Privacy Policy

This Privacy Policy describes how Pompter ("we", "us", or "our") collects, uses, and shares information about you when you use our Platform. We are committed to protecting your personal data in accordance with applicable laws, including the Brazilian Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018) and the General Data Protection Regulation (GDPR) where applicable.

If you have questions, contact our Data Protection Officer (DPO) at hello@pompter.com.

We collect the following categories of personal data:

• Account data: email address, username, profile photo, bio, and social links
• Authentication data: hashed passwords and OAuth tokens (managed by Supabase Auth)
• Transaction data: records of prompts acquired and payments processed by Stripe (we do not store full card numbers)
• Content data: prompts you create, including titles, descriptions, templates, and associated metadata
• Usage data: pages visited, search queries, interaction logs, and device/browser information
• Cookie data: consent preferences and session identifiers

We process your personal data on the following legal grounds:

• Contract performance: to provide the services you've requested (account creation, purchases)
• Legitimate interest: to improve the Platform, prevent fraud, and ensure security
• Consent: for analytics and marketing cookies (you may withdraw consent at any time via our Cookie Consent settings)
• Legal obligation: to comply with applicable laws and regulations

We use your personal data to:

• Provide, maintain, and improve the Platform
• Process transactions and send purchase confirmations
• Communicate with you about your account, support requests, and policy updates
• Detect and prevent fraud and abuse
• Analyze usage patterns to improve user experience (with analytics consent)
• Comply with legal obligations

Prompts you publish on the Platform are stored in our database. Public prompts are visible to all users; private prompts are visible only to you and users who have acquired them. When a user acquires your prompt, their acquisition is recorded and linked to your creator account for earnings calculation.

If a creator deletes a prompt, a copy of the template is retained for users who previously acquired it, to fulfill the license granted at the time of purchase.

We do not use your published prompt content to train AI models, and we do not sell your creative content to third parties.

We do not sell your personal data. We share data with:

• Supabase: database and authentication services (data processed in accordance with their DPA)
• Stripe: payment processing (subject to Stripe's privacy policy)
• Google Analytics: usage analytics (only with your analytics cookie consent)
• Vercel: hosting and serverless compute infrastructure
• Law enforcement: when required by valid legal process

Your data may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required under GDPR.

We retain your personal data for as long as your account is active or as necessary to provide services, comply with legal obligations, resolve disputes, and enforce our agreements.

If you delete your account, we will delete or anonymize your personal data within 30 days, except for data we are required to retain by law (e.g., transaction records for tax purposes, typically 5 years under Brazilian law).

Acquired prompt content is retained for buyers even after the creator deletes the original, as necessary for contract performance.

You have the right to:

• Access: confirm whether we process your data and receive a copy
• Correction: correct inaccurate or incomplete data
• Deletion: request deletion of your data ("right to be forgotten"), subject to legal retention obligations
• Portability: receive your data in a structured, machine-readable format
• Restriction: request restriction of processing in certain circumstances
• Objection: object to processing based on legitimate interests
• Withdrawal of consent: withdraw analytics or marketing consent at any time via our Cookie Consent settings
• Complaint: lodge a complaint with the ANPD (Brazilian National Data Protection Authority) or your local supervisory authority

To exercise any of these rights, contact us at hello@pompter.com.

To request the deletion of your account, please contact us at hello@pompter.com. Upon deletion:

• Your profile will be removed from public view immediately
• Your published prompts will be unpublished and queued for deletion within 30 days; however, copies of prompts already acquired by other users will be retained to fulfill existing licenses
• Transaction history required for legal compliance will be retained in anonymized form
• Stripe Connect accounts are subject to Stripe's account closure terms

We implement appropriate technical and organizational measures to protect your personal data, including encrypted communications (TLS), hashed password storage, Row-Level Security on our database, and access controls limiting who can view user data.

Despite our measures, no internet transmission is completely secure. You are responsible for maintaining the security of your account credentials.

The Pompter Platform and its services are not intended for individuals under the age of 18 (eighteen). To register, purchase, or sell on the Platform, users must have full legal capacity. We do not knowingly collect personal data from minors. If you are a parent or legal guardian and believe we have inadvertently collected data from a minor, please contact us immediately at hello@pompter.com so we can arrange for the immediate deletion of that information from our servers.

We may update this Privacy Policy periodically. We will notify you of material changes by posting a notice on the Platform or by email. Your continued use after the effective date constitutes acceptance of the updated policy.