HomeBlogCategoriesAboutContact
Home/Privacy Policy

Privacy Policy

Last updated: March 6, 2026

1. Scope & Overview

This Privacy Policy describes how ViralPromptLab ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit viralpromptlab.com (the "Website"), create an account, subscribe to our newsletter, request digital downloads when available, interact with advertisements displayed on the Website, or contact our support team. By using the Website you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

When you register, subscribe, request a download, or contact us, we may collect:

  • Full name and email address
  • Account credentials (hashed and never stored in plain text)
  • Order and transaction history for paid digital downloads when applicable
  • Support messages and correspondence
  • Newsletter subscription preferences

2.2 Payment Information

Payments are processed by third-party payment gateways — Razorpay and Stripe. We do not store your credit/debit card numbers, UPI IDs, net banking credentials, or any other sensitive payment data on our servers. All payment data is handled directly by these providers under their respective PCI-DSS compliant infrastructure.

2.3 Automatically Collected Information

When you browse the Website, we automatically collect:

  • IP address, browser type and version, operating system
  • Device identifiers and screen resolution
  • Pages visited, time spent, referral URLs, and click patterns
  • Cookies, pixel tags, and similar tracking technologies (see Section 7 below)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To operate, maintain, and improve the Website and our services
  • To process orders and deliver digital downloads when offered
  • To create and manage your user account
  • To respond to customer support requests and inquiries
  • To send transactional emails (order confirmations, download links)
  • To send promotional emails and newsletters (only with your consent; you may unsubscribe at any time)
  • To personalise content and advertisements displayed to you
  • To conduct analytics and understand usage patterns for product improvement
  • To detect, prevent, and address fraud, abuse, and security incidents
  • To comply with applicable legal obligations

4. Advertising & Third-Party Technologies

We may display advertisements on the Website served by third-party ad networks, including but not limited to Google AdSense, Google Ad Manager, and other programmatic advertising partners. These partners may use cookies, web beacons, and similar technologies to collect information about your browsing activity across websites in order to provide you with targeted advertisements based on your interests.

Information that ad networks may collect includes:

  • Your IP address and general geographic location
  • Browser type, device type, and operating system
  • Pages visited and content interacted with on ViralPromptLab and other websites
  • Ad impressions, clicks, and conversions

You can learn more about Google's advertising practices and opt out of personalised ads by visiting Google Ads Settings or the Network Advertising Initiative opt-out page.

We may also use Google Analytics (including Google Analytics 4) to measure website performance. Google Analytics uses cookies to collect anonymous usage data. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

5. Legal Bases for Processing

Depending on your location, we rely on one or more of the following legal bases under applicable data protection laws (including the GDPR, UK GDPR, and India DPDP Act 2023):

  • Contract Performance: Processing necessary to fulfil your purchase and deliver digital products.
  • Legitimate Interests: Improving our services, securing the platform, preventing fraud, and conducting analytics — where these interests are not overridden by your rights.
  • Consent: Where required, such as for marketing emails, personalised advertising, and non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation: Processing required to comply with applicable laws, regulations, or court orders.

6. Sharing & Service Providers

We do not sell, rent, or trade your personal information. We share data only with trusted third-party service providers who process it on our behalf and solely for the purposes described in this Privacy Policy:

  • Payment Processing: Razorpay, Stripe
  • Hosting & Infrastructure: Vercel, MongoDB Atlas
  • Email Services: Transactional and marketing email providers
  • Analytics: Google Analytics
  • Advertising: Google AdSense and other ad network partners
  • Authentication: NextAuth.js / OAuth providers

We may also disclose information when required by law, to enforce our Terms of Service, or to protect our rights, property, or safety.

7. Cookies & Tracking Technologies

We use the following categories of cookies:

  • Essential Cookies: Required for site functionality — authentication, session management, and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with the Website (e.g., Google Analytics). These collect anonymised data.
  • Advertising Cookies: Used by ad networks (e.g., Google AdSense) to deliver personalised advertisements and measure ad performance across the web.
  • Preference Cookies: Remember your settings such as theme preference and language.

You can manage or disable cookies through your browser settings. Please note that blocking certain cookies may affect Website functionality.

8. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy:

  • Account data: Retained while your account is active, and for up to 12 months after deletion request to allow recovery.
  • Transaction records: Retained for a minimum of 5 years to comply with tax, accounting, and legal requirements.
  • Support correspondence: Retained for up to 24 months after resolution.
  • Analytics data: Aggregated and anonymised data may be retained indefinitely.
  • Marketing preferences: Retained until you unsubscribe or revoke consent.

9. Your Privacy Rights

9.1 India (DPDP Act 2023)

If you are located in India, you have the right to access, correct, and erase your personal data, withdraw consent, and nominate a representative under the Digital Personal Data Protection Act, 2023.

9.2 European Economic Area / United Kingdom (GDPR / UK GDPR)

If you are located in the EEA or UK, you have the right to access, rectify, erase, restrict processing, data portability, and object to certain processing. You also have the right to lodge a complaint with your local data protection authority.

9.3 United States (CCPA / State Privacy Laws)

If you are a resident of California or another U.S. state with applicable privacy legislation, you may request disclosure of the categories and specific pieces of personal information collected, request deletion, and opt out of the sale or sharing of personal information. We do not sell personal information.

To exercise any of these rights, please contact us. We may verify your identity before processing your request and will respond within the timeframe required by applicable law.

10. International Data Transfers

Your information may be processed and stored in countries other than your own, including India and the United States. When we transfer data across borders, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on adequacy decisions where available.

11. Security

We implement reasonable technical and organisational measures to protect your personal data, including:

  • HTTPS/TLS encryption for all data in transit
  • Hashed and salted password storage
  • Role-based access controls and audit logging
  • Regular security reviews and dependency updates
  • PCI-DSS compliant payment processing through Razorpay and Stripe

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but will promptly notify affected users and relevant authorities in the event of a data breach as required by law.

12. Children's Privacy

Our Website and services are not intended for individuals under the age of 13 (or a higher minimum age where required by local law, such as 16 in certain EU member states). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take reasonable steps to delete it promptly.

13. Third-Party Links

The Website may contain links to third-party websites, services, or AI platforms (such as MidJourney, DALL-E, or Sora). We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, notify you by email or through a prominent notice on the Website. Your continued use of the Website after changes are posted constitutes acceptance of the updated policy.

15. Contact & Grievance Officer

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us.

In accordance with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, the designated Grievance Officer can be contacted at hello@viralpromptlab.com. We will acknowledge your grievance within 24 hours and aim to resolve it within 30 days.