Privacy Policy

Last updated: July 8, 2026

1. Introduction

Welcome to PreThink (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the PreThink application (the “Service”). This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Jonathan Ward, trading as PreThink, is the data controller for the personal data processed through the Service. For questions or concerns about data processing, contact us at: help@prethink.app

3. Lawful Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you create an account, you explicitly consent to the processing of your data as described in this policy. You may withdraw consent at any time by deleting your account.
  • Contract Performance: Processing necessary to provide the Service you have requested, including generating prompts, scoring, and session management.
  • Legitimate Interest: Usage analytics to improve service quality and security monitoring to protect the platform.

4. Information We Collect

Account Information: Email address and authentication credentials. Passwords are hashed and never stored in plain text.

User Content: Prompts you create, AI-generated outputs, session history, scores, coaching data, and clarifying question responses. This data is stored to provide the Service.

Payment Information: Payments are processed by Stripe Payments Europe, Ltd. (“Stripe”), which acts as the Merchant of Record for all purchases. Stripe collects and processes your billing details (name, billing address, payment method) directly under its own privacy policy. We receive only a customer ID, transaction amount, currency, and payment status. We never see or store full credit card numbers.

Uploaded Documents: Documents (PDF, DOCX, etc.) are processed client-side in your browser. Extracted text may be sent to AI providers for processing. We do not permanently store uploaded files.

Technical Data: Browser type, device information, and IP address for security and service improvement.

5. How We Use Your Information

PurposeLegal Basis
Provide and maintain the ServiceContract
Generate AI prompts, outputs, and scoresContract
Store session historyContract
Process paymentsContract
Improve the Service and user experienceLegitimate Interest
Security monitoring and fraud preventionLegitimate Interest
Send service-related communicationsContract

6. Data Sharing and Disclosure

We do not sell your personal information. We share data only in these limited cases:

  • AI Model Providers: Your prompts and context are sent to third-party AI providers (e.g., Google, OpenAI) to generate outputs. These providers process data according to their own privacy policies.
  • Merchant of Record / Payment Processor: Stripe Payments Europe, Ltd. (“Stripe”) acts as our Merchant of Record and processes all payments, billing, tax calculation and remittance, invoicing, refunds, and chargeback handling. Stripe receives the personal data necessary to complete the sale (name, email, billing address, payment details) and processes it under its own privacy policy.
  • Legal Requirements: We may disclose data if required by law, regulation, or valid legal process.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

7. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate. When we transfer data outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure adequate protection. Our AI model providers and infrastructure providers maintain their own data protection agreements.

8. Data Retention

  • Account data: Retained for the lifetime of your account. Deleted upon account deletion request.
  • Session and usage data: Retained for the lifetime of your account. You may delete individual sessions at any time via the History page.
  • Payment records: Retained for 7 years after the transaction date for tax and legal compliance.
  • Technical logs: Retained for up to 90 days for security and debugging purposes.

When you delete your account, all personal data is permanently erased within 30 days, except where retention is required by law.

9. Data Security

  • Row-Level Security (RLS) ensures users can only access their own data through the application.
  • All data is encrypted in transit (TLS/SSL). When an AI model is accessed using your own API key, data is additionally encrypted at rest using zero-knowledge encryption.
  • Passwords are hashed using industry-standard algorithms.
  • Authentication tokens are managed securely.

Administrative Access: As the service operator, we have administrative database access for maintenance, support, and security purposes. We commit to accessing user content only when necessary for service operation, investigating security incidents, or complying with legal obligations.

Beta Notice: This is a beta product. While we implement reasonable security measures, we strongly advise against entering sensitive personal, financial, health, or proprietary information.

10. Your Rights (GDPR)

  • Right of Access: Request a copy of all personal data we hold about you. Use the “Export My Data” feature in Account Settings.
  • Right to Rectification: Request correction of inaccurate data by contacting us.
  • Right to Erasure: Delete your account and all associated data using the “Delete My Account” feature in Account Settings.
  • Right to Restriction: Request that we limit how we process your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format (JSON) via the export feature.
  • Right to Object: Object to processing based on legitimate interest by contacting us.
  • Right to Withdraw Consent: Withdraw your consent at any time by deleting your account. This does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, use the in-app features or contact us at the email below. We will respond to requests within 30 days.

11. Cookies and Local Storage

The Service uses browser session storage to maintain your workflow state during a session (e.g., prompt progress, form data). This data is not sent to third parties and is cleared when you close your browser tab. We use essential authentication cookies/tokens to keep you signed in. We do not use advertising or tracking cookies.

12. Children’s Privacy

The Service is not intended for use by anyone under the age of 16 (or 13 in jurisdictions where permitted). We do not knowingly collect personal information from children.

13. Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33 and 34.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we will provide prominent notice (e.g., email notification or in-app alert).

15. Contact Us

If you have questions, concerns, or wish to exercise your data rights, please contact us at: help@prethinkai.app

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.