, which means your personal data may be transferred to other countries.

5.1 Protection Guarantees

When we transfer data internationally, we ensure adequate protection through:

  • Standard contractual clauses: Agreements that guarantee an adequate level of protection
  • Privacy certifications: Providers certified in international standards (e.g., SOC 2, ISO 27001)
  • LGPD compliance: Guarantee of rights equivalent to those provided by the LGPD

5.2 Destination Countries

Your data may be transferred to:

  • United States: Supabase, Anthropic, OpenAI, Stripe, Vercel
  • European Union: Some servers of the providers listed above

5.3 Your Rights

Even with international transfer, you retain all rights provided by the LGPD, including access, correction, and deletion of data.

6. Data Retention

6.1 Storage Period

We retain your personal data for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

6.1.1 Active Account Data

  • During Service use: Retained while your account is active
  • Prompts and content: Stored indefinitely while your account exists

6.1.2 Payment and Billing Data

  • Transaction history: 5 years (Brazilian tax requirement)
  • Card information: Maintained by Stripe according to their policies

6.1.3 Support and Communication Data

  • Support tickets: 2 years after resolution
  • Emails exchanged: 2 years

6.1.4 Logs and Technical Data

  • Access logs: 6 months
  • Security logs: 1 year
  • Analytics: Aggregated data retained indefinitely (anonymized)

6.2 Account Deletion

When you request the deletion of your account:

  • Personal data: Deleted within 30 days
  • Private prompts: Deleted immediately
  • Public prompts:
    • Option 1: Deleted if you request it
    • Option 2: Kept anonymized (without link to your identity) if other users have saved them
  • Billing data: Retained for 5 years (legal obligation)
  • Security logs: Retained as necessary for investigations

6.3 Backup Data

We maintain security backups that may contain your data. These backups are deleted according to our backup retention cycle (maximum 90 days).

7. Data Security

7.1 Implemented Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

7.1.1 Technical Security

  • Encryption in transit: All data is transmitted via HTTPS/TLS
  • Encryption at rest: Stored data is encrypted in the database
  • Passwords: Stored using bcrypt hashing with salt
  • Secure authentication: JWT token-based authentication system
  • Firewall and DDoS protection: Protection against attacks and malicious access
  • Monitoring: Detection of suspicious activities and intrusion attempts

7.1.2 Organizational Security

  • Limited access: Only authorized personnel have access to data
  • Principle of least privilege: Employees only have access to necessary data
  • Training: Team trained in data security and privacy
  • Audits: Regular security and compliance reviews
  • Incident response: Data breach response plan

7.2 User Responsibility

You are also responsible for the security of your account:

  • Strong password: Use a unique and complex password
  • Do not share credentials: Keep your password secret
  • Log out on public devices: Always log out after use
  • Report suspicious activities: Report immediately any unauthorized activity

7.3 Data Breach Notification

In the event of a data breach that may pose a risk to your rights and freedoms:

  • ANPD notification: We will notify the National Data Protection Authority as required
  • Notification to you: We will inform affected data subjects within a reasonable time
  • Information provided: Nature of the breach, affected data, measures taken, and recommendations

8. Your Rights under the LGPD

As a personal data subject, you have the following rights under the LGPD (Art. 18):

Confirmation and Access (Art. 18, I and II)

Right: Confirm the existence of processing and access your personal data

How to exercise: Log into your account or send a request to support@socialprompts.ai

Correction (Art. 18, III)

Right: Correct incomplete, inaccurate, or outdated data

How to exercise: Update your data directly in account settings or request through support@socialprompts.ai

Anonymization, Blocking, or Deletion (Art. 18, IV)

Right: Request anonymization, blocking, or deletion of unnecessary data

How to exercise: Send a request to support@socialprompts.ai

Response time: Up to 15 business days

Exceptions: Data required for legal compliance cannot be deleted

Portability (Art. 18, V)

Right: Receive your data in a structured and interoperable format

How to exercise: Request through support@socialprompts.ai

Format provided: JSON or CSV

Data included: Profile, created prompts, usage history

Consent Revocation (Art. 18, IX)

Right: Revoke consent at any time

How to exercise:

  • Marketing emails: "Unsubscribe" link in the footer
  • Analytical cookies: Privacy settings
  • Other consents: support@socialprompts.ai

How to Exercise Your Rights

  1. Send an email to: support@socialprompts.ai
  2. Subject: "LGPD Request - [Type of Right]"
  3. Content: Clearly describe your request
  4. Identification: Provide sufficient information for us to verify your identity

Response time: 15 business days

No cost: Exercising these rights is free of charge

9. Rights of Children and Adolescents

Minimum Age: 18 years

SocialPrompts.ai is intended for users aged 18 years or older. We do not intentionally collect personal data from individuals under 18 years of age.

If you believe we have inadvertently collected data from a person under 18 years of age, please contact us immediately at support@socialprompts.ai. We will take steps to delete this information as quickly as possible.

10. Sensitive Data

Our Policy

SocialPrompts.ai does not intentionally collect sensitive data.

Important Recommendation

Do not include sensitive data in prompts that will be optimized by AI, as they will be sent to third parties (Anthropic/OpenAI).

11. Changes to this Privacy Policy

We may update this Privacy Policy periodically. You will be notified of significant changes via email and/or a prominent notice on the Service.

For material changes that substantially affect your privacy rights, we will provide at least 30 days' advance notice.

12. Data Protection Officer (DPO)

As required by the LGPD (Art. 41), we have appointed a Data Protection Officer (DPO) to act as a communication channel between SocialPrompts.ai, data subjects, and the National Data Protection Authority (ANPD).

DPO Contact

Email: support@socialprompts.ai

Suggested subject: "LGPD - Data Protection Officer"

Response time: 15 business days

14. Links to Third-Party Websites

SocialPrompts.ai may contain links to third-party websites, services, or resources that are not operated by us.

Limited Liability

We do not control third-party websites. We recommend that you review the privacy policies of any website you visit. We are not responsible for the content, policies, or practices of third-party websites.

15. Compliance and Supervisory Authority

Applicable Legislation

  • LGPD: General Data Protection Law (Law No. 13,709/2018)
  • Marco Civil da Internet: Law No. 12,965/2014
  • Consumer Defense Code: Law No. 8,078/1990

National Data Protection Authority (ANPD)

You have the right to file a complaint with the ANPD if you believe that the processing of your personal data violates the LGPD.

ANPD Contact

Website: https://www.gov.br/anpd/pt-br

16. Contact Information

If you have questions, concerns, or requests related to this Privacy Policy or the processing of your personal data:

General Contact

SocialPrompts.ai

Email: support@socialprompts.ai

Website: www.socialprompts.ai

Data Protection Officer (DPO)

Email: support@socialprompts.ai

Subject: "LGPD - Data Protection Officer"

LGPD Requests

Email: support@socialprompts.ai

Subject: "LGPD Request - [Type of Right]"

Response time: 15 business days

Report a Security Breach

Email: support@socialprompts.ai

Subject: "URGENT - Security"