· Data Collection: Prompt Enhancer collects only the data necessary to provide its functionality. Primarily this is the text prompts you enter. It may also collect usage and device analytics (if enabled) to improve the app. It does not require personal account information (no sign-in), and does not collect contacts, location, or files. We assume no social login or unusual permissions beyond Internet access.
· Use of Data: User-provided prompts are processed locally or via our AI service solely to generate enhanced prompts. Analytics data (if any) are used only to monitor app performance and improve features. No personal data is sold or used for advertising.
· Legal Basis: Processing is based on your consent for any optional analytics or crash reports, and on legitimate interest for core app functions. Where applicable (e.g. EU GDPR), we rely on contract performance and legitimate interests to run the app, and we ask your consent before collecting any optional tracking data.
· Retention: Data are kept only as long as needed. For example, usage analytics (Google/Firebase) are retained for up to 14 months by default, and crash logs (Firebase Crashlytics) for about 90 days. User prompts or histories are stored locally and deleted at your request.
· User Rights: You have rights to access, correct, or delete your data, and to withdraw consent for tracking at any time. You may request deletion of your data by contacting us (see below).
· Security: We use industry-standard encryption (HTTPS/TLS) and secure storage where applicable, but no system is 100% secure. We strive to protect your data in transit and at rest.
· Third Parties: The app uses third-party SDKs for analytics and crash reporting (e.g. Firebase Analytics/Crashlytics). These services collect anonymized usage data under their own policies. We do not integrate ads or social media. All third-party services comply with privacy standards.
· Children’s Privacy: The app is not designed for children under 13. We do not knowingly collect data from minors.
· International Transfers: If any data is transmitted (e.g. to Google or AI APIs), it may be sent outside your country. We ensure adequate safeguards (e.g. Google’s Data Processing Terms) are in place.
· Policy Updates & Contact: We will notify you of material changes to this policy in the app or by email. For questions or deletion requests, contact us at buddingintents@gmail.com.
Effective Date: March 28, 2026
Prompt Enhancer (the “App”) is provided by Budding Intents. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application. By using the App, you agree to the collection and use of information in accordance with this policy. We use personal data to provide and improve the App.
1.1 User-Provided Data
· Prompt Input: When you use Prompt Enhancer, you enter text prompts for enhancement. These prompts are used to generate improved prompts. No other personal information (name, email, contacts, location, etc.) is required.
· Optional Account Data: If the app ever offers optional login or profiles, any registration data (e.g. email) would be used only to manage that account. (As of now, there is no account login.)
1.2 Automatically Collected Data
· Usage Analytics: With your consent, the App may collect device and usage data (e.g. app version, screen views, crash logs) for performance monitoring and improvement. This typically includes app launch times, feature usage, and error reports. We may use services like Firebase Analytics or Google Analytics to collect anonymous statistics. By default, usage data is aggregated and not linked to you personally.
· Crash Reporting: We use crash-reporting tools (e.g. Firebase Crashlytics) to log crashes and errors. These logs may include device identifiers and stack traces to help us fix bugs. (Firebase retains crash logs up to ~90 days unless you export them.)
· Device Information: The App may detect your device type, OS version, and a unique instance ID to help diagnose issues. For example, Analytics identifiers (AAID/IDFA) may be used only in anonymized form.
1.3 Third-Party Data
· AI Service: If the app sends your prompt to an AI service (e.g. cloud model) for enhancement, the service may process your text. We do not share any other personal data with that service. (We assume the service handles only the prompt text itself.)
· No Social Login: Prompt Enhancer does not currently support social or third-party login (Google, Facebook, etc.). If this changes, our policy will be updated to detail any data shared.
We use collected data only for the purposes described below (similar to [84†L31-L33]):
· Provide and Maintain the Service: We use your prompts to generate enhancements and deliver app functionality. Usage data and crash reports help us monitor the app’s performance and stability.
· Improve the App: Analytics and crash data are used to analyze trends, fix bugs, and improve features. For example, we may use usage statistics to decide which options to add next.
· Communicate: If you choose to provide contact information (email), we may use it to reply to your requests or send service-related notices. We will not send you marketing emails without consent.
· Legal Compliance: We may process data to comply with applicable laws or respond to lawful requests.
