✦ Meeting us at The Vault 2026! Stop by our booth and get 20 free tokens.
Home/Privacy Policy

Privacy Policy

Last updated: June 2, 2026

1. Introduction

Logos Catalyst LLC (“we,” “us,” “our”) operates Prompt It Print It (“Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

This policy applies to all users globally and is designed to comply with the General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) / CPRA.

2. Information We Collect

Information you provide directly:

  • Account data — name, email address, password (hashed), company, bio, website.
  • Payment data — billing address and payment method details (processed and stored by Stripe; we do not store raw card numbers).
  • Shipping data — name and mailing address for print orders.
  • Design prompts — text you enter to generate designs.
  • Communications — messages you send us via email or support channels.

Information collected automatically:

  • Usage data — pages visited, features used, time spent, token consumption.
  • Device & log data — IP address, browser type, operating system, referral URL, and crash reports.
  • Cookies & similar technologies — see Section 5 below.

Information from third parties:

  • Stripe — subscription status, payment confirmation, and billing events.
  • Supabase — authentication tokens and session management.
  • Sentry — error traces and performance data (anonymized where possible).

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Process payments and fulfill print orders.
  • Send transactional emails (order confirmations, shipping notifications, account alerts).
  • Respond to your inquiries and provide customer support.
  • Monitor and analyze usage to improve product performance.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • Send marketing communications where you have consented (you may opt out at any time).

Legal bases (GDPR): We process your data on the bases of (a) contract performance (fulfilling orders, providing the Service), (b) legitimate interests (analytics, fraud prevention), (c) legal obligation, and (d) consent (marketing emails, non-essential cookies).

4. Sharing Your Information

We do not sell your personal data. We share data only as described below:

  • Service providers — Stripe (payments), Supabase (database/auth), Resend (transactional email), Sentry (error monitoring), Vercel (hosting), and our trade printing partners (name and shipping address for order fulfillment only).
  • Legal requirements — We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of our users or the public.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified via email and/or a prominent notice on the Service.

All third-party processors are contractually bound to handle your data securely and only for the purposes we specify.

5. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Service. You can control cookie preferences via the banner shown on your first visit.

Types of cookies we use:

  • Strictly necessary — required for authentication and security (e.g., session tokens set by Supabase). These cannot be disabled.
  • Analytics — help us understand how users interact with the Service (e.g., page views, feature usage). Only set after consent.
  • Functionality — remember your preferences (e.g., theme, cookie banner dismissal).

You may withdraw cookie consent at any time by clearing your browser’s local storage or via your browser settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — retained until you delete your account, after which PII is purged within 30 days.
  • Order records — retained for 7 years for tax and legal compliance purposes (financial records only; shipping PII is anonymized after 12 months).
  • Design prompts — soft-deleted immediately upon account deletion; permanently purged within 30 days.
  • Log data — retained for up to 90 days for security and debugging purposes.

You may request earlier deletion of your data by deleting your account or contacting us at privacy@promptitprintit.com.

7. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, row-level security (RLS) policies in our database, and regular access control reviews. Payments are handled entirely by Stripe, a PCI-DSS Level 1 certified provider.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.

8. Your GDPR Rights (EEA & UK)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR / UK GDPR:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Restriction — ask us to restrict processing of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.
  • Lodge a complaint — with your local supervisory authority (e.g., ICO in the UK).

To exercise these rights, contact us at privacy@promptitprintit.com. We will respond within 30 days (extendable by an additional 60 days where necessary).

9. Your CCPA Rights (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) and CPRA give you specific rights regarding your personal information:

  • Right to Know — request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
  • Right to Delete — request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale — we do not sell personal information. If this changes, we will provide a “Do Not Sell My Personal Information” link.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights.
  • Right to Correct — request correction of inaccurate personal information.
  • Right to Limit Sensitive PI Use — limit our use of sensitive personal information to necessary purposes.

To submit a verified consumer request, contact us at privacy@promptitprintit.com or delete your account directly via Settings. We respond to verified requests within 45 days.

Authorized agents: You may designate an authorized agent to submit requests on your behalf by providing written authorization.

10. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@promptitprintit.com and we will promptly delete it.

11. International Data Transfers

We are based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards, when transferring data to our US-based processors.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the “Last Updated” date and, where required by law, notify you by email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact & DPO

For privacy inquiries, data subject requests, or to reach our Data Protection Officer:

Privacy Officer — Logos Catalyst LLC
Prompt It Print It
privacy@promptitprintit.com

For EU/UK residents, you also have the right to lodge a complaint with your local data protection authority.