Data Processing

Transparent data flows and privacy-first architecture

What Data We Collect

PromptBid processes conversation metadata to optimize ad targeting and performance. We are privacy-first and do NOT collect personally identifiable information (PII) from users.

All data processing is designed to provide insights while maintaining user privacy through aggregation and anonymization.

Data Categories Processed
Conversation categories (e.g., "coding", "writing")
Keywords and topics discussed
Engagement metrics (impressions, clicks)
Response times and latency
Aggregate usage patterns

What We Never Collect

We maintain strict prohibitions on collecting sensitive personal information. Your privacy is paramount, and we never store or process data that could identify individuals.

These restrictions are enforced through our data governance policies and technical controls.

Prohibited Data Types
Names, email addresses, phone numbers
Geolocation or IP addresses
Financial or payment information
Health or medical records
Biometric or authentication data

Data Security: All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We perform regular security audits and penetration tests. Data retention policies are configured to minimize the time PII is stored. Automated data deletion occurs after 90 days unless explicit retention is required by law.

Data Residency Options

Choose where your data is stored and processed

United States

Data stored in AWS us-east-1 with redundancy across multiple availability zones

European Union

GDPR-compliant storage in AWS eu-central-1 with complete data sovereignty

Asia-Pacific

Regional data processing in AWS ap-southeast-1 for reduced latency

Data Processing Agreement

PromptBid offers a comprehensive Data Processing Agreement (DPA) for organizations handling sensitive data. Our DPA complies with GDPR Article 28 and includes standard contractual clauses for international transfers.

Audit Reports & Certifications

Verified compliance through third-party audits and certifications

SOC 2 Type II Report

14-month assessment of controls over security, availability, integrity, and confidentiality

Latest Report: January 2026 | Auditor: Deloitte

ISO 27001 Certificate

Comprehensive information security management system certification

Certificate: Active | Expires: March 2026

GDPR Compliance Audit

Annual independent assessment of GDPR compliance and data protection controls

Latest Audit: December 2024 | Status: Compliant

Compliance Questions?

Our compliance and data governance team is available to answer questions about our standards, certifications, and data handling practices