Privacy Policy
Last updated: April 25, 2026
1. Information About the Data Controller
The website Cinematic Prompt Builder is operated as an individual project without formal business registration.
Responsible Party: Individual developer/project owner
Contact: For any questions regarding privacy, data protection, or to exercise your rights, please contact us via our contact form.
2. Data We Collect
2.1 Data You Provide Directly
- Form data: text inputs, selections, and preferences you enter when generating prompts
- Language and theme preferences (stored locally in your browser)
- Cookie consent preferences
2.2 Automatically Collected Data
- Browser type and version
- Device type and screen resolution
- Approximate geographic location (country level)
- Pages visited and interactions on the Site
- Referring URL and search terms (if applicable)
3. Purposes and Legal Basis for Processing
We process your personal data only for the following purposes, based on the indicated legal grounds:
| Purpose | Data Type | Legal Basis |
|---|---|---|
| Site functionality & preferences | Language, theme, consent | Legitimate interest / Essential cookies |
| Analytics (with consent) | Usage data, device info | Consent (Article 6.1.a GDPR) |
| Advertising (with consent) | Device info, usage data | Consent (Article 6.1.a GDPR) |
| Security & fraud prevention | Access logs, IP address | Legitimate interest (Article 6.1.f GDPR) |
4. Data Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
- Cookie consent data: 12 months from the date of your choice
- Analytics data (with consent): 14 months (Google Analytics default)
- Advertising data (with consent): 18 months (Google Ads default)
- User preferences (local storage): Until you clear browser data or request deletion
- Security logs: 90 days maximum
5. Your Rights Under GDPR
As a European Union / European Economic Area resident, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Obtain a copy of all personal data we hold about you
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to Restriction (Art. 18): Request limitation of processing in certain circumstances
- Right to Portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to Object (Art. 21): Object to processing based on legitimate interest
- Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of prior processing
- Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK). For a list of European DPAs: EDPB Members
6. Data Sharing with Third Parties
We do not sell your personal data. We may share data with the following trusted third parties, only when you have given your consent:
6.1 Google Analytics
We use Google Analytics to understand how visitors interact with our Site. This service collects anonymized data about page views, clicks, and navigation patterns.
Google Privacy Policy | Google Analytics Opt-out
6.2 Google AdSense
We may display personalized advertisements through Google AdSense, which uses cookies to show ads based on your previous visits to our Site and other websites.
Google Privacy Policy | Google Ads Settings
6.3 Social Media Sharing
When you use social sharing features (Twitter, LinkedIn, Facebook, WhatsApp), data may be transferred to those platforms according to their privacy policies.
7. International Data Transfers
Some of our third-party service providers (Google Analytics, Google AdSense) are based in the United States. Any international data transfer is performed in accordance with:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Supplementary safeguards as required by GDPR Chapter V
You can request more information about these safeguards by contacting us.
8. Data Security
We implement appropriate technical and organizational security measures to protect your data against unauthorized access, loss, or misuse, including:
- HTTPS encryption on all pages
- Secure cookie attributes (HttpOnly, Secure, SameSite)
- Input validation and sanitization
- Access logging and anomaly detection
- Regular security assessments
Note: No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Children's Privacy
Our Site is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any updates will be posted on this page with an updated "Last modified" date.
For significant changes, we will provide prominent notice on the Site and, where required by law, obtain your renewed consent.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Use the contact form on our contact page