Privacy Policy

The data controller responsible for your personal data is:

This Privacy Policy applies to:

• The PromptSense desktop application ("the Application")
• The PromptSense website at promptsense.eu ("the Website")
• Any communications you have with us (e.g. email inquiries)

3.1 No Data Collection by Bootstrap OÜ

PromptSense is a locally-run desktop application. All AI processing, document analysis, and chat interactions take place entirely on your own device. Bootstrap OÜ does not collect, receive, transmit, or store any of the following:

• Your prompts, queries, or conversations
• Documents or files you upload
• AI model outputs or responses
• Any personal data you enter into the Application

3.2 Your Responsibility as Local Data Controller

When you use the Application to process personal data of third parties (e.g. customer documents, employee records), you act as the data controller for that processing. You are responsible for ensuring you have a valid legal basis under GDPR Article 6 and, where applicable, Article 9 for any personal data you process using the Application.

3.3 Local Storage

The Application stores configuration settings, downloaded AI models, and user preferences locally on your device. This data never leaves your machine unless you explicitly export or transfer it.

4.1 Data We Collect on the Website

When you visit promptsense.eu, our hosting infrastructure may automatically collect:

• IP address (anonymised where possible)
• Browser type and version
• Operating system
• Referring URL
• Pages visited and time of visit
• Download events

4.2 Legal Basis

Website access log data is processed on the basis of our legitimate interest (GDPR Article 6(1)(f)) in maintaining the security and availability of the Website and understanding aggregate usage patterns.

4.3 Hosting

The Website is hosted on Amazon Web Services (AWS) infrastructure within the European Union (eu-west-1, Ireland region). AWS acts as a data processor under a Data Processing Agreement with Bootstrap OÜ and complies with GDPR requirements.

If you contact us by email at team@promptsense.eu, we will process your name, email address, and the content of your message in order to respond to your inquiry.

Legal Basis

Processing is based on our legitimate interest (GDPR Article 6(1)(f)) in responding to inquiries, or, where you have entered into a contract with us, on the performance of that contract (Article 6(1)(b)).

Retention

Email correspondence is retained for up to 3 years unless a longer retention period is required by law or necessary for the establishment, exercise, or defence of legal claims.

The Website does not currently use tracking cookies, advertising cookies, or third-party analytics services. We may use technically necessary session cookies to ensure basic Website functionality.

If we introduce cookies in the future, we will update this policy and implement appropriate consent mechanisms in compliance with the ePrivacy Directive and GDPR.

We use the following third-party services in connection with the Website and Application:

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

We primarily process data within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms under GDPR Chapter V.

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Website access logs: up to 90 days
• Email communications: up to 3 years
• Licensing and legal correspondence: up to 10 years (statutory requirements)
• Application data: stored locally on your device; we have no access or control over it

As a data subject under GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at team@promptsense.eu. We will respond within 30 days.

You have the right to lodge a complaint with the competent supervisory authority. In Estonia, the supervisory authority is:

You may also lodge a complaint with the supervisory authority in your country of residence or place of work within the EU/EEA.

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• Encrypted data transmission (TLS) for all Website traffic
• Access controls limiting data access to authorised personnel only
• Infrastructure hosted within the EU under GDPR-compliant agreements
• Regular review of data processing activities and security measures

PromptSense is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately at team@promptsense.eu.

We may update this Privacy Policy from time to time. Material changes will be notified via the Website. The date of the most recent revision is indicated at the top of this page. We encourage you to review this policy periodically.

Continued use of the Application or Website after any changes constitutes acceptance of the updated policy.

For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices: