Privacy Policy

Last updated: March 19, 2026

1. Who we are

Prompted (“we”, “us”, “our”) operates the website prompted.as and related services, including MCP (Model Context Protocol) servers accessible through AI assistants such as Claude (Anthropic) and ChatGPT (OpenAI). We are based in Padova, Italy.

2. Data we collect

We collect the following categories of personal data:

  • Account data: name and email address provided through social login (LinkedIn). We do not store passwords — authentication is handled entirely via OAuth.
  • Profile data: professional information you provide to build your knowledge base (expertise areas, career history, frameworks, methodologies, case studies, contact preferences).
  • MCP consultation data: when an AI assistant queries your published profile via MCP, we log the request metadata (timestamp, tool called, and for consultations an anonymous query summary of up to 200 characters describing the topic in third person) for analytics. We do not store the content of user queries or AI-generated responses — these remain between the user and their AI assistant.
  • Paid consultation data: when a user purchases a paid consultation, we generate a single-use consultation token and process the payment via Stripe. We store the token identifier and payment status. Payment card details are handled entirely by Stripe — we never see or store them.
  • Usage data: aggregated analytics about how your profile and knowledge base are accessed.
  • Technical data: IP address (hashed), browser type, and cookies for session management and analytics.

3. How we use your data

We process your data for the following purposes:

  • To provide and maintain the Prompted service, including your public profile and MCP server endpoints
  • To make your published knowledge base accessible to AI assistants (Claude, ChatGPT, and other MCP-compatible clients) — this is the core function of the service
  • To show you analytics about how your professional digital twin is consulted
  • To calculate and display your profile completeness score
  • To improve the service, fix bugs, and develop new features
  • To send transactional emails (account notifications)

Legal basis (GDPR): we process account and profile data based on your consent and the performance of the contract (providing the service). Analytics data is processed based on our legitimate interest in improving the service.

4. MCP connector and AI access

Prompted operates a unified MCP connector at connect.prompted.as that connects to AI assistants. The connector adapts its functionality based on authentication:

  • Without authentication (consumer mode): allows AI assistant users to search for experts, view profiles, and consult published knowledge bases. No login is required — all data served is publicly published by experts.
  • With authentication (expert mode): provides all consumer features plus knowledge base management tools. Experts authenticate via OAuth 2.0 and can build and enrich their knowledge base directly from their AI assistant. This mode only accesses the authenticated expert's own data.

What AI assistants can access: only the information you have explicitly published on your profile and knowledge base. Unpublished profiles are not accessible via MCP. During a consultation, the expert's complete published knowledge base (profile, frameworks, case studies, career history, and contact preferences) is transmitted to the AI assistant to generate a contextual response.

What we do NOT access: we do not read, store, or process the conversations between AI assistant users and their AI. The AI assistant sends a tool call to our server, receives your published knowledge base data, and generates a response locally — we never see the final response or the user's conversation history.

5. Data sharing and recipients

Your published profile and knowledge base are publicly accessible by design — this is the core function of the service. We do not sell your personal data to third parties.

We share data with the following categories of recipients:

  • AI platform operators (Anthropic, OpenAI): your published profile data is served via MCP when users of these platforms invoke Prompted tools. The AI platforms may process this data according to their own privacy policies.
  • Google Analytics / Tag Manager: anonymous, aggregated usage analytics on the website.
  • Resend: transactional email delivery (email address only).
  • Stripe: payment processing for paid consultations. Stripe processes payment card details directly — we never receive or store card information. Stripe's privacy policy applies to payment data.
  • Hostinger: hosting infrastructure located in the EU (all data at rest is stored in EU data centers).

6. Data minimization

We follow the principle of data minimization:

  • We only collect data that is necessary to provide the service.
  • MCP tool responses return only the data directly relevant to the user's request — no diagnostic data, session identifiers, or internal metadata is included.
  • We do not collect or process sensitive personal data (health information, political opinions, religious beliefs, sexual orientation, biometric data).
  • We do not collect payment card information, government identifiers, or access credentials.

7. Data retention

We retain your data according to the following schedule:

  • Account and profile data: retained for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days.
  • Knowledge base content: retained for as long as your account is active. Deleted immediately upon account deletion or when you unpublish your profile.
  • Usage logs (MCP request metadata): retained for 12 months, then automatically purged.
  • Technical logs (server logs): retained for 90 days for debugging purposes, then automatically purged.

You can request deletion of your account and all associated data at any time by contacting us at hello@prompted.as. We process deletion requests within 30 days.

8. Children's privacy

Prompted is designed for professionals and is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children under 13 (or the applicable age of digital consent in your jurisdiction). If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at hello@prompted.as.

9. Your rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erasure — request deletion of your data
  • Restrict processing
  • Object to processing based on legitimate interest
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@prompted.as. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local supervisory authority.

10. International data transfers

Your data is stored on servers located in the European Union (Hostinger, EU data centers). When your published profile is accessed by AI assistants operated by Anthropic (USA) or OpenAI (USA), the published data you chose to make public is transmitted to their servers for processing. This transfer is necessary for the performance of the service you have requested.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • OAuth 2.0 authentication (no passwords stored)
  • Cookie-based session management with secure, httpOnly flags
  • IP address hashing in logs
  • Access controls limiting data access to authorized personnel

12. Cookies

We use the following types of cookies:

  • Essential cookies: required for authentication and session management. These cannot be disabled.
  • Analytics cookies (Google Analytics): used to understand how the website is used. These are loaded only with your consent.

You can manage your cookie preferences through your browser settings or the cookie consent banner on our website.

13. Changes to this policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by email. We encourage you to review this policy periodically.

14. Contact

For questions about this privacy policy, to exercise your data rights, or to report a privacy concern, contact us at:

Email: hello@prompted.as

Address: Padova, Italy