(All these uses align with contract performance and our legitimate interest in improving the app.)
Depending on your location, we rely on appropriate legal grounds. Generally:
- Consent: We require your consent before enabling optional analytics or crash reporting. You can withdraw consent in-app.
- Contract Performance: Processing your prompts to generate results is necessary for the service you requested.
- Legitimate Interests: We use aggregated analytics to improve features and to detect fraud or abuse, which is a legitimate interest.
- Legal Obligation: If required by law (e.g. court order), we will disclose data as needed.
We retain your data only as long as necessary. For example:
Data Category
Retention Period
Notes
Usage Analytics
≤ 14 months
Analytics services (e.g. Firebase) retain user-level data for up to 14 months (configurable). Data older than this is automatically deleted.
Crash Reports
~90 days
Crashlytics retains crash logs for about 90 days (unless exported).
Prompt History
App-specific (e.g. 30d)
If the app stores prompt history locally (e.g. preset or history feature), data is kept until you delete it. We recommend allowing deletion via an in-app feature or settings.
Account Data
Until account closed
(If accounts are introduced) Your registration data would be kept for as long as your account is active, plus a short grace period.
Support & Backups
Variable
Server backups or logs (if any) are kept only for diagnostic purposes and then erased per our retention schedule.
Retention Summary: “The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy”. We will delete or anonymize data when it is no longer needed (or upon your request).
You have the following rights regarding your personal data:
- Access & Portability: You may request a summary of any personal data we hold about you.
- Correction: If any data is inaccurate or incomplete, you can ask us to update it.
- Deletion: You can request we delete your data (“right to be forgotten”). We will delete data from our systems and instruct third parties to do the same, except where we are legally required to keep it.
- Consent Withdrawal: You can withdraw consent for analytics/tracking at any time.
- Objection & Restriction: Where lawful, you may object to or ask us to restrict processing of your data.
- Contact: To exercise these rights, email buddingintents@gmail.com (see Contact below). We aim to respond within 30 days.
(These rights align with GDPR/CCPA principles, though we are not limited to any specific jurisdiction.)
We take appropriate technical and organizational measures to protect your data. For example, we use HTTPS (TLS encryption) for all network communication and secure storage practices for any data stored on servers or devices. However, no system is completely secure. As stated, “no method of transmission… or storage is 100% secure”. We strive to safeguard your data with industry-standard methods, but cannot absolutely guarantee security.
The App may integrate third-party SDKs and services. Key services include:
- Analytics: (e.g. Firebase Analytics, Google Analytics) – collect anonymized usage metrics. These services have their own privacy policies. Typically, only non-identifiable usage data (session duration, feature use) is sent, and data is retained per provider policies (see retention above).
- Crash Reporting: (e.g. Firebase Crashlytics) – records crash logs with anonymized device info. Data retention ~90 days.
- Ads: No advertising SDKs are integrated. (If we add ads in future, we will update this policy.)
- Authentication: No third-party login. (If added later, we will disclose what profile data is collected.)
- Other SDKs: The app does not use social media, ad networks, or third-party clouds beyond the above. We do not use cookies (being a mobile app) or hidden trackers.
All third parties are used solely to support App functionality (performance and stability). We do not share any personal data beyond what these services collect per their agreements.
As a native app, Prompt Enhancer does not use web cookies. We may use local app storage or device cache to save user preferences (e.g. last used settings). This data stays on your device. We do not use any cross-site or advertising trackers.
Our App is not intended for children under 13. We do not knowingly collect personal information from minors. If we learn that personal data from a child under 13 has been collected, we will promptly delete it. Parents/guardians may contact us to request removal of any information collected from their child.
Your data may be processed in any country where our servers or third-party services operate. For example, analytics and crash data may be sent to Google servers (often in the USA). In such cases, we implement safeguards (such as Standard Contractual Clauses or rely on the provider’s compliance) to protect your data during transfer.
We may update this Privacy Policy from time to time. Any changes will be posted in the app and/or on our website with a new effective date. We will notify you of material changes (e.g. via an app update notice or email if we have one). Please review this policy periodically. Your continued use of the App after changes means you accept the updated policy.
(As noted, we “will notify You of any changes by posting the new Privacy Policy on this page... and update the ‘Last updated’ date”.)
