Privacy Policy
Effective date: May 25, 2026
1. Overview
the1prompt ("we," "our," or "us") operates the website the1prompt.com(the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service you agree to the practices described here.
2. Information We Collect
Account information (Google OAuth)
We use Google OAuth as our only sign-in method. When you authenticate we receive your Google account name, email address, and profile picture. We do not receive or store your Google password.
Payment information (Stripe)
Subscription payments are processed by Stripe. We store only your Stripe customer ID and current subscription plan. Full payment card details are handled exclusively by Stripe and are never transmitted to or stored on our servers.
Usage data
We collect information about how you interact with the Service — pages visited, prompts run, optimizer usage counts — to enforce plan limits, improve features, and detect abuse.
Communications
If you contact us via the contact form or email, we retain the content of those messages to respond to your inquiry.
3. How We Use Your Information
- Provide, maintain, and improve the Service
- Authenticate your identity and manage your account
- Process payments and enforce subscription plan limits
- Send transactional emails (subscription confirmations, billing receipts)
- Respond to support requests and contact form submissions
- Detect fraud, abuse, and violations of our Terms of Service
- Comply with applicable legal obligations
4. Data Sharing
We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers, solely as needed to operate the Service:
- Google — identity and authentication (OAuth)
- Stripe — payment processing and subscription management
- Supabase — database hosting for your account data
- Vercel — hosting and serverless function execution (server logs may contain IP addresses and request metadata)
- Resend — transactional email delivery
Each provider has its own privacy policy and data processing terms. We do not authorize these providers to use your data for their own marketing or unrelated purposes.
5. Cookies and Session Data
We use a secure HTTP-only session cookie to maintain your authentication state. No third-party advertising or tracking cookies are set. If you block cookies you will not be able to remain signed in.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or financial compliance reasons (e.g., billing records).
7. Security
We apply industry-standard security measures including HTTPS encryption in transit, role-based database access controls, and secrets management for API keys. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, email us at elias@donbot.ai. We will respond within 30 days.
9. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and, for material changes, notify you by email or a notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
11. Contact
If you have questions or concerns about this Privacy Policy, please contact us: