PRIVACY POLICY

Steal Prompt (operated by Vibhaga Group)

Effective Date: December 1, 2025
Last Updated: December 1, 2025

1. INTRODUCTION

Welcome to Steal Prompt (“we,” “us,” “our,” or “Company“), located at http://https://stealprompt.com (the “Platform“).

We are committed to protecting your privacy and ensuring you have a positive experience on our Platform. This Privacy Policy explains:

What information we collect
How we use and process that information
Your rights regarding your personal data
How we protect your information

This Privacy Policy applies to all users of the Platform, including those in the European Union (GDPR), California (CCPA), India (DPDP Act), and worldwide.

If you do not agree with this Privacy Policy, please do not use our Platform.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

When you use Steal Prompt, we collect information you voluntarily provide, including:

Account Registration:

First name and last name
Email address
Username
Password (securely hashed, never stored in plain text)
Phone number
Country/Region
Street address, town/city, county, postcode
Company name (optional)
VAT number (optional)

Payment Information:

Billing address
Purchase history and transaction records
Subscription plan chosen
Credits purchased and used
Refund requests and reason

Communication:

Messages you send to our support team
Feedback and survey responses
Emails you receive from our newsletters (if subscribed)

Prompt Activity:

Prompts you view, save, and access
Your prompt search history
Collections you create and save
Download history

2.2 Information Collected Automatically

When you visit our Platform, we automatically collect certain information:

Technical Information:

Browser type and version
Operating system
Device type
Referral source (how you found us)
Pages visited and time spent
Clickstream data
Cookies and similar tracking technologies
User behavior and engagement metrics

Location Information:

General location (country/region level) derived from IP address by third parties
Note: We do NOT collect or store your IP address directly. However, third-party services like Google Analytics and advertising partners may collect this information.

2.3 Information from Third Parties

We may receive information about you from:

Payment processors (Stripe, PayPal, Razorpay) – transaction data
Analytics services (Google Analytics, Microsoft Clarity) – behavioral data
Advertising networks (Google Ads, Meta Ads) – engagement and conversion data
Email service providers (Mailchimp, SendGrid, Mailgun) – delivery and engagement metrics

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Account & Service Management

Creating and maintaining your account
Processing your purchases and subscriptions
Issuing refunds and managing billing
Verifying your identity for security purposes
Providing customer support and technical assistance

3.2 Service Improvement & Analytics

Understanding how you use our Platform
Analyzing user behavior and usage patterns through Google Analytics and Microsoft Clarity
Improving our prompts, search functionality, and user experience
Conducting research and analytics
Identifying trends and troubleshooting issues

3.3 Marketing & Communications

Sending you promotional emails (only if you subscribed to our newsletter)
Notifying you about updates, new features, or service changes
Conducting marketing campaigns and surveys
Personalizing your experience based on preferences

3.4 Retargeting & Advertising

Delivering targeted advertisements through Google Ads, Meta Ads, and other advertising partners
Measuring advertising effectiveness and ROI
Creating audience segments for marketing purposes
Note: Third-party advertisers deploy their own pixels and tracking codes on our Platform

3.5 Model Training & AI Development

Using aggregated and anonymized prompt data to improve our AI models and recommendations
Analyzing trends in prompt usage
Developing new features and services
Note: We may use your prompts for machine learning purposes unless you opt-out

3.6 Legal & Compliance

Complying with legal obligations and regulations (GDPR, CCPA, DPDP Act)
Maintaining financial and legal records
Detecting and preventing fraud
Resolving disputes and enforcing agreements

3.7 Data Retention for Records

Keeping your email, username, and basic order information in our financial and legal records even after account deletion
This retention is necessary for compliance, tax purposes, and dispute resolution

4. LEGAL BASIS FOR DATA PROCESSING

4.1 GDPR (European Users)

We process your personal data based on:

Contractual necessity – to perform services you requested
Legitimate interests – to improve our service, prevent fraud, marketing
Legal obligation – to comply with tax, accounting, and legal requirements
Consent – for marketing emails and non-essential cookies (obtained via consent banner)

You have the right to withdraw consent at any time.

4.2 CCPA (California Users)

Under CCPA, you have the right to:

Know what personal information we collect
Delete personal information (with exceptions)
Opt-out of sale or sharing of personal information
Non-discrimination for exercising your rights

We do not sell your personal information to third parties. We do share data with advertising networks for retargeting purposes, which may require your opt-out right.

