Privacy Policy
This policy applies to GenPromptly and describes how we handle information across account access, workspace collaboration, prompt operations, and compliance-oriented workflows.
1) Introduction
This Privacy Policy explains how GenPromptly (also referred to as Prompt Polish) is operated by OpsForLocal (we, us, or our) and how we collect, use, share, and protect information when organizations and their users access our B2B SaaS prompt engineering and workflow platform.
This policy is intended for startup-stage operations and is written to be practical and transparent. It should be reviewed by your legal counsel for your specific use case.
2) Information We Collect
Depending on how the Service is used, we may collect the following categories of information:
- Account and identity information, such as name, email address, authentication identifiers, and profile details provided through account setup and sign-in.
- Organization and workspace information, such as organization name, slug, workspace settings, role assignments, membership records, and invitation records.
- User-submitted content, including project and prompt data, prompt inputs, prompt outputs, prompt versions, template selections, optimization goals, and related workflow content.
- System-generated workflow records, including optimization results, audit events, compliance-related metadata, and usage records such as token consumption and model selection metadata where applicable.
- Technical and log data, such as IP address, browser type, device identifiers, timestamps, request IDs, and other operational diagnostics.
- Cookies and session-related data used to authenticate sessions, preserve settings, and support secure product operation.
Users may choose to submit confidential or sensitive information in prompts or related content. Customers and users are responsible for assessing whether they have the right and lawful basis to upload such content.
3) How We Use Information
We may use collected information to:
- Provide, operate, and maintain the Service.
- Authenticate users and secure accounts.
- Create and manage organization workspaces, memberships, permissions, and invite flows.
- Enable collaboration across projects, prompts, and versions.
- Run optimization features and related model-assisted workflows.
- Support audit logging, usage tracking, and compliance-oriented product features.
- Monitor performance, detect abuse, investigate fraud, and improve security.
- Communicate service notices, support updates, and other operational messages.
- Analyze product usage to improve reliability, usability, and feature quality.
4) Legal Bases for Processing (Where Applicable)
Where data protection laws require a legal basis, we generally rely on one or more of the following:
- Contract: processing necessary to provide the Service under applicable terms.
- Legitimate interests: security monitoring, fraud prevention, product analytics, service improvement, and operational administration.
- Consent: where specific consent is requested and required by law.
- Legal obligations: where processing is needed to comply with applicable laws, regulations, legal process, or enforceable governmental requests.
6) Data Retention
We aim to minimize unnecessary retention. We typically retain data for as long as needed to provide the Service and for legitimate business purposes such as security, billing, debugging, product operations, and legal compliance.
Retention periods may vary by data type (for example, workspace content, audit logs, and usage records) and by contractual or legal requirements.
7) Security Measures
We use administrative, technical, and organizational safeguards intended to protect information against unauthorized access, loss, misuse, and alteration.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8) International Data Transfers
Your information may be processed in countries other than your own. Where applicable, we take steps intended to support lawful transfer mechanisms and appropriate safeguards.
9) User Rights
Depending on your jurisdiction and role, you may have rights regarding personal information, including rights to access, correct, delete, restrict, object, and request export of certain data.
Because GenPromptly is a B2B workspace product, organization administrators may control many account and workspace-level actions. We may request verification before acting on rights requests.
10) Customer and User Responsibilities
Customers are responsible for managing their users, workspace permissions, and internal data governance. Users are responsible for ensuring they have rights to submit any content to the Service.
Users should avoid submitting regulated or highly sensitive personal information unless they have a valid legal and operational basis to do so. While the Service may provide compliance-oriented features, each customer remains responsible for its own legal and regulatory obligations and internal review processes.
11) Children's Privacy
The Service is intended for business and professional use and is not directed to children under 13 (or the minimum age required by local law). If we learn that prohibited child data has been submitted, we may take steps to remove it.
12) Third-Party Services and Links
The Service may include links or integrations with third-party services. Their privacy practices are governed by their own policies, and we encourage customers to review those policies directly.
13) Changes to This Policy
We may update this Privacy Policy from time to time. Material changes may be communicated through the Service or by other appropriate means. Continued use of the Service after updates indicates acceptance of the revised policy where permitted by law.
14) Contact Information
If you have privacy questions or requests, please contact OpsForLocal at opsforlocal@gmail.com.