Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Code4Ads Ltd ("PromptMax", "we", "us", or "our") collects, uses, and protects your personal data when you use our service at promptmax.io.

Data Controller: Code4Ads Ltd · 5A Bear Lane, Southwark, London SE1 0UH, United Kingdom · [email protected]

1. Data We Collect

We collect the following personal data when you use PromptMax:

• Account data: Your email address, used for authentication and account management.
• Usage data: Your batch job history, including job names, prompts, model selections, file uploads, and processing results.
• Payment data: Payment transactions are processed entirely by Paddle.com, our Merchant of Record. We receive confirmation of payment and the amount paid, but we do not store your card details.
• Technical data: IP address and browser information collected automatically by our hosting infrastructure (Google Firebase).
• Analytics data: With your consent, we collect anonymised usage data via Google Analytics and session recordings via Microsoft Clarity to understand how visitors use our site.

2. How We Use Your Data

We use your personal data to:

• Provide and operate the PromptMax service
• Manage your account and credit balance
• Process your batch jobs via Google Cloud Vertex AI
• Send transactional emails related to your account
• Analyse site usage and improve our product (with your consent)
• Comply with legal obligations

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide the service you have signed up for.
• Consent: For analytics cookies and session recording tools. You can withdraw consent at any time via the cookie preference centre.
• Legitimate interests: To maintain security, prevent fraud, and improve our service.
• Legal obligation: To comply with applicable laws and regulations.

4. Third-Party Processors

We use the following trusted third-party services to operate PromptMax:

• Paddle.com — Merchant of Record, payment processing, and invoicing.
• Google Firebase — Authentication, database (Firestore), and file storage.
• Google Vertex AI — AI batch processing. Your uploaded CSV data is processed via Google Cloud and stored temporarily in Google Cloud Storage.
• Resend — Transactional email delivery.
• Google Analytics (GA4) — Website analytics. Collects anonymised usage data including page views, session duration, and traffic sources. Only active with your consent.
• Microsoft Clarity — Session recording and heatmaps. Records anonymised visitor interactions to help us improve the site. Input fields are masked and no personally identifiable information is captured. Only active with your consent.
• CookieScript — Cookie consent management. Records your consent preferences.
• Google Fonts — Font delivery. Google may log your IP address when fonts are loaded.

5. Cookies

We use the following categories of cookies:

• Strictly necessary: Required for the site to function. Includes Firebase Authentication session cookies and the CookieScript consent record. These are set without requiring your consent.
• Performance / Analytics: Set by Google Analytics and Microsoft Clarity to collect anonymised data on how visitors use the site. These are only set with your explicit consent. You can accept or decline these via the cookie banner when you first visit, and change your preference at any time by clicking the cookie icon at the bottom of the page.

We also use your browser's local and session storage (not cookies) for app functionality only — never for tracking: a 24-hour cache of your detected currency, your newsletter-consent choice during signup, and a support-chat session identifier (plus an email address you optionally provide to the support chat, kept only for that session). These stay on your device and are cleared when you clear your browser storage.

6. Data Retention

We retain your personal data for as long as your account is active. Job history and uploaded files are retained for the duration of your account. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law.

7. International Transfers

Your data may be processed in the United States via Google Cloud infrastructure. Such transfers are covered by Google's Standard Contractual Clauses in compliance with GDPR requirements.

8. Your Rights

Under GDPR and UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your personal data.
• Right to restriction: Request that we restrict processing of your data.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent for analytics cookies at any time via the cookie preference centre.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page.