Promtheon Privacy Policy
Last updated: October 6, 2025
This Privacy Policy is part of and subject to our Terms of Use. It describes how Promtheon / Individual Entrepreneur "Bunin Oleksandr Andriyovich" ("we", "us", "our") collects, uses, stores, shares, and protects personal data of Users ("you", "your") in connection with the Promtheon platform (website, web app, APIs, features). By using the Service, you consent to the processing of your personal data as described herein.
1. Legal Framework & Scope
1.1 Applicable Laws
We comply with the Ukrainian Law on Personal Data Protection No. 2297-VI as amended and other applicable Ukrainian legislation. For users in the EU/EEA/UK or other jurisdictions, we also respect applicable data protection laws (e.g., GDPR-style rights), where they provide stronger protections.
1.2 Territorial Scope & Data Transfers
If you access our Service from outside Ukraine, your data may be transferred, stored, or processed outside your country (including in Ukraine or other jurisdictions). In such cases, we will ensure legal safeguards (e.g., your consent, adequacy, or standard contractual clauses) to protect your rights.
1.3 Controller / Processor
We act as the data controller for the personal data we collect. For processing by certain third parties (e.g. external AI model providers), we act as or appoint processors under contract, under our instructions and in compliance with this Policy.
1.4 Paddle as Independent Controller (if applicable)
If your purchase payment is processed through Paddle (including when Paddle acts as Merchant of Record), Paddle acts as an independent controller of personal data for the purposes of payment processing, billing/receipts, calculation and collection of taxes (VAT/Sales Tax), fraud prevention, accounting, and compliance with legal obligations. Paddle's documents (including Checkout Buyer Terms and Paddle Privacy Policy) also apply to such transactions, which are referenced in the checkout window/receipt/on Paddle's website. Data subject requests for personal data processed by Paddle should be directed to Paddle via the contact provided in their documents.
2. Types of Data Collected
We may collect the following categories of personal data, to the extent needed:
| Category | Examples | Purpose |
|---|---|---|
| Account / identity data | Full name, username, email address | Registration, login, user identification |
| Authentication & credentials | Password hash, session tokens | Secure login, session management |
| Usage data / analytics | IP address, device info, browser, OS, geolocation, usage logs, timestamps, pages visited, API calls | Service operation, analytics, improvement, security |
| Transaction / billing data | Payment method tokens, transaction history, billing address | Payment processing, invoicing, refunds |
| User content / inputs | Prompts, files, context you provide | To forward to AI models and generate outputs |
| Generated outputs | AI responses / content generated | Delivered to you as service outcome |
| Feedback / support data | Emails, support tickets, logs | Customer service, improvements |
| Cookies & tracking | Cookie identifiers, device fingerprint | Session management, analytics, personalization |
| Metadata / derived data | Usage aggregates, anonymized statistics | Analytics, product improvement |
| Paddle payment transaction data (if applicable) | Payer name/surname, receipt email, billing address, country/region, order and subscription parameters, amount/currency, payment method (tokenized), transaction/receipt IDs, checkout technical logs, anti-fraud signals | Payment processing, receipt/invoice issuance, tax calculation and collection, fraud prevention, accounting and legal compliance (Paddle acts as independent controller) |
We collect personal data only to the extent necessary for the purposes indicated and in proportion to the needs of the Service.
3. Legal Basis & Purposes of Processing
3.1 Legal Basis
We rely on one or more of the following bases:
- Your express consent (e.g. cookies, marketing communications)
- Performance of a contract (providing you the Service)
- Our legitimate interests (fraud prevention, analytics, service improvement, security)
- Compliance with legal obligations
3.2 Purposes of Processing
We use your data for the following purposes:
- Registering and authenticating your account
- Delivering the Services (forwarding your inputs to AI models, returning outputs)
- Billing, payment processing, refunds, invoices
- Analytics, metrics, performance optimization
- Detecting and preventing fraud, security threats, abuse
- Customer support, troubleshooting, communications
- Sending administrative, transactional, marketing emails (if you opt in)
- Improving models and features (within limits, see Section 7)
- Compliance with legal obligations
If we intend to use your data for new purposes beyond those described, we will notify you and, where required, request separate consent.
