Privacy Policy

Last updated April 21, 2026

This notice for Robert-Rami Youssef, a sole trader registered in the Czech Trade Licensing Register (Živnostenský rejstřík), IČO: 11844744, DIČ: CZ9805071386 (not a VAT payer / neplátce DPH), with registered place of business at Vysočanská 237/101, 190 00 Praha 9, Czech Republic (“we,” “us,” “our,” or the “Operator”), describes how we collect, use, and share information when you use our Prompt Copilot Web Extension (the “Extension”), which enhances your interactions with AI models including ChatGPT, Claude, Gemini, and other web-based AI platforms.

Questions or concerns? Reading this notice will help you understand your privacy rights and choices. If you do not agree with our practices, please do not use the Extension. For questions, contact us at [email protected].

SUMMARY OF KEY POINTS

What personal information do we process? When you use the Extension, we may process personal information depending on how you interact with it. The primary data we process relates to your context profiles and prompt interactions for the sole purpose of enhancing your AI model interactions.

Do we process sensitive personal information? No.

Do we receive information from third parties? No.

How do we process your information? Exclusively to provide, improve, and personalize your AI prompt interactions.

Do we sell personal information? No.

What are your rights? EU, UK, Swiss, and U.S. state residents have specific rights described below.

1. WHAT INFORMATION DO WE COLLECT?

Information You Provide

  • Context Profile Data: information you input to create personalized context profiles (such as professional background, areas of expertise, preferred communication style)
  • Prompt History: your prompts and enhanced prompts, to improve prompt suggestions
  • User Preferences: settings and preferences for how you want the Extension to function
  • Account Information (if applicable): email address and username if you create an account for syncing profiles across devices

Automatically Collected Information

  • Extension Usage Data: features used, frequency, interaction patterns
  • Performance Data: load times, errors, and technical metrics
  • Browser Information: browser type and version, for compatibility only
  • Approximate Location: derived from IP address for localization and analytics; we do not collect precise geolocation

We do NOT collect:

  • your conversations with AI models beyond the prompts you actively enhance
  • personal data from websites you visit unless you actively use Extension features
  • passwords, financial information, or other sensitive data from web forms

2. HOW DO WE PROCESS YOUR INFORMATION?

  • Prompt Enhancement: using your context profiles to optimize prompts for better AI model outputs
  • Prompt Autocomplete: suggesting completions based on your context and prompt patterns
  • Personalization: tailoring the Extension to your specific use cases
  • Service Improvement: analyzing aggregated, anonymized usage to improve features
  • Technical Support: resolving issues and responding to support requests
  • Security: protecting against misuse and ensuring security

3. LEGAL BASES FOR PROCESSING (GDPR)

If you are in the EEA, UK, or Switzerland, we rely on the following legal bases under the GDPR and Czech Act No. 110/2019 Coll.:

  • Consent (Art. 6(1)(a)): for context profile data and prompts; withdrawable at any time
  • Legitimate Interests (Art. 6(1)(f)): for service improvement, security, and fraud prevention
  • Contract Performance (Art. 6(1)(b)): for paid subscriptions
  • Legal Obligations (Art. 6(1)(c)): where required by law

4. SHARING OF PERSONAL INFORMATION

We share information only in limited situations:

  • AI Model Providers: your enhanced prompts are sent to the AI models you're interacting with (as part of core functionality). We do NOT share your context profiles with these providers.
  • Service Providers (Processors): cloud storage and analytics providers, bound by written data-processing agreements meeting GDPR Article 28 requirements
  • Business Transfers: in the event of a sale of the business or its assets, subject to the same privacy protections
  • Legal Requirements: when required by law, court order, or governmental authority

We do NOT sell personal information and do not share it for targeted advertising under U.S. state privacy laws.

INTERNATIONAL DATA TRANSFERS

The Service is hosted in the European Union, with U.S. infrastructure for certain service providers. If you access the Service from outside your country of residence, your personal information may be transferred to, stored, and processed in countries other than your own, including countries that may not have the same level of data protection as your home jurisdiction.

For transfers of personal data originating in the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not received an adequacy decision from the European Commission (including the United States, in certain cases), we rely on appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission (Module 2 or Module 3 as applicable)
  • The EU-U.S. Data Privacy Framework, where the relevant U.S. service provider is self-certified
  • Your explicit consent for specific transfers, where appropriate

By using the Service, U.S. residents acknowledge that their data may also be transferred to and processed in the Czech Republic and other countries within the European Economic Area.

6. DATA RETENTION

  • Context Profiles: stored locally in your browser; retained until you delete them or uninstall the Extension
  • Cloud-Synced Data: retained until account deletion
  • Usage Analytics: anonymized data may be retained up to 24 months
  • Legal Compliance: longer retention where required by law

7. DATA SECURITY

We implement technical and organizational measures in accordance with Article 32 GDPR:

  • encryption of locally-stored context profiles
  • TLS encryption for data in transit
  • access controls on a need-to-know basis
  • regular security reviews
  • incident response and breach notification procedures

No method is 100% secure. We cannot guarantee absolute security.

8. DATA BREACH NOTIFICATION

We will notify you of a personal data breach likely to result in high risk to your rights and freedoms, in accordance with Article 34 GDPR, and notify the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ) within 72 hours, in accordance with Article 33 GDPR. For U.S. users, we will provide notice as required by applicable state data breach notification laws.

9. CHILDREN'S PRIVACY

The Extension is not directed to children under 16 (or 15 in the Czech Republic, per Article 8 GDPR as implemented in Czech law). We do not knowingly collect personal information from minors. U.S.: see the COPPA section under U.S. State Privacy Rights below.

