Prompt Match

Privacy Policy

Effective date: February 2, 2026

This Privacy Policy explains how Prompt Match collects, uses, stores, and protects personal data when you use the service.

1. Data Controller

Service Provider: Tomasz Pilarczyk

Address: Zwirki i Wigury 16, 66-620 Gubin, Poland

Tax ID: PL9261689360

Email: info@promptmatch.app

2. What Data We Collect

  • Account data: email address, display name, authentication provider, account creation/update timestamps.
  • Authentication data: password hash for local accounts (hashed with BCrypt), and OAuth identifiers.
  • Gameplay data: player ID, scores, match history, prompts, generated image URLs, and leaderboard entries.
  • Store and billing metadata: purchase/session/subscription status and related transaction references.
  • Technical/operational data: request/session identifiers and service logs required for security and reliability.

3. How We Use Data

  • To create and manage accounts, authenticate users, and maintain account security.
  • To run the game experience (sessions, rounds, scoring, leaderboards, and daily challenges).
  • To process purchases and subscriptions and prevent fraud or abuse.
  • To provide customer support and respond to user inquiries.
  • To maintain, improve, and monitor service performance and stability.

4. Legal Bases (EEA/UK)

  • Performance of a contract: providing the game and account-related features you request.
  • Legitimate interests: service security, abuse prevention, troubleshooting, and product improvement.
  • Legal obligations: accounting, tax, and compliance duties where applicable.
  • Consent: where required by law, including certain optional communications or integrations.

5. Third-Party Services

Google OAuth: used for Google Sign-In authentication.

Stripe: used for secure payment processing for coin packs and subscriptions.

Payment card details are processed by Stripe and are not stored by Prompt Match servers. Third-party providers process data under their own privacy terms.

6. Data Sharing

We do not sell personal data. We share data only with service providers needed to operate Prompt Match (such as authentication and payment providers), or when required by law.

7. Data Retention

We retain personal data only as long as necessary for account operation, gameplay history, billing records, legal obligations, dispute resolution, and enforcement of our agreements.

8. Security

  • Passwords for local accounts are hashed using BCrypt.
  • Access controls and operational safeguards are used to protect stored data.
  • No system is perfectly secure; users should protect their own credentials and devices.

9. International Transfers

Your data may be processed in countries other than your own, including by third-party service providers. Where required, we rely on appropriate safeguards for cross-border data transfers.

10. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, and request portability of your data. You may also have the right to lodge a complaint with your local data protection authority.

To exercise your rights, contact: info@promptmatch.app

11. Children

Prompt Match is not intended for children under the age required by applicable law to consent to data processing in their jurisdiction. If you believe a child provided personal data, contact us for removal.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date.

13. Contact

For privacy-related questions, contact: info@promptmatch.app