Privacy Policy

This Privacy Policy describes how Rishav Raj, operating as Prontly ("we," "us," "our"), collects, uses, shares, and protects personal information when you visit or use www.prontly.in ("Platform"). Prontly is a free AI image prompt library. We do not require account registration. This policy applies to all visitors, regardless of location, and is designed to comply with: - India's Digital Personal Data Protection (DPDP) Act, 2023 - The EU/UK General Data Protection Regulation (GDPR) - The US California Consumer Privacy Act (CCPA) - The US Children's Online Privacy Protection Act (COPPA) - The Information Technology Act, 2000 and IT (Reasonable Security Practices) Rules, 2011 (India)

2.1 Automatically Collected Data When you visit Prontly, the following data is collected automatically by our hosting provider and analytics tools: Device Information: Browser type, OS, device type, screen resolution (Collected by Vercel, Analytics) Network Data: IP address, approximate geographic location (country/city level) (Collected by Vercel) Usage Data: Pages visited, time on page, prompts clicked, referrer URL (Collected by Analytics tools) Advertising Data: Ad impressions, click interactions, browsing behaviour for ad targeting (Collected by Google AdSense) 2.2 Data You Provide Voluntarily Contact enquiries: If you contact us by email, we collect your name, email address, and the content of your message. Donations: If you make a voluntary donation via Razorpay, that transaction is handled entirely by Razorpay. We do not receive or store your payment card details. We may receive your name or email address from Razorpay as a transaction confirmation. 2.3 Data We Do Not Collect ✅ Prontly does not require account registration. We do not collect passwords, login credentials, or any biometric data. We do not sell personal data to data brokers.

For users in the European Economic Area (EEA) and United Kingdom, we process personal data only where we have a valid lawful basis under Article 6 of the GDPR: - Serving the website and logging access data: Legitimate Interests — to operate and secure the platform - Displaying personalised advertisements (Google AdSense): Consent — obtained via cookie consent mechanism - Analytics and performance monitoring: Legitimate Interests — to improve platform performance - Responding to contact enquiries: Legitimate Interests — to respond to and manage user communications - Legal obligation compliance (e.g., court orders): Legal Obligation

We use collected data solely for the following purposes: - To deliver, maintain, and improve the Prontly platform and its content. - To monitor platform performance and identify technical issues. - To display advertisements through Google AdSense to fund the free platform. - To respond to your enquiries or support requests. - To protect the security and integrity of the platform against abuse or unauthorised access. - To comply with applicable legal obligations, including responding to lawful requests from government or law enforcement agencies. ℹ️ We do not use your data for automated decision-making or profiling that has legal or similarly significant effects on you.

We engage the following third-party processors who may have access to data about your visit: Processor: Vercel Inc. (USA) Purpose: Website hosting, edge delivery, server logs Privacy Policy: vercel.com/legal/privacy-policy Processor: Google LLC (USA) Purpose: AdSense advertising, analytics Privacy Policy: policies.google.com/privacy Processor: Razorpay Software Pvt. Ltd. (India) Purpose: Voluntary donation payment processing Privacy Policy: razorpay.com/privacy We do not sell, rent, or trade your personal information with any third party. Data is shared with processors only as strictly necessary to operate the Service.

Data Category: Server/access logs (via Vercel) Retention Period: Up to 30 days, then automatically deleted Data Category: Analytics data (aggregated, anonymised) Retention Period: Up to 26 months (Google Analytics default) Data Category: Email correspondence Retention Period: Up to 2 years from last contact, or as required by law Data Category: Advertising cookies Retention Period: As defined by Google AdSense (typically 13 months)

Depending on your location, you have the following rights regarding your personal data: 📂 Right to Access: Request a copy of the personal data we hold about you. ✏️ Right to Rectification: Request correction of any inaccurate personal data. 🗑️ Right to Erasure: Request deletion of your personal data where we have no legal obligation to retain it. ⏸️ Right to Restrict: Request restriction of processing in certain circumstances. 📦 Right to Portability: Receive your data in a structured, machine-readable format (GDPR users). 🚫 Right to Object: Object to processing based on legitimate interests, including direct marketing. 📬 To exercise any right: Email us at support@prontly.in with the subject line "Privacy Rights Request." We will respond within 30 days (GDPR standard) or 45 days (CCPA standard) of receiving your request. CCPA — California Residents California residents have the right to know what personal information we collect, the right not to be discriminated against for exercising privacy rights, and the right to opt out of the sale of personal information. We do not sell personal information. India DPDP Act 2023 As an Indian-operated platform, Prontly acknowledges its obligations under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). Under this Act, you have the right to obtain a summary of personal data processed, the right to correction and erasure, the right to nominate a person to exercise rights on your behalf in the event of incapacity, and the right to grieve. You may raise a complaint with the Data Protection Board of India if you believe your rights have been infringed.

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately. If you believe a child has submitted personal information, please contact us at support@prontly.in.

As our hosting provider (Vercel) and advertising partner (Google) are based in the United States, your data may be transferred to and processed in countries outside India and the EEA. Where required by GDPR, such transfers are made under appropriate safeguards including Standard Contractual Clauses (SCCs). For users in India, we comply with the cross-border data transfer provisions of the DPDP Act, 2023.

We implement industry-standard security measures to protect your personal data, including TLS encryption for data in transit, access controls on our infrastructure, and reliance on SOC 2-compliant hosting via Vercel. However, no transmission over the internet is 100% secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated Effective Date. We encourage you to review this page periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised Policy.

Data Controller Contact For all privacy-related enquiries, rights requests, or data deletion requests: Name: Rishav Raj Email: support@prontly.in Jurisdiction: India