Last updated: February 20, 2026
This Privacy Policy describes how Brompter ("we", "us", "our") collects, uses, and protects your personal data when you use our Service. Brompter is operated by an individual based in Poland. For data protection inquiries, contact us at hello@brompter.pro.
The data controller responsible for your personal data is Brompter, operated by an individual based in Poland. You can reach us at hello@brompter.pro for any privacy-related questions or requests.
Account data: email address, display name, username, and avatar (provided during registration or via Google OAuth). Usage data: prompts created, presets saved, and community interactions. Payment data: processed by Stripe — we do not store credit card details. Technical data: IP address, browser type, device information, and anonymized analytics data (only with your consent). Local storage data: if you use AI enhancement features, your Google AI API key is stored exclusively in your browser's local storage — we never transmit or store this key on our servers.
We process your data based on: (a) Contract performance — to provide the Service, manage your account, and process purchases (Art. 6(1)(b)). (b) Consent — for analytics cookies and usage tracking via Google Tag Manager and Google Analytics 4. You may withdraw consent at any time via the cookie settings (Art. 6(1)(a)). (c) Legitimate interest — for security, fraud prevention, and service improvement (Art. 6(1)(f)).
We use your data to: provide and improve the Service, process payments, send transactional emails (password reset, purchase confirmation), display content in the Community Gallery, and — with your consent — analyze usage patterns via Google Analytics 4 to improve the product.
We do not sell your personal data. We share data with the following trusted processors: Supabase (database & authentication, hosted on AWS eu-central-1), Vercel (hosting & CDN, global edge network), Stripe (payment processing), Resend (transactional emails), Google (Analytics 4 & Tag Manager — only with your consent). If you use AI enhancement features, your prompts are sent directly from your browser to Google's GenAI API using your own API key — we do not process or store these requests on our servers. All infrastructure processors operate under Data Processing Agreements (DPAs) compliant with GDPR.
Some of our processors (Vercel, Stripe, Google) may transfer data outside the EU/EEA. These transfers are protected by: EU Standard Contractual Clauses (SCCs), adequacy decisions where applicable, and the EU-US Data Privacy Framework for US-based processors. Supabase data is stored in EU (Frankfurt, AWS eu-central-1).
Essential cookies (always active): Supabase authentication session cookies and the NEXT_LOCALE language preference cookie. These are strictly necessary for the Service to function. Analytics cookies (consent required): Google Analytics 4 and Google Tag Manager cookies (_ga, _gid, _gat). These are only loaded after you give explicit consent via our cookie banner. You can change your preference at any time. We do not use advertising or third-party tracking cookies.
We retain your data for as long as your account is active. Analytics events are retained for 14 months. You may delete your account and all associated data at any time from your account settings — this permanently removes your profile, presets, gallery posts, uploaded files, and analytics data.
If you are in the EU/EEA, you have the right to: access your personal data, rectify inaccurate data, request erasure (right to be forgotten — also available via account deletion in settings), restrict processing, data portability, object to processing, and withdraw consent for analytics at any time. We will respond to your request within 30 days. To exercise these rights, contact us at hello@brompter.pro. You also have the right to lodge a complaint with your local supervisory authority. We do not engage in automated decision-making or profiling that produces legal effects concerning you.
The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16.
We use industry-standard security measures including encryption in transit (TLS), secure authentication via Supabase Auth, Row Level Security (RLS) on all database tables, and column-level access controls to protect your data.
We may update this policy from time to time. Changes will be posted on this page with an updated date. Significant changes will be communicated via email.
For privacy-related questions, data access requests, or to exercise your GDPR rights, contact us at hello@brompter.pro.
We use essential cookies for authentication and language preferences. Optional analytics cookies (Google Analytics) help us improve the product. Learn more