4.3 DPDP Act (India)

We process your personal data in compliance with India’s Digital Personal Data Protection Act, 2023:

We collect data with your consent
We provide notice of our processing activities
We maintain security measures to protect your data
We honor your rights to access, correct, and delete your data
We use data only for specified purposes

5.1 We Share Data With

Payment Processors:

Stripe, PayPal, Razorpay
They receive transaction information to process payments
They do NOT receive your password or sensitive authentication information
We do NOT store credit card details

Analytics & Tracking:

Google Analytics – behavioral and usage data
Microsoft Clarity – session recordings and heatmaps
These services collect data about your browsing behavior

Advertising Networks:

Google Ads
Meta Ads (Facebook)
These networks receive data to deliver retargeted advertisements
They deploy their own pixels and tracking codes on our Platform

Email Service Providers:

Mailchimp
SendGrid
Mailgun
They receive email addresses and engagement data for email marketing

Hosting & Infrastructure:

Google Cloud Platform (GCP)
Milesweb.com
Your data is stored on their servers in the United States and India

Future Services:

Cloudflare (CDN) – we plan to use this in the future for content delivery

5.2 We Do NOT Share Data With

We do NOT sell your personal data to advertisers or third parties
We do NOT share your data with unaffiliated companies for their own marketing purposes
We do NOT rent your email address to external parties

5.3 Data Processors & Agreements

All third-party service providers are contractually required to:

Use your data only for the purposes we specify
Implement appropriate security measures
Comply with applicable privacy laws (GDPR, CCPA, DPDP Act)

6. DATA RETENTION & DELETION

6.1 How Long We Keep Your Data

Active Users:

We retain your account data as long as your account is active

After Account Deletion:

We retain your data for over 1 month to ensure system integrity and backup recovery
After this period, we delete most personal information

Financial & Legal Records:

We retain the following indefinitely for legal compliance:
- Email address
- Username
- Basic order information (purchase history, transaction details)
- Refund records
- Payment history
This retention is required by tax laws, financial regulations, and potential legal disputes

Cookies & Tracking:

Session cookies are deleted when you close your browser
Analytics and preference cookies expire based on your browser settings (typically 2 years)
You can delete cookies anytime through your browser settings

6.2 Your Right to Data Deletion

You can request deletion of your account and personal data by:

Emailing us at info@vibhaga.com
Specifying in your email that you want to delete your account

Upon deletion request:

We will delete your account data within 30 days
We will retain only your email, username, and order history as required by law
You will receive a confirmation email when deletion is complete

Exceptions to deletion:

If you have made any paid purchases, we MUST retain:
- Your email address
- Your username
- Transaction history and order details
This is required for financial records, tax compliance, and potential disputes

7. COOKIES & TRACKING TECHNOLOGIES

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us remember your preferences and track your activity.

7.2 Types of Cookies We Use

Essential/Functional Cookies:

Session cookies (for login and account management)
Security cookies (for fraud prevention)
Preference cookies (remembering your language, theme, etc.)
Status: Always active (required for Platform to work)

Analytics Cookies:

Google Analytics cookies (tracking user behavior)
Microsoft Clarity cookies (recording sessions)
Status: Active (you can opt-out through browser settings)

Advertising/Retargeting Cookies:

Google Ads cookies (retargeting across the web)
Meta/Facebook Ads cookies (retargeting on social media)
Status: Active (can be opted out via Google Ad Settings or Meta Ads Preferences)

7.3 Managing Cookies

You can control cookies through:

Browser Settings:

Most browsers allow you to disable cookies or be notified when cookies are set
You can also clear cookies from your browser’s settings menu

Opt-Out from Specific Services:

Google Analytics: Opt-out here
Google Ads: Manage your ads preferences
Meta Ads: Ad Preferences

Note: Disabling essential cookies may affect your ability to use certain features of our Platform.

8. DATA SECURITY

8.1 How We Protect Your Data

We implement industry-standard security measures:

Technical Security:

SSL/TLS encryption for data in transit (secure HTTPS connection)
Encrypted data storage on secure servers
Regular security updates and patches
Firewalls and intrusion detection systems

Operational Security:

Limited employee access to personal data (need-to-know basis)
Confidentiality agreements with all staff
Secure password hashing (never stored in plain text)
Regular security audits and assessments

Payment Security:

PCI DSS compliance for payment processing
Credit card data is NOT stored by us (handled by Stripe, PayPal, Razorpay)
Secure tokenization for repeated payments

8.2 Data Breach Notification

In the event of a data breach that compromises your personal information:

We will notify affected users as soon as possible
We will notify relevant authorities as required by law (within 72 hours for GDPR)
We will provide guidance on protective measures

8.3 Limitations

While we strive to protect your data, no security system is 100% secure. We cannot guarantee absolute protection against unauthorized access, hacking, or data loss.