3.3 Legal Basis for Payment Processing via Paddle (if applicable)
For processing personal data in Paddle payments, we rely on the following bases: (a) Performance of a contract — for payment execution, subscription management, receipt provision, and access to paid features; (b) Legitimate interest — for fraud prevention and payment security; (c) Compliance with legal obligations — for tax calculation and collection, accounting and tax reporting, regulatory responses. In this capacity, Paddle acts as an independent controller, determining its own purposes/retention periods within its legislation and documents.
4. Data Sharing & Third-Party Processors
4.1 External AI / Model Providers
To fulfill your requests, we forward certain inputs (and associated context) to external AI model providers (via OpenRouter, etc.). Those providers act as processors and only receive the minimum data necessary. We use contractual safeguards (data processing agreements) to require them to protect your data consistent with this Policy.
4.2 Payment Processors & Financial Partners
We share billing and transaction data with payment services necessary for payment processing, fraud prevention, tax calculation and collection, receipt/invoice issuance, and accounting. Paddle (if applicable): when paying through Paddle, Paddle may act as Merchant of Record and operate as an independent controller of personal data. In this case, Paddle receives and processes the minimum necessary data (see Section 2) for payment execution, tax calculation, fraud prevention, receipt issuance, and fulfillment of legal obligations. Such processing is governed by Paddle's documents (including Checkout Buyer Terms and Paddle Privacy Policy). Other payment services (e.g., LIQPAY/Monobank/Stripe, etc., if applicable): act as processors or independent controllers depending on their role and jurisdiction; their terms and privacy policies apply additionally and are available in the checkout window/receipt.
4.3 Analytics, Monitoring & Infrastructure Services
We may engage third parties (e.g. Google Analytics, logging, monitoring, infrastructure providers) to assist us in service operation, performance, security, or analytics.
4.4 Legal & Compliance Disclosures
We may disclose your personal data when required by law, or to respond to lawful requests (court orders, regulators), or to protect rights and safety of us or others.
4.5 Anonymized / Aggregated Data
We may publish or use aggregated, de-identified, non-personal data for analytics, research, and public reporting, without attribution to individuals.
4.6 Data Subject Requests for Payments Processed via Paddle
If your transaction was processed through Paddle, requests for access, correction, deletion, restriction, portability, objection, as well as refund/receipt/subscription requests for data processed by Paddle, should be directed to Paddle via the contacts specified in their documents and/or in your Paddle receipt. We will help you identify the correct contact channel if needed.
5. Cookies & Tracking Technologies
5.1 Cookie Types & Purposes
We use various cookies and similar tracking technologies:
- Strictly necessary cookies — required for site functionality and authentication
- Performance / analytics cookies — measure usage and performance
- Functional cookies — remember user preferences, settings
- Marketing / advertising cookies — for promotional tracking (if you consent)
5.2 Consent & Management
On your first visit, you will see a cookie consent banner. You may accept or reject non-essential cookies. You can manage or withdraw consent in settings. Refusing cookies may degrade some features of the Service.
5.3 Marketing, Remarketing & Checkout Recovery/Retention (if enabled)
Marketing/advertising cookies, identifiers and pixels, as well as abandoned checkout reminder functionality and retention metrics, are used only with your consent, managed via banner/settings. You may withdraw consent at any time. Transactional emails (payment/receipt/access recovery) may be sent without additional consent based on contract or legal obligation.
6. Data Retention & Deletion
- We retain personal data while your account is active, and for a period thereafter for compliance, dispute resolution, auditing.
- We delete or anonymize data when it is no longer needed, unless retention is required by law.
- Some data (e.g. logs, anonymized statistics) may be kept longer in aggregated form.
- For content you posted publicly, even after account deletion, it may remain based on caching or backups, unless legally required removal.
- Data related to payments, receipts, and tax reporting is retained for at least 7 years (or longer if required by applicable law) for accounting, tax auditing, and legal compliance purposes. Retention periods for specific categories of Paddle data are determined by Paddle in their documents.
7. AI / Automated Processing & Model Training
- Our Service involves automated processing, forwarding your Input to AI models and returning Output.
- We do not guarantee correctness, completeness, or appropriateness of outputs. Use at your own risk.
- We may (with your consent or under contract) use certain anonymized or de-identified user data to improve models / performance, but not in a way to identify you personally. You may opt out of model training contributions.
8. Security & Data Breach Notification
- We implement robust technical and organizational measures: encryption in transit and at rest, access controls, periodic audits, internal procedures, segmentation, logging, intrusion detection, secure backups.
- In case of a data breach that risks user rights or personal data, we will notify affected users and regulators in accordance with applicable law (e.g., as soon as feasible).
- You are responsible for maintaining your password confidentiality; we will never ask for your password outside login flows.
- We do not store full payment credentials (e.g., full card numbers). Processing of credentials, tokenization, and PCI DSS compliance is ensured by the respective payment provider (including Paddle, if applicable). We apply TLS/encryption in transit, access controls, and other security measures; payment providers apply their own measures and certifications.
9. Rights of Data Subjects
You have the following rights (subject to applicable law):
- Access: request what personal data we hold about you
- Correction: ask for inaccurate or incomplete data to be fixed
- Deletion / erasure ("right to be forgotten")
- Restriction of processing
- Object to processing (especially where based on legitimate interests)
- Data portability: receive your personal data in machine-readable form
- Withdraw consent (for consent-based processing)
- Lodge a complaint with a supervisory authority
Requests should be sent to support@promtheon.io. We will respond within the timeframes required by applicable law.
9.X How to Exercise Rights for Paddle Transaction Data
If your payment was processed through Paddle, you may exercise rights of access, correction, deletion, restriction, portability, and objection for data processed by Paddle directly with Paddle (contacts specified in Paddle documents and/or in the receipt). We may forward your request to the appropriate provider or provide instructions on how to direct it.
10. Children & Minors
- We do not knowingly collect personal data from minors under 13 (or under the digital consent age in your jurisdiction).
- If we become aware that we hold data of a minor without proper consent, we will delete it promptly.
- If you are under the required age, please do not provide data or use this Service without parental or guardian consent.
11. Changes to This Policy & Notifications
We may update this Privacy Policy periodically. When changes are material, we will notify users (e.g. via email or banner). The revised Policy will display a new "Last updated" date. Continued use constitutes acceptance of the changed terms.
12. Jurisdiction & Dispute Resolution for Privacy Matters
For privacy-related disputes, they may be resolved in Ukrainian courts or international courts / arbitration, with priority for Ukraine, unless otherwise agreed. If a local law offers stronger protection, we will apply it to the extent required by that jurisdiction.
12.X Disputes Regarding Paddle Personal Data Processing (if applicable)
Matters concerning Paddle's processing of personal data in payment transactions are governed by Paddle's documents and English law; disputes are resolved according to the procedure specified in Paddle's documents. This Policy governs Promtheon's processing of personal data outside the scope of Paddle payment transactions.
13. Contact Information & Data Protection Officer
Individual Entrepreneur "Bunin Oleksandr Andriyovich"
Identification number: 3556706135
Legal address: Ukraine, 03056, Kyiv city, Borshchagovska street, house 148, apartment 4-07PR
Email: support@promtheon.io
Phone: +38 (050) 367-66-70
If appointed, our Data Protection Officer (DPO) contact is: dpo@promtheon.io (if applicable)
For privacy requests, please use the email above or a dedicated contact form.
Contacts for Payment Transactions Processed via Paddle
For requests regarding personal data processed by Paddle (receipts, transaction data, taxes, refunds, subscriptions), use the link/contact in your Paddle receipt or the official Paddle support channel specified in their documents.