Privacy Policy
Last updated: 24 April 2026
This Privacy Policy explains how Prosely, operated by Sandstorm Digital ("we", "us", "our"), collects, uses, stores, and protects information about you when you use our platform at prosely.ai (the "Service"). We are committed to handling your data responsibly and to complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
1. Information We Collect
Account information
When you sign in via Google, we receive your name, email address, and profile photo. You can optionally add a phone number, company name, and role from your Profile settings.
Content you create
Articles, brand profiles, saved URLs, topic lists, audience descriptions, and any other content you produce, upload, or save within the Service.
Usage data
We log how you interact with the Service (pages visited, features used, article counts) for analytics, billing, and abuse prevention. We use Google Analytics 4 for anonymised usage statistics.
Payment information
If you subscribe to a paid plan, Stripe handles all payment data directly. We store only a Stripe customer ID and subscription status, never your card details.
2. How We Use Content You Create
We collect and process content you create within the Service to operate core features, such as publishing, storage, and collaboration.
Our legal bases for processing may include:
- Performance of a contract (providing the Service)
- Legitimate interests (service improvement, safety, and fraud prevention)
- Consent (where required)
We implement technical and organizational measures to protect your content. Access is restricted to authorized systems and personnel.
Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your data. To exercise these rights, contact us at info@sandstormdigital.com.
We retain your content only as long as necessary to provide the Service or comply with legal obligations.
3. Third-Party Processors
To deliver the Service, we share data with the following third parties under appropriate data processing agreements:
- Anthropic — for AI content generation via their Claude API. Your article topics, brand context, and generation prompts are sent to Anthropic to fulfil each request. Per Anthropic's API terms, your content is not used to train Anthropic's foundation models.
- Stripe — for subscription billing and payment processing.
- Google — for OAuth authentication and Google Analytics.
- Resend — for transactional email delivery (receipts, notifications).
These processors operate under their own privacy policies and security standards. Data is transferred using encrypted connections (TLS).
4. AI Training on Your Content
Our current position: We do not currently train any AI model on your User Content. If we later choose to improve Prosely's output by training on user content, we will only use content from users who have explicitly opted in via their Profile settings.
If you opt in, we may collect the articles you generate, any edits you make to them, your feedback (ratings, keep/reject decisions), and the brand and audience context you provided. This data may be used to fine-tune smaller open-source models or build retrieval and prompt systems that improve generation quality over time.
Opting out is available at any time from your Profile settings. When you opt out, we stop collecting new training data from your account. Data collected before opt-out remains in our training datasets unless you request deletion. Once a model has been trained on data, we cannot retroactively remove the influence of that data from the model's weights, though we can exclude your future content going forward.
If we ever change our training practices in a material way, we will notify you by email and update this Policy.
5. Data Retention
We retain your data for as long as your account is active, or as necessary to provide the Service. When you delete your account:
- Your User Content and profile are removed from our active systems within 7 days.
- Backup copies are purged within 30 days.
- Billing records required by accounting or tax law are retained for the legally required period (typically 5–7 years depending on jurisdiction), without any User Content.
- Anonymised, aggregated usage statistics may be retained indefinitely.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Correction — update or correct inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Restriction — limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — revoke any consent you previously gave.
How to delete your data
You have two options:
Self-serve deletion: sign in to Prosely, open your Profile (click the avatar in the top-right corner), and click "Delete my account" at the bottom. This immediately cancels any active subscription, permanently deletes your User Content, and signs you out.
Email request: for bulk or organisation deletion requests, or if you cannot access your account, email info@sandstormdigital.com with the subject line "GDPR deletion request" and the email address of the account to be deleted. We will respond within 30 days.
7. Security
We use industry-standard security measures including encrypted storage, TLS for data in transit, access logging, and restricted admin access. No system is perfectly secure, but we take the protection of your data seriously. If we ever discover a breach affecting your data, we will notify you within 72 hours in line with GDPR requirements.
8. Children
The Service is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has signed up for Prosely, please contact us at info@sandstormdigital.com and we will delete the account.
9. International Transfers
Our servers may be located in regions outside your country of residence (including the UAE, United States, and Europe). Where required by law, we use standard contractual clauses and other appropriate safeguards for international data transfers.
10. Cookies
We use essential cookies to keep you logged in and to remember your settings. We also use Google Analytics cookies for anonymised usage statistics. You can disable cookies in your browser, though some parts of the Service may not work without them.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before taking effect.
12. Contact
For privacy questions or to exercise your rights, contact us at info@sandstormdigital.com.
Sandstorm Digital
United Arab Emirates
Website: sandstormdigital.com