Legal

--- title: Privacy Policy lastUpdated: May 24, 2026 effectiveDate: May 24, 2026 ---

This Privacy Policy explains how PromptKing Inc. (Ontario Business Corporation No. 1001622155), incorporated in Ontario, Canada, operating under the trade name PromptKing AI FinOps (PromptKing Inc., PromptKing, we, us, or our), headquartered at Ontario, Canada, Canada, collects, uses, discloses, and protects your personal information in connection with our AI financial operations platform at promptking32.com.

This Policy reflects our obligations under PIPEDA, CASL, and applicable provincial privacy laws. Privacy Officer: info@promptking32.com

---

1. Who This Policy Applies To

This Policy applies to visitors, registered users, enterprise customers, newsletter subscribers, and anyone who contacts us through the calculator or lead capture forms.

As a B2B service, when you use PromptKing on behalf of your organization, your organization is the data controller and PromptKing acts as a data processor.

---

2. What Personal Information We Collect

2.1 Account Information

Name, job title, work email address, organization name, country and province.

2.2 Billing Information

Payment card information processed by Stripe (we do not store card numbers), billing address, and transaction records.

2.3 AI Vendor Credentials

To connect PromptKing to your vendor accounts you provide Anthropic API keys, GitHub tokens, Microsoft Graph credentials, AWS IAM credentials, and IBM Watsonx credentials. We treat these as strictly confidential, apply encryption-at-rest controls, and restrict access using least-privilege principles.

2.4 AI Usage and Spend Data

Token consumption records per seat and model, seat utilisation rates, cost and spend data by vendor and team, and rightsizing recommendations. This data belongs to your organization.

2.5 Calculator Inputs

Anonymous usage not stored before email submission. With email: work email and inputs stored to send the requested report.

2.6 Technical Data

IP address (90 days), browser and device info, PostHog analytics events, UTM parameters (30 days).

---

3. Why We Collect Your Information

| Purpose | Legal Basis | |---------|-------------| | Delivering the Service | Contract | | Processing payments via Stripe | Contract / Legal obligation | | Service-related emails | Contract | | The Prompt King Dispatch newsletter | Express consent | | Calculator results reports | Consent at calculator | | Product analytics | Legitimate interest | | Fraud prevention and security | Legitimate interest | | Support requests | Contract | | Legal compliance | Legal obligation |

---

4. How We Share Your Information

We do not sell your personal information. We do not share it with advertisers.

4.1 Sub-processors

| Provider | Purpose | Location | |----------|---------|----------| | Supabase | Database, authentication, storage | United States | | Vercel | Website hosting and edge delivery | United States / Global | | Stripe | Payment processing | United States | | Resend | Transactional email | United States | | beehiiv | Newsletter platform | United States | | PostHog | Product analytics | United States | | Google (Gemini API) | AI Agent feature | United States |

A complete sub-processor list is maintained at promptking32.com/legal/sub-processors.

4.2 Legal Requirements

We may disclose personal information if required by law, court order, or regulatory authority.

4.3 Business Transfers

If PromptKing is acquired or merged, your information may be transferred with notice before your data moves to a new privacy policy.

---

5. Your Rights Under PIPEDA

You have the right to access, correct, and request deletion of your personal information, withdraw consent for optional processing, and file a complaint with the OPC at priv.gc.ca. Contact: info@promptking32.com. We respond within 30 days.

---

6. Data Retention

| Data Type | Retention | |-----------|-----------| | Account data (active) | Life of account | | Account data (after deletion) | 30 days | | Billing records | 7 years | | AI usage data | 365 days (Enterprise: configurable) | | Vendor API credentials | Deleted on revocation | | Support correspondence | 2 years | | IP addresses | 90 days | | Newsletter consent records | 3 years (CASL) |

---

7. Security

We implement encryption in transit (TLS 1.2+), encryption at rest (AES-256), row-level security via Supabase RLS, and least-privilege access principles. SOC 2 Type II in progress (target: Q3 2026). Breach notification to OPC within 72 hours.

---

8. Cookies

Essential cookies required for login and security cannot be disabled. Analytics cookies via PostHog can be disabled in browser settings. No advertising cookies.

---

9. Email Communications

Service emails cannot be opted out of while your account is active. The Prompt King Dispatch requires express consent per CASL. Unsubscribes processed within 10 business days.

---

10. Children

The Service is not directed to individuals under 18.

---

11. Changes

Material changes communicated via email and dashboard notice.

---

12. Contact

PromptKing Inc. (operating as PromptKing AI FinOps) Ontario Business Corporation · Corp. No. 1001622155 · Registered Ontario May 24, 2026 Ontario, Canada, Canada info@promptking32.com

Office of the Privacy Commissioner of Canada 30 Victoria Street, Gatineau, Quebec K1A 1H3 1-800-282-1376 | priv.gc.ca