Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: November 2025

Prompt Bandit ("we", "us", or "our") operates the website promptbandit.com and sells digital AI workflow products. This Privacy Policy explains what personal information we collect, how we use it, and your rights in relation to it. By using our website or purchasing our products, you agree to the practices described here.

If you have any questions about this policy, please contact us at hello@promptbandit.com.

1. Information We Collect

Information you provide directly

When you make a purchase or create an account, we collect:

  • Your name and email address
  • Billing information (processed securely by our payment provider — we do not store full card details)
  • Any messages or enquiries you send us via email or our contact form

Information collected automatically

When you visit our website, we automatically collect certain technical information, including:

  • Your IP address and general geographic location
  • Browser type and version
  • Pages visited and time spent on each page
  • Referring website (how you found us)
  • Device type and operating system

This information is collected via cookies and similar technologies. See Section 6 (Cookies) for more detail.

2. How We Use Your Information

We use the information we collect to:

  • Process your order and deliver your digital products
  • Send you order confirmation and download instructions
  • Provide customer support and respond to your enquiries
  • Send you product updates if you have purchased a kit (you may opt out at any time)
  • Send you marketing emails if you have consented (you may opt out at any time via the unsubscribe link in any email)
  • Improve our website, products, and services
  • Prevent fraud and ensure security
  • Comply with our legal obligations

We will never sell, rent, or trade your personal information to third parties for their own marketing purposes.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal information under the following legal bases:

  • Contract performance — to process your purchase and deliver your products
  • Legitimate interests — to improve our services, prevent fraud, and conduct analytics
  • Consent — to send you marketing communications (where you have opted in)
  • Legal obligation — where required by applicable law

4. Sharing Your Information

We share your personal information only with trusted third-party service providers who help us operate our business. These include:

  • Payment processors — to securely process card payments (e.g. Stripe). They handle your payment data under their own privacy policies.
  • Email service providers — to send transactional and marketing emails
  • Analytics providers — to understand how visitors use our website (data is aggregated and anonymised where possible)
  • Hosting and infrastructure providers — to host our website and store data securely

All third-party service providers are contractually required to protect your data and use it only for the purposes we specify.

We may also disclose your information if required by law, court order, or to protect the rights, property, or safety of Prompt Bandit, our customers, or others.

5. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including:

  • Order and billing records: 7 years (for tax and legal compliance)
  • Customer support communications: 3 years
  • Marketing opt-in data: until you unsubscribe or request deletion
  • Website analytics: aggregated data retained indefinitely; personally identifiable data deleted after 26 months

6. Cookies

We use cookies and similar tracking technologies on our website. Cookies are small text files stored on your device that help us provide a better experience.

The types of cookies we use include:

  • Essential cookies — required for the website to function (e.g. session management, shopping cart)
  • Analytics cookies — to understand how visitors use our site (e.g. Google Analytics). These are anonymised where possible.
  • Marketing cookies — to measure the effectiveness of our advertising campaigns (only placed with your consent)

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. For more information about managing cookies, visit aboutcookies.org.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that inaccurate data be corrected
  • Deletion — request that your personal data be deleted ("right to be forgotten"), subject to legal retention requirements
  • Restriction — request that we restrict how we process your data
  • Portability — request your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please email us at hello@promptbandit.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. All payment processing is handled by PCI-DSS compliant payment processors. Our website uses SSL encryption (HTTPS) to protect data transmitted between your browser and our server.

While we take security seriously, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

9. International Data Transfers

Our services are operated from the United Kingdom. If you are located outside the UK or EEA, your information may be transferred to and processed in countries that may not have the same data protection laws. Where we transfer data internationally, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

10. Children's Privacy

Our website and products are not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

11. Third-Party Links

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of our website or services after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us: