Skip to content
PromtExpressPromtExpress

Privacy Policy

Last updated: May 6, 2026

1. Data controller

The data controller is Hakan Güven (sole trader, Turkey), trading as Promtexpress, operating the Service at promtexpress.com.

Contact details:
Korkutreis Mh. Lale Cd. No:17/20, Çankaya / Ankara, Türkiye
Phone: +90 537 606 52 28
Email: hello@promtexpress.com

2. Personal data we process

We process the following categories of personal data:

  • Account data: name, email address, password hash, country (when supplied at signup), authentication provider identifiers (e.g. Google ID).
  • Usage data: prompts you submit, generated prompt outputs, generation timestamps, credit ledger entries, audit logs.
  • Billing data: Paddle customer ID, subscription state, transaction IDs, plan slug. We do not store full card numbers; payment data is held by Paddle.
  • Technical data: IP address, browser/user-agent, device type, language preference, referrer; logged for security and troubleshooting.
  • Communications: support tickets, magic-link emails sent via our email provider.

3. Purposes and legal bases

We process personal data for the following purposes:

  • Performance of the contract — to provide the Service, authenticate users, deliver generated prompts, manage credits and subscriptions.
  • Legitimate interest — to detect abuse, prevent fraud, secure infrastructure, and improve product quality.
  • Legal obligation — to keep transactional records and respond to lawful requests.
  • Consent — for optional marketing emails, where applicable, with the right to withdraw at any time.

4. Subprocessors and recipients

We share personal data only with the processors needed to operate the Service:

  • Paddle.com Market Limited — payment processing, Merchant of Record (UK).
  • Brevo — transactional email delivery (France/EU).
  • Google LLC — OAuth sign-in (when chosen by the user) (USA/EU).
  • Cloudflare, Inc. — CDN, DDoS protection, analytics (global).
  • AI providers — Anthropic, OpenAI, Google AI, Deepseek, and similar — to process the prompts you submit.
  • Hosting — server is operated in a managed colocation facility in Europe.

We do not sell personal data and we do not share it for advertising profiling.

5. Retention

We keep personal data for as long as your account is active. After account deletion, we erase or anonymise personal data within 90 days unless we are required to retain certain records for tax or legal reasons (typically up to 10 years for billing records). Audit logs are retained up to 12 months for security purposes.

6. Your rights

Subject to applicable law (KVKK, GDPR, and similar regimes), you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion (the "right to erasure") where legal grounds apply;
  • request restriction or object to processing;
  • request portability of data you provided;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the Turkish Personal Data Protection Authority (KVKK) or the competent supervisory authority in your jurisdiction.

To exercise any of these rights, email hello@promtexpress.com. We respond within 30 days.

7. International transfers

Some of our processors are located outside Türkiye and the EEA. We rely on appropriate safeguards — such as Standard Contractual Clauses or processor adequacy decisions — to protect international transfers. The list of recipients above identifies the relevant jurisdictions.

8. Security

We implement technical and organisational measures appropriate to the risk, including encrypted transport (TLS), encrypted storage of secrets at rest (AES-256-GCM), least-privilege access controls, and audit logging. No system is perfectly secure; if we become aware of a personal data breach affecting you, we will notify you and, where required, the supervisory authority within 72 hours.

9. Children

The Service is not directed to children under 18. We do not knowingly process personal data of minors. If you believe a minor has created an account, contact us and we will erase the account.

10. Changes to this policy

We may update this Privacy Policy. The "Last updated" date at the top of the page reflects the most recent change. Material changes will be notified by email or in-product banner.