Privacy Policy
Last Updated: December 18, 2024
Effective Date: December 18, 2024
1. Introduction
This Privacy Policy describes how LLM Prompt Evolution Playground ("we," "us," "our," or "the Service") collects, uses, and protects your personal data when you use our web application accessible at https://llmpep.byatw.com.
We are committed to protecting your privacy and complying with the European Union's General Data Protection Regulation (GDPR) and all applicable French data protection laws.
Data Controller:
LLM Prompt Evolution Playground
Server Location: France
Contact: [Add contact email]
Supervisory Authority:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07, France
2. Data We Collect
2.1 Account Information
When you create an account or use OAuth authentication, we collect:
- Email address: Required for account creation and authentication
- Password hash: Only if you use local password authentication (not stored in plain text)
- Account creation timestamp: Date and time of account registration
- Account status: Whether your account is active and your permission level
- OAuth provider information: If you use Google or Microsoft login, we store:
- Provider name (Google or Microsoft)
- Provider user ID (OAuth identifier)
- Link creation timestamp
2.2 Usage Data
When you use the Service, we collect:
- Evolution chains: Your prompt evolution sequences, including:
- Text inputs you provide
- Generated prompts
- Generated text outputs
- Titles you assign to chains
- Creation and update timestamps
- LLM metadata: Technical information about your usage:
- LLM provider used (OpenAI or Anthropic)
- LLM model selected
- Token counts
- Response latency
- Prompt template version
- User preferences: Your preferred LLM providers and models
2.3 Session Data
We use cookies to maintain your login session:
- Session cookie: Secure, HttpOnly cookie that expires after 24 hours
- Cookie type: First-party, essential (not used for tracking or advertising)
- Cookie attributes: Secure, HttpOnly, SameSite=Lax
2.4 Data We Do NOT Collect
We explicitly do NOT collect:
- IP addresses (not logged or stored)
- Browser fingerprints
- Device information
- Location data
- Analytics or tracking data
- Advertising identifiers
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Account Information | Contract Performance (Art. 6(1)(b) GDPR) | Necessary to provide the Service |
| Usage Data | Contract Performance (Art. 6(1)(b) GDPR) | Core functionality of the Service |
| Session Cookies | Legitimate Interest (Art. 6(1)(f) GDPR) | Security and authentication |
| OAuth Provider Links | Consent (Art. 6(1)(a) GDPR) | You explicitly choose OAuth login |
4. How We Use Your Data
We use your personal data solely for the following purposes:
- Authentication: Verify your identity and manage your account
- Service provision: Enable you to use the prompt evolution features
- Data persistence: Store and retrieve your evolution chains
- Security: Protect your account from unauthorized access
- Communication: Send you password reset emails (only when requested)
We do NOT:
- Sell or rent your data to third parties
- Use your data for advertising or marketing
- Share your data except as described in Section 6
- Train our own AI models on your data
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Information | Until you delete your account |
| Evolution Chains | Until you delete them or your account |
| Session Cookies | 24 hours or until logout |
| Invitation Tokens | Deleted immediately after use |
| Password Reset Tokens | 1 hour (then automatically deleted) |
When you delete your account, all associated data is permanently deleted within 48 hours.
6. Data Sharing and Third-Party Services
6.1 Third-Party LLM Providers
When you use the Service, your text inputs and prompts are sent to third-party LLM providers:
OpenAI
Data sent: Your text inputs and prompts
Privacy Policy: https://openai.com/privacy
Location: United States
Legal basis: Contract performance & your explicit model selection
Anthropic
Data sent: Your text inputs and prompts
Privacy Policy: https://www.anthropic.com/privacy
Location: United States
Legal basis: Contract performance & your explicit model selection
Important: You control which provider to use. We do NOT share your email or account information with LLM providers.
6.2 OAuth Authentication Providers
If you use OAuth login:
- Google OAuth: Privacy Policy
- Microsoft OAuth: Privacy Policy
6.3 No Analytics or Tracking
We do NOT use analytics, advertising networks, or social media trackers.
7. Your Rights Under GDPR
As a user in the European Union, you have the following rights:
Right of Access (Art. 15 GDPR)
Request a copy of all personal data we hold about you.
How to exercise: Use the "Export Chain" feature or contact us.
Right to Rectification (Art. 16 GDPR)
Correct inaccurate personal data.
How to exercise: Update your email in account settings or contact us.
Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
Request deletion of your personal data.
How to exercise: Delete individual chains or contact us to delete your account.
Right to Data Portability (Art. 20 GDPR)
Receive your data in a machine-readable format.
How to exercise: Use the "Export Chain" feature to download as JSON.
Right to Lodge a Complaint
Lodge a complaint with the French supervisory authority (CNIL).
Website: https://www.cnil.fr
Phone: +33 1 53 73 22 22
8. Data Security
We implement appropriate technical and organizational measures:
- Encryption in transit: All data transmitted using HTTPS/TLS
- Password security: Passwords hashed using bcrypt
- Secure cookies: HttpOnly, Secure, SameSite attributes
- Rate limiting: Protection against brute-force attacks
- Server location: France (EU)
9. Contact Information
For privacy-related questions or requests:
Email: [Add contact email]
Response Time: Within 30 days, as required by GDPR
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
Version: 1.0 | Language: English | Jurisdiction: France, European Union