Privacy Policy

Last updated: February 22, 2026

1. Introduction

This Privacy Policy explains how ProseShift ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at proseshift.com and related services. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR), the Italian Data Protection Code (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018), and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Name: Federico Molitierno
Location: Italy
Email: federicomolitierno@gmail.com

For any questions regarding this policy or your data, please contact us at the email address above.

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

Email address
Hashed password (for email/password registration)
Name and profile picture (if you sign in with Google OAuth)

3.2 Usage Data

When you use our service, we collect:

Number of text processing requests (monthly count for enforcing plan limits)
Subscription status and billing period
Timestamps of service usage

We do not store the content of your input or output texts on our servers. Text is processed in real time and not retained after the response is delivered.

3.3 User Preferences

We store your preferred settings (writing style, language, model selection) to provide a consistent experience across sessions.

3.4 Local Storage Data

With your consent, we store the following data locally in your browser (localStorage):

Processing history (up to 100 entries including input/output text)
Custom prompt templates
Usage statistics (aggregate counts, no personal data)
Theme preference (dark/light mode)

This data never leaves your browser and is fully under your control. You can clear it at any time through the app or your browser settings.

3.5 Payment Data

Payment processing is handled entirely by Stripe. We do not store, process, or have access to your credit card numbers or bank account details. We only store your Stripe customer ID and subscription status.

3.6 Technical Data

We do not use analytics tools, tracking pixels, or fingerprinting. We do not log IP addresses or collect device information beyond what is strictly necessary for service delivery.

4. How We Use Your Data

We use your personal data for the following purposes:

Providing and maintaining the ProseShift service
Processing payments and managing subscriptions via Stripe
Enforcing usage limits for free-tier accounts
Syncing your preferences across sessions
Sending transactional emails (account confirmation, password reset) via our authentication provider
Responding to your support inquiries

We do not use your data for advertising, profiling, or automated decision-making.

5. Legal Basis for Processing

Under GDPR Article 6, we process your data based on:

Consent (Art. 6(1)(a)): For account creation, acceptance of terms, and optional local storage of history and templates
Contract Performance (Art. 6(1)(b)): For providing the service, processing payments, and managing your subscription
Legitimate Interest (Art. 6(1)(f)): For service security, abuse prevention, and enforcing usage limits

6. Third-Party Services

We use the following third-party services to operate ProseShift:

6.1 Supabase (Database & Authentication)

Purpose: User authentication, data storage, serverless functions
Data hosted in: EU-West-1 (Ireland)
Data shared: Email address, account data, usage logs, user settings
Privacy policy: supabase.com/privacy

6.2 Stripe (Payment Processing)

Purpose: Processing subscription payments
Data shared: Email address, payment information (handled directly by Stripe)
Privacy policy: stripe.com/privacy

6.3 Google (OAuth Authentication)

Purpose: Optional sign-in via Google account
Data shared: Email, name, profile picture (only when you choose Google sign-in)
Privacy policy: policies.google.com/privacy

6.4 OpenAI (Text Processing)

Purpose: AI-powered text humanization
Data shared: Text content submitted for processing (sent via server-side function, not directly from your browser)
Note: Your API key is stored server-side and never exposed to the client
Privacy policy: openai.com/privacy

6.5 Google Fonts (Typography)

Purpose: Loading web fonts (JetBrains Mono, DM Sans, Instrument Serif)
Data shared: Your browser makes requests to Google's font servers, which may log IP addresses
Privacy policy: policies.google.com/privacy

6.6 Vercel (Hosting)

Purpose: Website hosting and content delivery
Privacy policy: vercel.com/legal/privacy-policy

7. Data Retention

Account data: Retained until you delete your account
Usage logs: Retained for 90 days, then automatically deleted
User preferences: Retained until you delete your account or change them
Local storage data: Under your control; can be cleared at any time via the app or browser settings
Payment data: Managed by Stripe per their retention policy

8. Your Rights

Under GDPR (Articles 15–22), you have the following rights regarding your personal data:

Right of Access (Art. 15): Request a copy of your personal data
Right to Rectification (Art. 16): Request correction of inaccurate data
Right to Erasure (Art. 17): Request deletion of your personal data
Right to Restriction (Art. 18): Request restriction of processing
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interest
Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at federicomolitierno@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at garanteprivacy.it.

9. Cookies & Local Storage

9.1 Essential (Always Active)

Supabase authentication session: Required for user login and session management. Stored in localStorage.

9.2 Functional (With Your Consent)

Processing history: Stores your recent humanization history locally for convenience
Custom templates: Stores your saved prompt templates locally
Usage statistics: Stores aggregate usage counts locally
Theme preference: Remembers your dark/light mode choice

You can manage your cookie and storage preferences at any time by clicking "Cookie Settings" in the website footer.

9.3 Third-Party Cookies

We do not use third-party tracking or analytics cookies. Stripe may set cookies during the checkout process for fraud prevention, which are governed by Stripe's cookie policy.

10. Data Security

We implement the following security measures to protect your data:

HTTPS encryption for all data in transit
Content Security Policy (CSP) headers to prevent code injection
Row Level Security (RLS) on all database tables
API keys stored server-side only, never exposed to the client
Password hashing via Supabase Auth (bcrypt)
No sensitive data logged or stored in plain text

11. International Data Transfers

Your data is primarily processed within the European Economic Area (Supabase EU-West-1, Ireland). Some third-party services (Stripe, OpenAI, Google) may process data in the United States under appropriate safeguards such as Standard Contractual Clauses (SCCs) and/or EU-US Data Privacy Framework adequacy decisions.

12. Children’s Privacy

ProseShift is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child under 16, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Continued use of the service after changes constitutes acceptance of the revised policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Email: federicomolitierno@gmail.com