Skip to main content

Privacy Policy

Last updated: May 2026

1. Data Controller

Prompt2Love
Gustav-Maurer-Strasse 23
8702 Zollikon, Switzerland
Email: hello@prompt2love.com

2. Overview of Data Processing

We only process personal data to the extent necessary for providing our platform or where you have given your consent.

3. Data Categories

  • Master data: Email address, username, profile picture (optional)
  • Usage data: Page views, feature usage, session ID (anonymized)
  • Content data: Prompts, skills, comments, posts
  • Technical data: IP address (truncated), browser type, timestamp

4. Legal Basis

  • Contract performance (Art. 6(1)(b) GDPR): Provision of the service, user account
  • Consent (Art. 6(1)(a) GDPR): Analytics cookies
  • Legitimate interest (Art. 6(1)(f) GDPR): Security, abuse prevention

5. Cookies

We use technically necessary cookies and, with your consent, analytics cookies. No advertising trackers are used.

  • better-auth.session_token: Session cookie for authentication (90 days)
  • NEXT_LOCALE: Stores your language preference (1 year)
  • p2l_consent: Stores your cookie settings (localStorage, unlimited)
  • _ga / _ga_*: Google Analytics cookies for anonymous usage analysis (consent-gated, 14 months)

Analytics cookies (Google Analytics, Smartlook) are only set after your explicit consent via our cookie banner. Details in our Cookie Policy.

6. Chrome Browser Extension

We offer an optional Chrome browser extension ("Prompt2Love Extension") that enhances the platform experience. The extension processes the following data:

6.1 Data Stored Locally in Your Browser

  • API token (encrypted): Used to authenticate requests to our server. Stored in chrome.storage.local with AES encryption.
  • Workspace and account info: Workspace name, email, subscription tier — for display in the extension UI.
  • Offline prompt cache: A local copy of your prompt library for offline access.
  • Settings: Language preference, theme, and feature toggles.

All locally stored data can be deleted at any time by disconnecting the extension or uninstalling it.

6.2 Network Requests

The extension communicates exclusively with prompt2love.com (our API server) and Hetzner Object Storage (for file uploads). No data is sent to third parties.

6.3 Page Content Access

On supported AI tools (ChatGPT, Claude, Gemini, Perplexity, Copilot, Mistral), the extension reads the chat interface to enable prompt injection and output capture. This content is only processed locally in your browser and is only sent to our server when you explicitly choose to save a prompt or output.

On other websites, the extension does not automatically access page content. Text is only captured when you actively use the right-click context menu or keyboard shortcut to save a selection.

6.4 Permissions

  • activeTab / scripting: Access the current tab only when you interact with the extension (save prompt, inject text).
  • storage: Store authentication tokens and settings locally.
  • contextMenus: Add "Save as Prompt" to the right-click menu.
  • sidePanel: Display the prompt library in a browser side panel.
  • alarms: Schedule periodic sync of your prompt library.
  • clipboardWrite: Copy prompts to your clipboard.

7. Hosting and Infrastructure

Our servers are hosted by Hetzner Online GmbH in Falkenstein, Germany (EU). Database backups are stored in Helsinki, Finland (EU). All data remains within the European Union.

8. Sub-Processors (Art. 28 GDPR)

We use the following sub-processors to provide our service. A Data Processing Agreement (DPA) is in place with each provider.

Service ProviderPurposeLocationTransfer Mechanism
Hetzner Online GmbHHosting, database, object storage (file uploads)Falkenstein, Germany / EUEU data processing (no third-country transfer)
Hetzner Online GmbHDatabase backupsHelsinki, Finland / EUEU data processing (no third-country transfer)
Polar Software Inc. (Polar)Payment processing for SaaS subscriptions (Merchant of Record)USAStandard Contractual Clauses (SCC)
Resend Inc.Transactional emails (OTP codes, notifications)USAStandard Contractual Clauses (SCC)
MaxMind Inc.Geographic assignment of IP addresses for analytics and security (GeoLite2)USAStandard Contractual Clauses (SCC)
Sentry GmbHError tracking and application monitoringGermany / EUEU data processing (no third-country transfer)
Better Stack / LogtailLog management and uptime monitoringEUEU data processing (no third-country transfer)
Google LLCOAuth authentication (Google Sign-In)USAStandard Contractual Clauses (SCC)
Google LLC (Google Analytics 4)Website analytics (page views, user behavior) — consent-gated, data retention 14 monthsUSAStandard Contractual Clauses (SCC)
Smartlook.com, s.r.o.Session recording and behavioral analytics — consent-gated, EU data processingCzech Republic / EUEU data processing (no third-country transfer)

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

This sub-processor list is continuously maintained and updated when changes occur. Registered users will be notified by email of material changes (addition of new sub-processors or changes to the processing purpose). The current version is always available on this page.

9. Your Rights (GDPR)

You have the right to:

  • Access your stored data
  • Rectification of inaccurate data
  • Erasure of your data ("right to be forgotten")
  • Restriction of processing
  • Data portability
  • Object to processing
  • Withdraw given consent

Contact: hello@prompt2love.com

10. Retention Periods

Personal data is deleted as soon as the purpose of storage ceases to apply, unless statutory retention obligations require otherwise.

  • Account and profile data: For the duration of the user account; after deletion request typically within 30 days.
  • Content data: Until deleted by you or upon account deletion; public content may remain in anonymized form where community interactions exist.
  • Billing and consent records: As required by statutory retention obligations, typically up to 10 years.
  • Security and system logs: Typically up to 90 days; longer in cases of abuse or security incidents until resolution.

11. Supervisory Authority

The competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC / EDÖB), Feldeggweg 1, 3003 Bern, Switzerland.

EU/EEA residents may also contact the supervisory authority in their country of residence.

12. Changes

We reserve the right to update this privacy policy. The current version is always available on this page.

ImprintTerms & ConditionsCookie Policy