9. YOUR PRIVACY RIGHTS

Depending on where you live, you have the following rights:

9.1 GDPR Rights (European Users)

Right to Access:

You can request a copy of all personal data we hold about you

Right to Rectification:

You can request corrections to inaccurate or incomplete data

Right to Erasure (“Right to be Forgotten”):

You can request deletion of your personal data
Exceptions apply for legal obligations and financial records (see Section 6.2)

Right to Restrict Processing:

You can ask us to limit how we use your data

Right to Data Portability:

You can request your data in a portable format
Note: Currently, users cannot self-export their data; you must request it

Right to Object:

You can object to marketing emails
You can opt-out of analytics and advertising cookies

Right to Withdraw Consent:

You can withdraw consent for marketing emails and non-essential cookies

Right to Lodge a Complaint:

You can file a complaint with your local Data Protection Authority

How to Exercise These Rights:

Email us at info@vibhaga.com with your request
We will respond within 30 days

9.2 CCPA Rights (California Users)

Right to Know:

You can request what personal information we collect about you

Right to Delete:

You can request deletion of personal information (with legal exceptions)

Right to Opt-Out:

You can opt-out of “sale” or “sharing” of personal information
Note: We don’t “sell” data but do share with advertising networks for retargeting

Right to Correct:

You can request correction of inaccurate personal information

Right to Limit Use:

You can limit how we use your sensitive personal information

Right to Non-Discrimination:

We will not discriminate against you for exercising your CCPA rights

How to Submit a Request:

Email us at info@vibhaga.com
Include “CCPA Request” in the subject line
We will verify your identity and respond within 45 days

9.3 DPDP Act Rights (India Users)

Right to Access:

You can request access to all personal data we hold

Right to Correction:

You can request correction of inaccurate data

Right to Deletion:

You can request deletion of your data
Exceptions: legal obligations, financial records

Right to Data Portability:

You can request your data in a portable format

Right to Withdraw Consent:

You can withdraw your consent for data processing

Right to Grievance Redressal:

You can file a grievance with our Data Protection Officer (DPO)

How to Submit a Request:

Email us at info@vibhaga.com
We will respond within 30 days

10. THIRD-PARTY LINKS & SERVICES

Our Platform may contain links to third-party websites, plugins, and services that are not operated by us, including:

Third-party payment processors
Social media platforms
Analytics tools
Advertising networks

We are NOT responsible for:

The privacy practices of these third parties
The content on their websites
How they collect, use, or share your data

We recommend: Reviewing the privacy policies of any third-party services before providing your information.

11. AGE RESTRICTIONS & CHILDREN

Our Platform is intended for users who are 18 years of age or older.

We do not knowingly collect personal information from children (defined as individuals under 18 in most jurisdictions, or under 13 in California under COPPA).

If we discover that a child has provided personal information:

We will delete that information immediately
We will notify the parent/guardian if possible

For parents/guardians: If you believe your child has provided information to us, please contact us immediately at info@vibhaga.com.

12. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to, stored in, and processed in countries other than where you reside, including:

United States (Google Cloud Platform)
India (Milesweb.com servers)
European Union (via third-party service providers)

For users in the EU:

We use Standard Contractual Clauses (SCCs) to ensure adequate protection
Your data is protected by GDPR requirements

For users in California:

We comply with CCPA cross-border data transfer requirements

For users in India:

We comply with DPDP Act localization requirements where applicable

By using our Platform, you consent to international data transfers.

13. PROMOTIONAL EMAILS & OPT-OUT

We send promotional emails ONLY to users who have subscribed to our newsletter.

13.1 How to Manage Email Preferences

Opt-Out of Promotional Emails:

Click the “Unsubscribe” link at the bottom of any promotional email
Email us at info@vibhaga.com with “Unsubscribe” in the subject line
Update your preferences in your account settings

Transactional Emails:

We will continue to send important transactional emails (account alerts, purchase confirmations, password resets) even if you unsubscribe
These emails are essential for account management

Response Time: Within 48 hours of your request

14. DO NOT TRACK (DNT)

Some browsers include a “Do Not Track” (DNT) feature.

Our Response:

We do NOT currently recognize or respond to DNT signals
We will continue to collect data as described in this Privacy Policy
However, you can use browser settings to control cookies and tracking

15. CALIFORNIA PRIVACY RIGHTS (SHINE THE LIGHT)

Under California’s “Shine the Light” law, California residents can request information about personal data we share with third parties for their direct marketing purposes.

To submit a request:

Email us at info@vibhaga.com
Include “Shine the Light Request” in the subject line
We will respond within 30 days

16. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

Changes in our data practices
New laws or regulations
Feedback from users
Technology improvements

How we notify you:

We will post updates on this page
We will update the “Last Updated” date at the top
For material changes, we will send an email notification
We may ask for your explicit consent for certain changes

Your responsibility: It is your responsibility to review this Privacy Policy periodically for updates.