10. EU/UK/SWISS PRIVACY RIGHTS

Under GDPR, UK GDPR, and the Swiss Federal Act on Data Protection, you have the following rights:

  • Access (Art. 15): receive a copy of your personal data
  • Rectification (Art. 16): correct inaccurate or incomplete data
  • Erasure (Art. 17): request deletion
  • Restriction (Art. 18): limit processing
  • Portability (Art. 20): receive your data in a machine-readable format
  • Object (Art. 21): object to processing based on legitimate interests
  • Automated Decisions (Art. 22): we do not engage in automated decision-making with legal effects
  • Withdraw Consent: at any time, without affecting prior lawful processing
  • Lodge a Complaint: with the Czech Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz, or with the supervisory authority of your EU Member State

To exercise these rights, email [email protected]. We respond within one month, extendable by two months for complex requests (Art. 12 GDPR).

U.S. STATE PRIVACY RIGHTS

We offer the Service to residents of the United States. Depending on the state in which you reside, you may have additional privacy rights under applicable U.S. state privacy laws. As of the effective date of this notice, comprehensive state privacy laws have been enacted in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Nebraska, Maryland, Minnesota, Rhode Island, Indiana, and Kentucky, among others.

Rights Available to U.S. State Residents (Where Applicable)

Subject to the thresholds and exemptions of each state's law, you may have the right to:

  • Know / Access: confirm whether we process your personal information and request a copy
  • Correct: request correction of inaccurate personal information
  • Delete: request deletion of personal information we have collected from you
  • Portability: receive a copy of your personal information in a portable, readable format
  • Opt-Out of Sale/Sharing: opt out of the “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined under U.S. state privacy laws)
  • Opt-Out of Targeted Advertising: opt out of processing for targeted advertising
  • Opt-Out of Profiling: opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (we do not engage in such profiling)
  • Limit Use of Sensitive Information: restrict use of sensitive personal information (we do not process sensitive personal information as defined by applicable state laws)
  • Non-Discrimination: not be discriminated against for exercising these rights
  • Appeal: in states that provide an appeal right (e.g., Virginia, Colorado, Connecticut), appeal our decision on your request

California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), provides you with the rights described above and the following additional rights:

  • Shine the Light: under California Civil Code § 1798.83, request information about categories of personal information disclosed to third parties for direct marketing purposes (we do not disclose personal information for third-party direct marketing)
  • Minors: California residents under 18 with a registered account may request removal of content they publicly posted

Categories of personal information collected in the past 12 months: identifiers (email, name), commercial information (subscription status), Internet activity (usage data), geolocation (approximate, derived from IP), and inferences drawn from the above. We do not collect biometric, audio/visual, education, or employment data. We have not sold or shared personal information as defined by the CCPA in the preceding 12 months.

Categories of sensitive personal information: none.

Retention: we retain personal information for as long as necessary for the purposes disclosed in this notice, typically not exceeding 24 months after your last use of the Service, unless a longer period is required by law.

To submit a CCPA request, email [email protected]. You may designate an authorized agent; we may require written proof of authorization. We will respond within 45 days, with one 45-day extension if necessary.

Virginia Residents (VCDPA)

Under the Virginia Consumer Data Protection Act, Virginia residents have the rights listed above. We do not sell personal data, conduct targeted advertising based on cross-context tracking, or engage in profiling that produces legal or similarly significant effects. We will respond within 45 days (extendable once by 45 days for complex requests). You have the right to appeal a denied request; submit appeals by email to the address below. If we deny your appeal, you may contact the Virginia Attorney General at oag.state.va.us.

Other States (CPA, CTDPA, UCPA, TDPSA, and Comparable Laws)

Residents of Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Nebraska, Maryland, Minnesota, Rhode Island, Indiana, Kentucky, and any other state with a comprehensive privacy law in effect may exercise equivalent rights under their state's law. We will honor validly submitted requests in accordance with the applicable state law's timing, verification, and appeal procedures. For Colorado and Connecticut residents, we honor universal opt-out mechanisms (such as the Global Privacy Control signal) where technically feasible.

Children's Privacy (COPPA)

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 in compliance with the U.S. Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq. If we learn we have collected personal information from a child under 13 without verified parental consent, we will delete it promptly. Parents who believe their child has provided personal information may contact us at [email protected] to request deletion.

How to Exercise U.S. Privacy Rights

To exercise any of the rights described in this section:

  • Email us at [email protected] with the subject line “Privacy Rights Request” and specify the state you reside in and the right you are exercising
  • Provide enough information to verify your identity (we will request additional information if needed; we will not use it for any other purpose)

We will not discriminate against you for exercising any privacy right.

DATA PROTECTION OFFICER

We are not required to appoint a Data Protection Officer under Article 37 GDPR given the scale and nature of our processing. For privacy matters, contact [email protected].

COOKIES AND DO-NOT-TRACK

The Extension itself does not use cookies. If you create an account on our website, we use strictly necessary cookies for authentication. We honor the Global Privacy Control (GPC) signal where applicable, and respect browser Do-Not-Track settings by limiting collection to essential functionality.

CHANGES TO THIS NOTICE

We may update this notice. The “Last updated” date will change, and we will notify you of material changes through the Extension or by email. Continued use after changes means you accept them.

CONTACT

Robert-Rami Youssef

Vysočanská 237/101, 190 00 Praha 9, Czech Republic

IČO: 11844744

DIČ: CZ9805071386 (not a VAT payer / neplátce DPH)

Registered in the Czech Trade Licensing Register (Živnostenský rejstřík)

Email: [email protected]

For privacy-specific inquiries: [email protected]

© 2026 Robert-Rami Youssef. All rights reserved.

Return to Top

The New Era Of AI
Prompts Is Here

Get Started Today

Prompt Copilot © 2026

Privacy Policy Terms & Conditions