If you have questions, concerns, or wish to exercise your rights, please contact us:
· Email: buddingintents@gmail.com
· Postal Address: Budding Intents, 123 App Avenue, Tech City, World (example address)
Our Data Protection Officer (DPO) or privacy team can be reached at the above email. We will respond to your inquiries as soon as possible.
· What we do: We help you craft better prompts for AI. We do not collect your personal identity or share data with advertisers.
· What we collect: Only the text you type into the app. Optionally, we may collect anonymous usage info (to make the app better).
· Why we use it: To generate improved prompts and to fix bugs or improve features. We won’t use it for anything else.
· No hidden tracking: We don’t use cookies or sell your data. Similar apps (e.g. ImgFine) even promise all work is done on-device and “no data collected”. We follow that spirit of privacy.
· Your rights: You can ask us to see or delete any data we have about you. If we added features like login in the future, you’d have control over that too.
· Updates: We’ll let you know of any major changes to this policy (in-app or by email).
· Kids: We don’t knowingly collect data from children under 13; parents can contact us to delete any if needed.
(This summary is provided for convenience; the full policy text contains the complete details.)
Component / File
Role / Function
Data Collected or Used
Privacy Implication
pubspec.yaml
Lists dependencies
Indicates which SDKs are used (e.g. Analytics)
If it includes Firebase (analytics, crashlytics), it means usage/crash data is sent to Google. If AdMob present, ads/tracking possible.
AndroidManifest.xml
Android app settings
Declares permissions (e.g. INTERNET, STORAGE)
INTERNET permission implies app may connect to external services (analytics, AI API). STORAGE or WRITE may be needed for history (if any).
ios/Runner/Info.plist
iOS app settings
Permission descriptions (e.g. network, camera)
Similar to Android: if permissions for network or media exist, note any use of those sensors/data.
lib/main.dart
App entrypoint
Initializes services (analytics, AI client)
Likely initializes analytics/crash SDKs if present. Also may handle permission requests.
lib/screens/*.dart
UI code
Collects user input (prompts), displays output
The prompt text is user data; only this text is processed. No sensitive data should be collected here.
lib/services/ai_service.dart (hypothetical)
AI communication
Sends prompt to AI model (local or cloud)
If cloud-based, this transmits your prompt text to the AI provider. No other data (like user ID) should be sent.
lib/services/analytics.dart (if any)
Analytics wrapper
Logs user events (screen views, actions)
Captures app usage data (e.g. button taps, sessions) for performance tracking. Typically anonymized.
lib/services/crashlytics.dart (if any)
Crash logging
Captures app crashes with stack trace
Includes device info (OS, app version) and error details. No personal data.
lib/data/local_storage.dart
Data persistence
Stores user preferences or prompt history locally
May store your prompt history on the device. Data stays on your device; we do not read or transmit it unless needed.
AndroidManifest (debug/release)
OAuth redirect (if login)
Not used / N/A (no login implemented)
If empty, no social auth or external login, so no OAuth data flows.
pubspec.lock
Dependency lockfile
(No data)
—
Note: We have not accessed the actual repository, so some file names are assumed by common Flutter project conventions. The above mapping is an educated guess of how code components would handle data. If certain features (analytics, login, ads) are not present in the repo, then the related rows would not apply. Conversely, if additional SDKs are used, those data flows should be added.
· Data Mapping: Document all data flows (as above). Identify exactly what data each component collects or transmits.
· Minimize Data: Ensure only the minimum data needed is collected. For example, if offline AI is used, avoid sending any data to servers. If online, consider anonymizing or summarizing data.
· Privacy by Design: Implement privacy controls up front. E.g., do not collect optional analytics until user opt-in is given. Use the principle of least privilege for permissions.
· User Consent UI: Provide clear dialogs to obtain consent for analytics or permissions. Label tracking opt-in clearly in the app’s settings.
· Data Security: Use HTTPS for any network calls (AI API, analytics endpoints). Encrypt any sensitive local storage. Use platform best practices for secure storage (Android’s SharedPreferences with encryption, iOS Keychain, etc.).
· Third-Party Compliance: Review privacy policies of all SDKs (Firebase, AdMob, etc.) and configure them correctly. E.g. enable Google Analytics “anonymize IP”, set data retention to recommended durations (14 months).
