Privacy Policy
Effective date: March 12, 2026
1. Introduction
Promptic GmbH i.G. (“Promptic”, “we”, “us”) is committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website at promptslide.eu and our related services, including the PromptSlide CLI and slide registry (“Services”).
Data controller:
Promptic GmbH i.G.
Ostbahnhofstraße 11, 60314 Frankfurt, Germany
Email: hello@promptic.eu
We are not required to appoint a Data Protection Officer under Art. 37 GDPR. For all data protection inquiries, please contact us at the email address above.
2. Data We Collect
2.1 Account Data
When you create an account, we collect and process:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account identification, communication | Contract performance (Art. 6(1)(b) GDPR) |
| Name | Account profile, display in registry | Contract performance (Art. 6(1)(b) GDPR) |
| Organization name and membership | Team registry access, permission management | Contract performance (Art. 6(1)(b) GDPR) |
2.2 Authentication Data
When you log in via the PromptSlide CLI or website, we process:
- OAuth device codes and access tokens — used to authenticate your identity and authorize API access. Tokens are stored locally on your machine at
~/.promptslide/auth.json. - Session data — used to maintain your logged-in state on the website.
Legal basis: Contract performance (Art. 6(1)(b) GDPR).
2.3 Registry Content
When you publish content to the PromptSlide registry, we store:
- Slide deck source code and assets (images, fonts, etc.) you upload
- Metadata such as titles, descriptions, tags, version history, and timestamps
- Organization association for content scoping and access control
This content is stored on our servers and, for binary assets, on Vercel Blob Storage. Legal basis: Contract performance (Art. 6(1)(b) GDPR).
2.4 Newsletter and Marketing
| Channel | Data Collected | Purpose | Legal Basis |
|---|---|---|---|
| Newsletter | Email address | Send updates and marketing information | Consent (Art. 6(1)(a) GDPR) |
| Early Access Program | Email address | Manage early access status and notifications | Consent (Art. 6(1)(a) GDPR) |
| Enterprise Program | Name, email, company name, optional message | Evaluate applications and provide enterprise services | Consent (Art. 6(1)(a) GDPR) |
2.5 Analytics (Non-Personal)
We use Vercel Analytics and Vercel Speed Insights to collect aggregated, non-personal data:
- Vercel Analytics: Tracks page views and custom events anonymously. No personal identifiers are collected; data is stored as aggregated statistics that cannot identify individual users.
- Vercel Speed Insights: Tracks web performance metrics without identifying individual visitors or storing session details.
Vercel Analytics operates without cookies, without accessing client-side storage, and without fingerprinting. Since no information is stored on or read from the user's terminal equipment, § 25 TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz) does not apply.
Legal basis: Legitimate interest in improving website performance (Art. 6(1)(f) GDPR).
2.6 Server Logs
Our hosting provider (Vercel) may automatically collect server access logs, including IP addresses, browser user agents, request URLs, and timestamps. These logs are used for security monitoring, error diagnosis, and abuse prevention. Logs are retained for a limited period and deleted automatically.
Legal basis: Legitimate interest in ensuring the security and integrity of the Services (Art. 6(1)(f) GDPR).
3. How We Use Your Data
We use the data described above to:
- Provide, maintain, and improve the PromptSlide Services
- Authenticate your identity and authorize access to the registry
- Manage your organization memberships and permissions
- Store, version, and serve published slide deck content
- Process content approval workflows within organizations
- Send service-related communications (e.g., account verification, security notices)
- Send marketing communications where you have opted in
- Analyze aggregated usage to improve website performance
4. Data Sharing and Sub-Processors
We share personal data only with the following service providers, who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Vercel | Website and API hosting, blob storage for assets | Account data, registry content, analytics | EU/US (DPA in place) |
| Neon | PostgreSQL database hosting | Account data, registry content, metadata | EU (DPA in place) |
| Resend | Transactional email delivery | Email addresses, names | US (DPA in place) |
| ConvertKit | Newsletter management | Email addresses of newsletter subscribers | US (DPA in place) |
We do not sell your personal data to third parties.
5. International Data Transfers
Some of our sub-processors (Vercel, Resend, ConvertKit) may transfer data outside the European Economic Area (EEA). In such cases, we ensure adequate protection through Data Processing Agreements (DPAs) that include Standard Contractual Clauses (SCCs) approved by the European Commission. Our database provider (Neon) stores data in the EU.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account or request deletion |
| Authentication tokens | Until you log out or revoke access |
| Published registry content | Until you delete the content or your account |
| Newsletter data | Until you unsubscribe or request deletion |
| Early Access Program data | Until you unsubscribe or request deletion |
| Enterprise Program data | Until conclusion of the program or deletion request |
| Analytics data | Retained in aggregate form only, as long as needed for performance analysis |
Upon deletion of your account, we will remove your personal data within 30 days, except where retention is required by law.
7. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS/HTTPS)
- Restricted file permissions for locally stored credentials (mode 0600)
- Bearer token authentication for API access
- Private blob storage for uploaded binary assets
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights Under GDPR
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your data (“right to be forgotten”)
- Restrict processing under certain conditions
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time for consent-based processing (withdrawal does not affect the lawfulness of processing carried out before the withdrawal, Art. 7(3) GDPR)
- Lodge a complaint with a supervisory authority. The competent authority for Promptic is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit (HBDI), Postfach 3163, 65021 Wiesbaden, Germany
We do not use automated decision-making or profiling as defined in Art. 22 GDPR.
To exercise any of these rights, contact us at hello@promptic.eu. We will respond within 30 days.
9. Cookies
Our website uses essential cookies required for authentication and session management. These cookies are strictly necessary to provide the service you have requested (logging in, maintaining your session) and are therefore exempt from the consent requirement under § 25(2) TTDSG. No cookie consent banner is required for these cookies.
We do not use advertising, tracking, or analytics cookies. Our analytics solution (Vercel Analytics) operates entirely without cookies or client-side storage.
10. Children's Privacy
Our Services are not directed at children under 16. We do not knowingly collect personal data from children under 16.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The updated policy will be posted on this page with a revised effective date.
12. Contact
For any questions about this Privacy Policy or to exercise your data rights:
Promptic GmbH i.G.
Ostbahnhofstraße 11, 60314 Frankfurt, Germany
Email: hello@promptic.eu
Last Updated: March 12, 2026