Privacy Policy
Last updated: February 2026
1. Introduction
Marviy Pte Ltd ("we", "us", or "our") is the data controller for the PromptCraft application and website. We are incorporated in the Republic of Singapore.
This Privacy Policy explains what personal data we collect, how we use it, how we protect it, and what rights you have regarding your data. It applies to all users of the PromptCraft Service, regardless of location.
For questions or requests regarding your data, contact our Data Protection Officer at dpo@promptcraft.app.
2. Data We Collect
a) Information You Provide
- Account information: name, email address, role/profession, experience level
- Subscription and payment information: processed by Apple, Google, or our payment processor (Stripe) — we do not store full payment card details
- Prompts and content: text you enter into the Prompt Playground and Prompt Analyzer
- Survey responses and feedback: information you voluntarily provide through surveys or feedback forms
- Support communications: messages you send to our support team
b) Information Collected Automatically
- Device information: device type, operating system version, app version
- Usage data: features used, lessons completed, session duration, prompt scores
- Analytics data: anonymized event tracking via our analytics provider
- Crash reports: performance and error data to improve the Service
- IP address: used for approximate location determination and security purposes; not stored long-term in identifiable form
c) Information from Third Parties
- Authentication providers: when you sign in with Apple or Google, we receive basic profile information as authorized by you
- AI model providers: we send your prompts to third-party AI providers (Anthropic, OpenAI, Google) to generate responses — see Section 4 below for important details
3. How We Use Your Data
We use your personal data for the following purposes:
- Providing the Service: processing prompts, delivering lessons, tracking your learning progress, and generating prompt scores
- Personalization: tailoring your learning experience based on your role and skill level
- Payments: processing transactions and managing subscriptions
- Transactional communications: sending account confirmations, subscription receipts, and service-related notices
- Marketing communications: only with your explicit consent; you may opt out at any time
- Analytics and improvement: analyzing aggregated, anonymized usage patterns to improve the Service
- Security: detecting and preventing fraud, abuse, and security threats
- Legal compliance: complying with applicable laws and regulations
4. Third-Party AI Providers
Important: When you submit prompts in the Playground or Analyzer, those prompts are sent to third-party AI providers for processing. Please read this section carefully.
PromptCraft sends your prompts to the following providers to generate AI responses:
- Anthropic (Claude) — Anthropic Policies
- OpenAI (GPT) — OpenAI Policies
- Google (Gemini) — Gemini API Terms
We use API-tier access to these services, which generally means your prompts are not used to train the providers' models. However, each provider's data handling practices may change over time, and we encourage you to review their current policies.
We do not store AI-generated responses longer than necessary to display them to you. Configurable retention settings will be available in a future update.
Recommendation: Do not enter sensitive personal data, passwords, financial information, or confidential business information into prompts. While we take steps to protect your data, prompts are processed by third-party services.
5. Data Storage & Security
- Data is stored on Supabase (hosted on AWS infrastructure) with servers in Singapore
- All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
- We implement access controls, audit logging, and conduct regular security reviews
- See our Security page for more details on our security practices
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Retained while active; deleted within 90 days of account deletion |
| Prompt history | 30 days by default; user-deletable at any time; adjustable in settings |
| Analytics data | Aggregated and anonymized; retained indefinitely in anonymized form |
| Payment records | Retained as required by Singapore tax law (minimum 5 years) |
We will delete or anonymize personal data when it is no longer needed for the purposes described in this Policy.
7. Your Rights
Under Singapore PDPA
- Right to access your personal data
- Right to correct inaccurate data
- Right to withdraw consent for data collection (which may affect Service functionality)
- Right to request data portability (where technically feasible)
Under EU GDPR (for users in the EEA)
- Right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection
- Right to lodge a complaint with your local data protection authority
- Legal basis for processing: consent (marketing), contract (Service delivery), legitimate interest (security, improvement)
How to Exercise Your Rights
- In-app: Settings → Privacy → Manage My Data
- Email: dpo@promptcraft.app
We will respond to data requests within 30 days.
8. Cookies & Tracking (Website)
- Essential cookies: required for the website to function properly (session management, security)
- Analytics cookies: used with your consent to understand how the website is used (via our analytics provider)
- No advertising cookies: we do not use third-party advertising cookies
You can manage your cookie preferences via the cookie banner displayed on first visit, or through your browser settings.
9. Children's Privacy
The Service is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If we discover that such data has been collected, we will delete it promptly.
Parents or guardians who believe their child has provided us with personal data may contact us at dpo@promptcraft.app to request deletion.
10. International Data Transfers
Your data may be transferred to and processed in countries outside Singapore, including the United States (where our cloud infrastructure and AI provider servers are located).
We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) for transfers to countries without adequate data protection laws as determined by the relevant authorities.
By using the Service, you consent to such transfers subject to the safeguards described in this Policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page will reflect the most recent revision.
12. Contact & Data Protection Officer
For questions about this Privacy Policy or to exercise your data rights, please contact:
Marviy Pte Ltd
Data Protection Officer: dpo@promptcraft.app
Address: [Registered Address], Singapore
For PDPA inquiries, you may also contact the Personal Data Protection Commission (PDPC) of Singapore.