· Retention Enforcement: Implement code or policies to delete logs after their retention period. For Firebase, data older than retention is auto-deleted, but for your own servers, set time-to-live on logs.
· Children’s Filtering: If the app is not directed to kids, include an age gate or clear statement. Disallow accounts for minors or parental consent if needed.
· Privacy Policy Updates: Maintain a changelog of privacy policy edits. Notify users via update notes or in-app banner when the policy changes.
· Data Requests: Set up a process to handle user requests. E.g., verify identity, then delete any stored data or provide a report.
· Legal Review: (If required) Have a legal professional review the policy for compliance with GDPR, CCPA, etc., since jurisdiction is unspecified. Consider adding standard clauses (e.g. data transfers, DPO contact) for international compliance.
1. Analytics/Crash Consent:
2. When? On first launch or in Settings.
3. UI:
> “Help improve PromptEnhancer! We collect anonymous usage statistics (e.g. feature usage, crash reports) to make the app better. Your data will be aggregated and not sold. Do you agree to share this anonymous data?”
o [ Allow Analytics ] [ Don’t Allow ]
Follow-up: If “Don’t Allow,” disable analytics/crash SDKs. If “Allow,” proceed and link to full policy.
Prompt Processing Disclosure:
6. When? Before first use or in About screen.
UI:
> “Prompt Processing: Your input prompt will be processed by our enhancement engine. No personal data other than the prompt text is used. Learn more in our Privacy Policy.”
o [ Ok ] [ View Privacy Policy ]
Permissions Request (if any):
Example: If a future feature uses the camera or file system (e.g. image prompts), request permission with explanation:
> “PromptEnhancer needs access to your Camera to let you take pictures for image prompts. No data is saved or shared without your knowledge.”
Data Deletion Option:
UI Setting: “Manage Data: [ Delete All My Data ]” (with warning and confirmation).
Minor Age Confirmation (if needed):
13. On first install:
> “Age Confirmation: Are you 13 or older? PromptEnhancer is only for users 13+. (We do not collect data from younger users.)”
o [ I am 13 or older ] [ Exit App ]
Sample UI phrasing should be clear, concise, and linked to the Privacy Policy (e.g. “Privacy Policy”) as needed.
We suggest maintaining a log of privacy policy updates as part of release notes. For example:
· v1.0.1 (2026-03-28): Initial release of privacy policy. Clarified data collected (prompt text only), added analytics consent dialogue.
· v1.1.0 (2026-05-15): Added support for crash reporting; updated retention periods for analytics (14 months) and crashes (90 days).
· v1.2.0 (2026-08-01): New data deletion feature; updated contact info.
· Future entries: Note version, date, and summary of changes to data practices (e.g. new SDKs, changed retention, legal updates).
Each update should cite the effective date of the policy change and where the new policy can be viewed.
graph LR
U[User Device] -->|Enter prompt| App[PromptEnhancer App]
App -->|Process prompt| CoreAI[AI Engine (local or cloud)]
App -->|Store history| LocalDB[Local Storage]
App -->|Send analytics| Analytics[Firebase Analytics]
App -->|Send crash report| Crashlytics[Firebase Crashlytics]
Analytics -->|Retained 14 mo| GA[Google Servers]
Crashlytics -->|Retained ~90d| FC[Firebase Servers]
Figure: Simplified data flow. The user inputs a prompt, which the App processes (entirely on-device or via an AI service). Optional analytics and crash data are sent to Google/Firebase servers for analysis (retained per Google policy). No other data leaves the device.
Category
Example Retention
Comments / Source
Usage Analytics
14 months
Default max for Firebase/Google Analytics. Configurable (2–14 mo).
Crash Reports
~90 days
Firebase Crashlytics retains ~90 days.
Prompt History
30 days (example)
Stored locally; deletion typically manual. (Align with “necessary for service”.)
Account/Profile Data
Until deletion
Kept as long as account is active.
Legal Obligations
As long as required
E.g. tax or liability logs (6+ years).
Retention Periods: We follow the principle “data only as long as needed”. The table above gives typical examples. Actual retention should be implemented according to these schedules and local laws.