Privacy Policy

Last updated: 30 May 2026

This Privacy Policy explains how Sufleur ("we", "us", "our") collects, uses, and protects personal data when you use our service at sufleur.com and related interfaces (the CLI, API, and documentation). We're committed to handling your data carefully and being transparent about what we do with it.

If you have any questions about anything in this policy, email us at support@sufleur.com.

1. Who we are

Sufleur is a prompt registry platform — a place to author, version, and publish structured prompts for large language models. For the personal data described in this policy, we are the data controller.

You can reach us at support@sufleur.com.

We're currently a sole-operator project. Our registered business entity and address will be published here once incorporation is complete.

2. What personal data we collect

Account information: your email address, display name, and password (stored as a salted one-way hash — we never see your actual password). If you sign in via GitHub, we receive your GitHub user identifier, username, primary email address, and avatar URL from GitHub.
Workspace information: workspaces you create or join, your role within them, and any workspace profile information you provide.
Content you create: prompts, prompt versions, output schemas, READMEs, license details, configured metadata, and any other content you publish to a workspace.
Prompt execution data: when you run a prompt against a workspace-configured LLM provider (currently Anthropic, OpenAI, or Google Gemini), the prompt content and any variable values you submit are transmitted to that provider via the API key your workspace has configured. We also store a record of each test run — the prompts sent, the variable values, and the model response — in your workspace so you can review past runs. See section 4 for how this is shared.
Billing information (for Pro subscribers): payment is handled by Polar (our payment processor and merchant of record). Polar processes your payment information directly and shares minimal subscription state with us — for example, your subscription status and billing email.
Support correspondence: when you contact us at support@sufleur.com, we keep the contents of your messages so we can respond and follow up.

Automatically, when you use Sufleur

Usage data: requests you make to our API, CLI, or web app — including prompt renderings and lookups, along with the associated workspace and user identifiers.
Technical data: your IP address, browser and device information, and request metadata such as URL paths and timestamps, captured in our access logs.
Analytics: pseudonymous events and identifiers captured by PostHog (our analytics provider) so we can understand how Sufleur is used and improve it. We do not use session recordings, heatmaps, or behaviour replay tools.

From third parties

GitHub (if you sign in with GitHub): your GitHub identifier, username, primary email address, and avatar URL.
Polar (if you subscribe to a paid plan): your subscription status, billing email, and transaction history.

3. Why we process your data and our legal basis

Under UK GDPR and EU GDPR, we need a valid legal basis under Article 6 for each processing purpose:

To provide the service to you (account creation, prompt storage, workspace functionality, CLI/API access) — contract performance. We need this data to deliver what you've signed up for.
To process payments and manage your subscription — contract performance.
To send transactional emails (account verification, password resets, workspace invitations) — contract performance.
To keep Sufleur secure (detecting abuse, preventing fraud, protecting accounts) — legitimate interests in protecting our users and platform.
To improve Sufleur (PostHog analytics) — legitimate interests in using aggregated and pseudonymous analytics to make better product decisions.
To comply with legal obligations (such as record-keeping required by tax law) — legal obligation.

You can object to processing based on legitimate interests at any time (see section 7).

We share personal data with a small number of third-party service providers ("sub-processors") who help us run Sufleur — for example, our hosting provider, payment processor, and transactional email service. The full, up-to-date list is at:

sufleur.com/legal/subprocessors

Each sub-processor is contractually bound to process your data only on our instructions and in line with applicable data protection laws.

LLM inference providers

Sufleur lets a workspace connect third-party LLM providers (currently Anthropic, OpenAI, and Google Gemini). When you run a prompt against one of these providers, the prompt content and the variable values you supply are sent to the provider you've chosen, using the API key your workspace has configured. Those providers process this data under their own terms.

If your workspace has not configured an LLM provider, no prompt content is sent outside Sufleur.

Public prompts

When you choose to publish a prompt publicly to a workspace, the following becomes visible to anyone who can access the workspace's public page:

The workspace name and workspace profile
The prompt and its versions, including the prompt files, output schemas, README, license details, and any configured metadata

Publication is at the workspace level, not the individual user level — your individual account is not publicly exposed when a workspace publishes a prompt.

When required by law

We may disclose your data if compelled by a valid legal request, such as a court order or regulator demand. Where permitted, we'll notify you before doing so.

5. International data transfers

Some of our sub-processors are based outside the United Kingdom and the European Economic Area — primarily in the United States. Where this is the case, we rely on appropriate safeguards as required by UK GDPR and EU GDPR, including Standard Contractual Clauses (SCCs) and, where applicable, the UK Extension to the EU-US Data Privacy Framework.

6. How long we keep your data

We retain personal data only as long as we need it for the purposes described in this policy.

Data category	Retention period
Account data	Deleted promptly on account deletion; may persist in backups for up to 30 days
Workspace and prompt content	Deleted when the workspace is deleted, with the same backup window
Prompt test run records	Deleted when the parent prompt version or workspace is deleted, with the same backup window
Billing and subscription data	Retained by Polar as required by applicable tax law; we retain only the minimum subscription state needed for the duration of your subscription
Support correspondence	2 years from the date of the last message in a thread
Application and access logs	Up to 90 days for security and operational diagnostics
Analytics events (PostHog)	According to PostHog's default retention policy

After the retention period, data is either deleted or anonymised so it can no longer be associated with an individual.

7. Your rights

You have the following rights in relation to your personal data:

Access: get a copy of the personal data we hold about you.
Rectification: correct inaccurate or incomplete data.
Erasure: ask us to delete your data ("right to be forgotten").
Restriction: limit how we use your data.
Portability: get a machine-readable copy of the data you've provided, transferable to another service.
Objection: object to processing based on legitimate interests.
Withdrawal of consent: where we rely on consent, withdraw it at any time (this doesn't affect processing already carried out).

To exercise any of these rights, email us at support@sufleur.com. You can also use the in-app export and delete account features to action portability and erasure directly.

You also have the right to lodge a complaint with a data protection supervisory authority:

In the UK: the Information Commissioner's Office (ICO) — ico.org.uk
In the EU: your national supervisory authority — see edpb.europa.eu for the list

We hope you'll come to us first so we can try to resolve things directly, but you don't have to.

8. Cookies and similar technologies

We use a small number of cookies in your browser:

Strictly necessary: for authentication, session management, and security. These are required for Sufleur to function.

Our analytics provider (PostHog) runs in an in-memory mode that does not write cookies or local storage on your device. A pseudonymous identifier is held in memory for the duration of your browser session and discarded when you close the tab. We do not use this for advertising or share it with advertisers.

We do not use advertising, marketing, or cross-site tracking cookies, and we never sell your data.

9. How we protect your data

We take security seriously and apply industry-standard measures:

Encryption in transit: all traffic to Sufleur is encrypted with TLS (HTTPS), enforced at the edge by Cloudflare.
Password hashing: passwords are stored using a strong, salted one-way hash.
Access controls: a fine-grained authorisation layer (SpiceDB) controls who can access what within Sufleur. Administrative access is gated by Cloudflare Zero Trust.
Physical security: our data is hosted in Hetzner's secure data centres in Germany, where decommissioned drives are physically destroyed on site so data cannot be recovered.
Backups: we take regular backups and retain them for a limited window.
Sub-processor diligence: we choose sub-processors that meet recognised security standards.

No system is ever perfectly secure, but we work to minimise risk. If a personal data breach occurs that creates a risk to your rights, we'll notify the ICO within 72 hours, and if the risk is high we'll notify you as well.