Legal

Privacy Notice

Last updated: July 3, 2026.

01

Who we are

Prompthouse ("we", "us") operates the Prompthouse Academy platform. In this notice, we act as the data controller for personal data collected through the platform.

Legal entity name and registered address will be added before we begin accepting live payments.

02

Data we collect

  • Account data: name, email address, login credentials.
  • Usage data: which courses and lessons you view, tutor conversations, feature usage.
  • Technical data: IP address, device and browser identifiers, timestamps, error logs.
  • Support data: messages you send us.
  • Payment metadata: subscription status, plan, billing period. Card and billing address data are collected and stored by Paddle, not by us.

03

How we use it

  • Create and secure your account (contract performance).
  • Deliver courses and the AI tutor (contract performance).
  • Prevent fraud and abuse, keep the platform secure (legitimate interests).
  • Improve the product and diagnose issues (legitimate interests).
  • Respond to support requests (contract performance).
  • Comply with legal obligations, including tax records (legal obligation).

04

Who we share it with

  • Paddle, our Merchant of Record, for order processing, subscription management, payments, invoicing and tax compliance. See Paddle's Privacy Policy.
  • Hosting, database and email subprocessors that run the platform for us.
  • AI model providers to power the tutor. Your tutor prompts are sent to these providers to generate replies.
  • Professional advisers (legal, accounting) where necessary.
  • Public authorities where required by law.

05

Retention

We keep account and usage data for as long as your account is active, and for a limited period afterwards for legal, tax and fraud-prevention purposes. When data is no longer needed, we delete or anonymise it.

06

Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict or object to processing of your personal data, and to data portability. To exercise any of these rights, contact us from within your member dashboard.

EU/UK users additionally have the right to lodge a complaint with their supervisory authority. Where data is transferred outside the EU/UK, we rely on Standard Contractual Clauses or adequacy decisions.

07

Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls and row-level security in our database.

08

Cookies

We use strictly necessary cookies to keep you signed in. We do not use advertising cookies. Where we use analytics cookies, they are configured to minimise personal data collection.

09

Changes to this notice

We may update this notice from time to time. Material changes will be notified by email at least 14 days in advance.