Legal
Privacy Policy
Last updated: 2026-07-05
This Privacy Policy explains how Yulan Ventures, LLC, doing business as PromptEden ("PromptEden," "we," "us"), collects, uses, shares, and protects personal information when you use our website, applications, AI agent for AEO, research, content generation, publishing, AI search visibility monitoring, and related services (collectively, the "Services"). Our mailing address is 1211 W 6th St, Ste #600-188, Austin, TX 78703.
1. Scope
This Privacy Policy applies to information processed by PromptEden when you:
- Create or use a PromptEden account.
- Visit prompteden.com or app.prompteden.com.
- Use Eden or other Services to research, generate, approve, publish, or monitor content.
- Connect publishing destinations, APIs, or integrations.
- Interact with our support, sales, or product teams.
- Receive communications from us, including email and product updates.
2. Information We Collect
2.1 Information You Provide
- Account information, such as name, email address, company name, and account credentials.
- Workspace and campaign information, such as monitored domains, brand terms, competitor names, custom prompts, report preferences, notification settings, keywords, target pages, and content goals.
- Communications, including support tickets, demo requests, feedback, and messages sent to us.
2.2 Billing and Transaction Information
We use Stripe to process subscription payments. We receive billing metadata from Stripe, such as plan, billing status, transaction timestamps, invoices, and partial payment identifiers, but we do not store full payment card numbers.
2.3 Usage and Device Information
- Log and analytics data, such as IP address, browser type, pages viewed, feature usage, error logs, and timestamps.
- Device and connection data, such as operating system, approximate location derived from IP, and referral source.
- Session and authentication data needed to keep you signed in and secure your account.
- Marketing attribution data, such as UTM parameters, landing page path, referrer, and first-touch and last-touch attribution timestamps, collected via a first-party cookie.
- Product engagement and growth data, such as activation stage, lifecycle state, feature adoption events, and approval workflow events used to improve the product experience.
2.4 Content and Publishing Data
We process content and publishing data you provide or approve for use with the Services, including brand-voice materials, writing rules, source content, research inputs, drafts, generated articles, approved Outputs, published articles, publishing destinations, agent conversations, approval cards, approval and rejection history, cost estimates, and actual credit usage.
2.5 Integration Credentials
If you connect publishing destinations or other integrations, we process encrypted tokens, API keys, credentials, webhook signing configuration, repository metadata, CMS metadata, and similar integration data needed to perform actions you approve.
2.6 AI Visibility Monitoring Results and Related Data
Our Services analyze and store AI search visibility outputs, including full responses from third-party AI systems, provider name, model name, timestamp, prompt content, locale hints, citation sources, ranking and visibility metrics, brand mentions, and related metadata. These outputs may contain public information about brands and websites that you choose to monitor.
3. How We Use Information
We use personal information to:
- Provide, operate, maintain, secure, and improve the Services.
- Authenticate users, secure accounts, and prevent fraud or abuse.
- Process subscriptions, billing, invoices, plan changes, credits, and usage-based charges.
- Perform agent-driven research, content generation, enrichment, publishing workflows, and AI search visibility monitoring.
- Generate drafts, reports, analytics, recommendations, approval cards, cost estimates, and monitoring insights.
- Publish or transmit approved Outputs and related data to the destinations you connect and approve.
- Develop new features, products, and services.
- Create aggregated, anonymized, or de-identified datasets for benchmarking, research, and product improvement purposes. Once data is aggregated or anonymized such that it no longer identifies you, it is no longer personal information and may be used for any lawful business purpose without restriction.
- Respond to support requests and communicate service updates.
- Comply with legal obligations and enforce our Terms of Service.
4. Legal Bases for Processing (GDPR)
If you are in the EEA, UK, or Switzerland, we process personal data under one or more of these legal bases:
- Performance of a contract, for example to deliver paid features, generate requested Outputs, run monitoring, and publish approved content.
- Legitimate interests, for example product improvement, security, fraud prevention, analytics, and service reliability.
- Compliance with legal obligations.
- Consent, where required, for example optional marketing communications or non-essential cookies in certain jurisdictions.
5. How We Share Information
We do not sell personal information. We share data only as described below:
- Service providers that support our operations, billing, infrastructure, analytics, email, security, and error monitoring. See our Subprocessors page for a current list.
- AI model providers and AI routing services to perform agent-driven research, reasoning, content generation, monitoring analysis, and retrieval of AI search responses requested or approved by you. These providers may process customer workspace content, brand-voice materials, prompts, drafts, and model parameters.
