Privacy Policy
Last updated: June 11, 2026
In plain words: we collect the minimum needed to run a newsletter and optional accounts — your email, and if you create an account, your name and reading activity. No ads, no tracking cookies, no selling or renting data, ever. You can unsubscribe with one click and delete your account (and everything attached to it) yourself.
Who we are
PromptAI (promptai.in) is an independent hub for AI news, research and learning resources, operated as a small independent project. For anything privacy-related, contact us at [email protected] (or reply to any briefing email).
What we collect, and why
| Data | When | Why |
|---|---|---|
| Email address | You subscribe to the briefing (after you confirm via the double opt-in email) | To send you the weekly briefing you asked for |
| Email, name, password | You create an account | To sync your reading history and learning progress across devices. Passwords are stored only as salted PBKDF2 hashes — we cannot read them. |
| Reading & learning activity | Only while signed in | To power "Recently read" and "Continue learning" in your account. Stored against your account; capped and prunable. |
| Aggregate counters | All visits | Anonymous totals (visits, articles read). No per-person profile, no cross-site tracking, no advertising identifiers. |
We do not use advertising trackers or tracking cookies. The site stores preferences (theme, language, cached articles) in your own browser's local storage — that data never leaves your device.
Who processes data on our behalf
- Cloudflare — hosts the site and stores subscriber/account data in its key-value storage (encrypted at rest).
- Resend — delivers our emails (briefings, confirmations, password resets).
- Google Fonts & Google Translate — load fonts and provide optional page translation; your browser contacts Google when these load.
- Feed & image services — article thumbnails and some news feeds are fetched through proxy services (e.g. images.weserv.nl). Your browser requests these directly when content loads.
We never sell, rent or share your personal data with anyone for marketing.
How long we keep it
- Newsletter: until you unsubscribe — every email has a one-click unsubscribe link, and removal is immediate. Unconfirmed signups expire automatically after 7 days.
- Accounts: until you delete your account. Deleting removes your profile, password hash, reading data and sessions.
- Counters: daily aggregate buckets expire after about 120 days; only anonymous totals remain.
Your rights
Wherever you are (including under the EU GDPR and India's DPDP Act), you can ask us to access, correct, export or erase your data. Most of it you can handle yourself: unsubscribe from any email, or delete your account from the account panel. For anything else, email [email protected] and we'll respond within 30 days.
Security
All traffic is encrypted (HTTPS, HSTS). Passwords are salted and hashed with PBKDF2-SHA256; login attempts are rate-limited. No system is perfectly secure — if we ever learn of a breach affecting your data, we will notify you by email.
Children
PromptAI is not directed at children under 16 and we do not knowingly collect their data.
Changes
If this policy changes materially, we'll note it in the briefing and update the date above. Continued use after a change means you accept the updated policy.