Privacy Policy

Last updated: January 6, 2025

Introduction

Promptz.dev is a community project operated by Christian Bonzelet, committed to protecting your privacy and ensuring transparency about how data is collected, used, and protected. This Privacy Policy explains our data practices in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Community Project: Promptz.dev is operated as a non-commercial community project with no business case or profit motive. The sole purpose of data collection is to improve the service and operate it with high reliability for the benefit of the developer community.

We use PostHog for analytics and monitoring to improve the platform and user experience. This policy describes what data we collect, why we collect it, how we process it, and your rights regarding your personal data.

Information We Collect

Automatically Collected Data

We use PostHog's cookieless tracking and autocapture features to collect the following information automatically:

Web Analytics Data:

  • Page views and page navigation patterns
  • Session duration and bounce rates
  • Referrer information (which website brought you to our site)
  • Device and browser information (type, version, screen resolution)
  • Operating system information
  • Geographic location (country/region level only, derived from anonymized IP addresses)

Product Analytics Data:

  • User interactions with our platform (clicks, form submissions, navigation)
  • Feature usage patterns and user flows
  • Search queries and content discovery patterns (used to identify content gaps and improve our library)
  • Time spent on different sections of the platform

Error Tracking Data:

  • JavaScript errors and exceptions that occur on our platform
  • Error messages, stack traces, and debugging information
  • Browser console errors and warnings

Log Data:

  • Server logs for debugging and performance monitoring
  • API request logs and response times
  • System performance metrics

Data We Do NOT Collect

  • No Persistent Cookies: We use cookieless tracking, so no tracking cookies are stored on your device
  • No Personal Identification: We do not collect names, email addresses, or other directly identifying information unless you explicitly provide it
  • No Sensitive Data: We do not collect passwords, payment information, or other sensitive personal data
  • No Cross-Site Tracking: We only track interactions on our own platform

Important Note: We use PostHog's cookieless tracking mode, which means data is stored in memory during your session and does not persist across browser sessions through cookies.

How We Use Your Information

We process your data for the following purposes as a non-commercial community project:

1. Platform Improvement and Analytics

  • Purpose: Understanding how users interact with the platform to improve user experience, service quality, and content discovery.
  • Legal Basis: Legitimate interest in improving community services
  • Data Used: Web analytics, user interaction patterns, feature usage statistics
  • Retention: Data is retained for 1 year on PostHog's free tier

2. Content Gap Analysis and Library Enhancement

  • Purpose: Tracking search terms to identify topics that users are looking for but are not yet available in our library, enabling us to create tailored content that addresses community needs
  • Legal Basis: Legitimate interest in improving community resources and content relevance
  • Data Used: Search queries entered in the global search functionality
  • Retention: Search query data is retained for 1 year to analyze trends and content gaps
  • Community Benefit: This helps us prioritize which prompts, agents, powers, and steering documents to add to the library based on actual user demand

3. Error Detection and Debugging

  • Purpose: Identifying and fixing technical issues to maintain platform stability and reliability
  • Legal Basis: Legitimate interest in providing reliable community services
  • Data Used: Error logs, exception data, browser console information
  • Retention: Error data is retained for 1 year for debugging purposes

4. Performance Monitoring

  • Purpose: Ensuring optimal platform performance and identifying bottlenecks for the community
  • Legal Basis: Legitimate interest in service quality
  • Data Used: Page load times, API response times, system performance metrics
  • Retention: Performance data is retained for 1 year

5. Security and Fraud Prevention

  • Purpose: Protecting the platform and community from malicious activities
  • Legal Basis: Legitimate interest in security and legal compliance
  • Data Used: Access patterns, suspicious activity indicators
  • Retention: Security logs are retained for 1 year

Non-Commercial Nature: All data processing is conducted solely for the purpose of maintaining and improving this community project. No data is used for commercial purposes, marketing, or profit generation.

Data Processing and Storage

PostHog Analytics Platform

We use PostHog, a privacy-focused analytics platform, to collect and process usage data:

Data Location: All data is stored in PostHog's EU data center located in Frankfurt, Germany (AWS EU infrastructure), ensuring your data remains within EU jurisdiction for GDPR compliance.

Data Processing: PostHog processes data on our behalf as a data processor. We have a Data Processing Agreement (DPA) with PostHog that ensures GDPR compliance.

Cookieless Tracking: We use PostHog's cookieless tracking mode, which means:

  • No tracking cookies are stored on your device
  • Data is stored in browser memory during your session only
  • No persistent tracking across browser sessions
  • Enhanced privacy protection compared to traditional cookie-based analytics

IP Address Handling: IP addresses are automatically anonymized by setting the last octet to zero (e.g., 192.168.1.144 becomes 192.168.1.0), reducing the risk of personal identification while maintaining geographic relevance for analytics.

Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data is encrypted in transit using HTTPS/TLS
  • Access Controls: Strict access controls limit who can access analytics data
  • Data Minimization: We only collect data necessary for our stated purposes
  • Regular Audits: We regularly review our data collection and processing practices
  • Incident Response: We have procedures in place to respond to potential data breaches

Third-Party Services

We use the following third-party service for analytics and monitoring:

ServiceProviderPurposeData SharedData LocationPrivacy Policy
PostHogPostHog Inc.Web analytics, product analytics, error tracking, logsAnonymized usage data, error logs, performance metricsEU (Frankfurt, Germany)PostHog Privacy Policy

PostHog Data Processing: PostHog processes data on our behalf as a data processor under their Terms of Service. PostHog EU Cloud ensures:

  • Data is stored within EU jurisdiction (Frankfurt, Germany)
  • Appropriate security measures are implemented
  • GDPR compliance requirements are met
  • Data Processing Agreement available upon request

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request information about the personal data we process about you, including:

  • What data we collect
  • Why we process it
  • How long we retain it
  • Who we share it with

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent (where processing is based on consent)
  • The data has been unlawfully processed

Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Technical Limitations of Cookieless Tracking

Important Note on Data Subject Rights: Due to our privacy-first cookieless tracking approach, we may have limited ability to identify specific individuals in our analytics data. While this enhances your privacy by not storing persistent identifiers or cookies, it creates technical limitations for fulfilling certain data subject rights:

Rights We Can Fully Support:

  • Right to Object: You can opt out of all tracking at any time
  • Right to Restrict Processing: We can stop collecting your data immediately
  • Right to Information: Fully covered in this privacy policy

Rights with Technical Limitations:

  • Right of Access: We cannot reliably identify which analytics data belongs to you due to daily hash rotation
  • Right to Rectification: Cannot identify specific user data to correct in our anonymous analytics
  • Right to Erasure: Cannot identify specific user data to delete from our analytics system
  • Right to Portability: Cannot identify specific user data to export

Our Commitment: We will make every reasonable effort to accommodate your requests where technically feasible. The cookieless approach we use prioritizes your privacy by design, which inherently limits our ability to link data to specific individuals - this is a feature, not a limitation, of our privacy-first approach.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within 30 days.

For Opt-Out Requests: You can immediately stop all tracking by contacting us or by disabling JavaScript in your browser, which will prevent any analytics data collection.

Data Retention

We retain different types of data for the following periods based on the limitations of the Posthog free tier:

  • Analytics Data: Retained for 1 year on PostHog's free tier, then automatically deleted
  • Error Logs: Retained for 1 year for debugging and improvement purposes
  • Performance Data: Retained for 1 year to monitor platform performance trends
  • Security Logs: Retained for 1 year for security monitoring and compliance

After the retention period expires, data is automatically and permanently deleted from PostHog's systems.

International Data Transfers

Your data is processed within the European Union:

  • Primary Storage: PostHog EU data center in Frankfurt, Germany
  • No International Transfers: Data does not leave EU jurisdiction
  • GDPR Compliance: Full compliance with EU data protection requirements

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We will update the "Last updated" date at the top of this policy
  • For significant changes, we will provide prominent notice on our platform
  • We encourage you to review this policy periodically

Legal Basis for Processing

Under GDPR, we process your data based on the following legal bases:

  • Legitimate Interest: For analytics, error tracking, and platform improvement (Article 6(1)(f) GDPR)
  • Consent: Where explicitly provided for specific processing activities (Article 6(1)(a) GDPR)
  • Legal Obligation: Where required by law (Article 6(1)(c) GDPR)

Contact Information

If you have any questions about this Privacy Policy, want to exercise your data protection rights, or have concerns about our data practices, please contact:

  • Email: christian.bonzelet@gmail.com
  • Subject Line: Please include "Promptz.dev Privacy Policy" or "Promptz.dev Data Protection" in your subject line

For PostHog-related privacy questions, you can also contact PostHog directly:

Supervisory Authority

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

This privacy policy is effective as of the date listed above and governs the collection, use, and disclosure of personal information for this community project. By using Promptz.dev, you acknowledge that you have read and understood this Privacy Policy.