- Search, SEO, and data enrichment providers to retrieve SERP, backlink, search-volume, citation, and video metadata used by the Services.
- Publishing destinations and integrations you connect, such as your website, WordPress instance, GitHub repository, API, or webhook endpoint. Publishing and credit-spending actions occur only upon your explicit approval. Transfers to destinations you connect are made at your instruction to your own providers; those destinations are not our subprocessors.
- Legal authorities when required by law, subpoena, or other lawful process.
- Corporate transactions, such as merger, financing, acquisition, or asset transfer, subject to standard confidentiality safeguards.
6. Key Third-Party Services
The Subprocessors page is the authoritative, updatable list of subprocessors. Key services include:
- Stripe: subscription billing and payment processing.
- Supabase: authentication, database, storage, and backend data services.
- Vercel: hosting and delivery infrastructure.
- Railway: background worker hosting and job execution.
- Sentry: application monitoring, diagnostics, and error tracking.
- PostHog: product analytics, including pageviews, feature usage, and session-level engagement data.
- Resend: transactional and lifecycle email.
- DataForSEO: SERP, backlink, and search-volume enrichment.
- Anthropic: AI agent reasoning, research, content generation, and monitoring analysis.
- OpenRouter: AI model routing for agent research and content generation. OpenRouter may route requests to downstream model providers as sub-subprocessors.
- OpenAI, Google, Perplexity, and Microsoft/Azure: AI visibility monitoring queries and related outputs.
- Fal.ai: article image generation using image prompts derived from customer content.
7. Cookies and Similar Technologies
We use cookies and similar technologies for essential site operations, attribution, performance measurement, and product analytics. Please see our Cookie Policy at /legal/cookies for details on cookie categories, purposes, and controls.
8. Data Retention
We retain personal information for as long as necessary to provide the Services and fulfill legal, accounting, billing, security, and operational obligations.
- Account and billing records are retained while your account is active and for a reasonable period afterward, typically up to 12 months after account closure, or longer where required for tax, accounting, legal, or dispute purposes.
- Content, publishing data, drafts, approval history, monitoring data, full AI responses, reports, and related metadata are retained according to your plan settings, workspace configuration, operational needs, and legal obligations.
- Integration credentials are retained while the integration is connected and for a limited period afterward as needed for security, audit, backup, or legal purposes.
- Marketing attribution data is retained for 30 days via first-party cookie and in our analytics systems for as long as your account is active.
- Backup and security logs are retained for limited periods, typically up to 90 days, consistent with operational and compliance needs.
We may anonymize or aggregate data so it no longer identifies an individual. You may request deletion of your personal data at any time by contacting [email protected], subject to legal and operational exceptions.
9. Security
We use technical and organizational safeguards designed to protect personal information, including encryption in transit, access controls, and monitoring practices. No system is completely secure, and we cannot guarantee absolute security.
10. Your Rights and Choices
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal data.
- Access and correction: request a copy of your data or correct inaccurate data.
- Deletion: request deletion of your personal data, subject to legal exceptions.
- Portability/export: request export of your account data in a structured format.
- Marketing opt-out: unsubscribe from promotional emails at any time.
To exercise rights, contact [email protected].
11. California Privacy Rights (CCPA/CPRA)
California residents may have rights to know, access, delete, and correct personal information and to opt out of certain uses of personal information. PromptEden does not sell personal information or share personal information for cross-context behavioral advertising.
We will not discriminate against you for exercising privacy rights.
12. International Transfers
We may process information in countries other than where you reside. When required, we use appropriate safeguards for international transfers, such as contractual protections. AI routing services may route requests to downstream model providers in varying locations, as described on our Subprocessors page.
13. Children's Privacy
The Services are not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us and we will take appropriate steps.
14. Disclaimer of Liability for Data Accuracy
PromptEden provides AI-generated Outputs, AI monitoring data, search visibility data, recommendations, citations, rankings, and related results for informational and workflow purposes. We do not guarantee the accuracy, completeness, originality, legality, or reliability of any data collected, processed, generated, or presented through the Services. You acknowledge that AI-generated outputs originate from third-party systems beyond our control and may be inaccurate or change without notice. PromptEden expressly disclaims all liability for any decisions, approvals, publications, actions, or omissions taken in reliance on data or Outputs provided through the Services.
15. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and provide additional notice where required.
16. Contact Us
For privacy questions, rights requests, or data protection inquiries, contact:
- Email: [email protected]
- General support: [email protected]