17. DATA PROTECTION OFFICER (DPO) & CONTACT INFORMATION

For questions, concerns, or to exercise your privacy rights, contact us:

Vibhaga Group
Email: info@vibhaga.com
Phone: +91 9700704595
Website: http://https://stealprompt.com

Response Time: We will respond to all privacy requests within 30 days (or as required by applicable law).

Escalation: If you are not satisfied with our response, you can:

File a complaint with your local Data Protection Authority:
- EU: Your national Data Protection Authority
- California: California Attorney General (CA Privacy Division)
- India: Data Protection Board or file a grievance with our DPO

18. SPECIFIC DISCLOSURES FOR CALIFORNIA USERS (CCPA)

18.1 Categories of Personal Information Collected (Last 12 Months)

Identifiers (name, email, phone, username)
Commercial information (purchase history, billing address)
Internet/Electronic activity (browsing history, cookies, device info)
Geolocation data (country/region from IP address)
Professional information (company name, job role if provided)
Inferences (preferences, interests based on behavior)

18.2 Purpose of Collection

Account management and service provision
Payment processing
Analytics and service improvement
Marketing and advertising
Model training and AI development
Legal compliance

18.3 Source of Information

Information you provide directly
Automatically collected through your use of the Platform
Information received from third-party services

18.4 Retention Period

Active user data: Retained while account is active
After deletion: 1+ month, then deleted except financial records
Financial records: Retained indefinitely per legal requirements

18.5 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as:

Social Security numbers
Precise geolocation
Racial or ethnic origin
Religious beliefs
Biometric information
Health information
Sexual orientation

Exception: Payment processors (Stripe, PayPal, Razorpay) may collect financial information.

19.1 Legal Basis for Processing

Contractual necessity – providing Platform services
Legitimate interests – improving services, fraud prevention, marketing
Legal obligation – tax, accounting, data retention laws
Consent – for marketing emails and non-essential tracking

19.2 Recipients of Data

Payment processors (Stripe, PayPal, Razorpay)
Analytics providers (Google, Microsoft)
Email service providers (Mailchimp, SendGrid, Mailgun)
Advertising networks (Google, Meta)
Hosting providers (GCP, Milesweb)

19.3 Your GDPR Rights

See Section 9.1 for full details on:

Right to access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Right to withdraw consent

20. SPECIFIC DISCLOSURES FOR INDIA USERS (DPDP ACT)

20.1 Processing Activities

We process your personal data for:

Account management
Service delivery
Payment processing
Analytics and improvement
Marketing (with consent)
Legal compliance

20.2 Consent Management

We obtain your explicit consent for non-essential processing
You can withdraw consent at any time
Withdrawal does not affect the lawfulness of processing before withdrawal

20.3 Data Localization

Your data may be stored on servers in the United States and India
We comply with DPDP Act localization requirements where applicable

20.4 Your Rights

See Section 9.3 for full details on:

Right to access
Right to correction
Right to deletion
Right to data portability
Right to withdraw consent
Right to grievance redressal

21. DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, such as collection, use, storage, sharing, or deletion.

Data Controller: The organization (Vibhaga Group) that determines the purposes and means of data processing.

Data Processor: Third parties that process data on our behalf (e.g., payment processors, hosting providers).

Consent: Freely given, specific, informed agreement to process personal data.

Legitimate Interest: A reason to process data that is necessary for our business purposes and does not override user rights.

22. ACKNOWLEDGMENT

By using Steal Prompt, you acknowledge that you have:

Read and understood this Privacy Policy
Agreed to our data collection and processing practices
Understood your privacy rights

If you do not agree, please do not use our Platform.

23. CONTACT & SUPPORT

For any questions, concerns, or requests related to this Privacy Policy:

Email: info@vibhaga.com
Phone: +91 9700704595
Website: http://https://stealprompt.com

We will respond within 30 days of your inquiry.

24. GOVERNING LAW

This Privacy Policy is governed by the laws of India and the regulations of jurisdictions where our users are located (including EU, California, and India).

Any disputes related to privacy will be subject to:

India: Indian courts and applicable Indian laws
EU: GDPR and applicable EU data protection laws
California: CCPA and applicable California laws

END OF PRIVACY POLICY

Document Version: 1.0
Effective Date: December 1, 2025
Next Review Date: December 1, 2026

This Privacy Policy complies with:
✓ GDPR (General Data Protection Regulation)
✓ CCPA (California Consumer Privacy Act)
✓ DPDP Act (Digital Personal Data Protection Act, India)
✓ General international privacy best practices