Legal
Contents
01
Humble-UI ("we", "us", or "our") operates the website humble-ui.com and its associated subdomains (the "Service"). The Service provides an AI prompt engineering tool that generates structured prompts for producing UI mockups.
We are the data controller responsible for your personal information collected through the Service. For any privacy-related questions, please contact us at support@humble-ui.co.uk.
02
| Data | When collected | Why |
|---|---|---|
| Email address | Account sign-up or sign-in | To authenticate you via magic link. We do not collect passwords. |
| Contact form inputs | When you submit the contact form (name, email, message) | To respond to your enquiry. Stored in our database and forwarded to us by email. |
| App idea & prompt settings | When you use the prompt generator (app idea, use case, palette, complexity, extra context) | To generate your prompt. Saved to your account if you choose to save; otherwise discarded after generation. |
| Saved prompt names | When you explicitly save a prompt | To allow you to retrieve prompts later. |
| Data | Source | Why |
|---|---|---|
| Browser & device type | Analytics (PostHog, Vercel Analytics) | To understand how the Service is used and to improve it. |
| Pages visited, clicks, session duration | Analytics (PostHog) | To identify usage patterns and product improvements. |
| Web vitals (LCP, CLS, FID) | Vercel Analytics | To monitor and improve page performance. |
| Error reports & stack traces | Sentry | To detect and fix bugs. May include browser, OS, and the URL at the time of error. |
| IP address | Server logs, rate-limiting | Used transiently for abuse prevention (rate limiting on API endpoints). Not stored permanently. |
| Stripe customer ID | Stripe webhook on payment completion | To link your Stripe subscription to your account and manage plan status. |
| Plan & generation count | Created on first sign-in; updated on payment | To enforce plan limits and display your account status. |
We do not collect or store payment card details. All payment processing is handled directly by Stripe, which is PCI-DSS Level 1 certified. We receive only a Stripe customer reference ID upon successful payment.
We do not collect passwords. Authentication is entirely passwordless via magic links sent to your email address.
03
| Purpose | Data used |
|---|---|
| Providing the Service | Email (authentication), prompt inputs (generation), saved prompts (retrieval), plan status (feature access) |
| Processing payments | Email (Stripe prefill), Stripe customer ID, plan assignment |
| Sending transactional emails | Email address — magic links, payment activation links |
| Responding to enquiries | Name, email, message from contact form |
| Monitoring & improving the Service | Analytics events, error reports, performance metrics |
| Preventing abuse | IP address (transient, rate limiting only) |
| Legal compliance | Any data necessary to meet applicable legal obligations |
We do not sell your personal data. We do not share your data with third parties for their own marketing purposes. Data is shared only with sub-processors listed in Section 5 to operate the Service.
04
If you are located in the United Kingdom or European Economic Area, we process your personal data under the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account creation & authentication | Performance of a contract (Article 6(1)(b) UK GDPR) |
| Providing prompt generation & saving | Performance of a contract (Article 6(1)(b)) |
| Payment processing & plan management | Performance of a contract (Article 6(1)(b)) |
| Sending magic links & transactional emails | Performance of a contract (Article 6(1)(b)) |
| Responding to contact form messages | Legitimate interests — responding to your enquiry (Article 6(1)(f)) |
| Product analytics (PostHog, Vercel Analytics) | Legitimate interests — improving the Service (Article 6(1)(f)) |
| Error monitoring (Sentry) | Legitimate interests — maintaining service stability (Article 6(1)(f)) |
| Abuse prevention (rate limiting) | Legitimate interests — protecting the Service (Article 6(1)(f)) |
05
We use the following sub-processors to operate the Service. Each is bound by their own privacy policy and, where applicable, a Data Processing Agreement with us.
We do not use any advertising networks, ad-tech platforms, or data brokers.
06
We use a small number of cookies necessary to operate the Service. We do not use advertising cookies or third-party tracking cookies.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| sb-*-auth-token | Strictly necessary | Stores your Supabase authentication session so you remain signed in. | Session / up to 1 year |
| ph_* (PostHog) | Analytics | Anonymous identifier used by PostHog to distinguish sessions. No personal data stored. | 1 year |
We store one item in your browser's local storage:
| Key | Value | Purpose |
|---|---|---|
| humble_demo_used | "true" or absent | Records whether you have used your free demo generation. This is stored only on your device and is never sent to our servers. |
You can clear cookies and local storage at any time through your browser settings. Clearing the
Supabase session cookie will sign you out of the Service. Clearing
humble_demo_used will reset your free demo allowance.
07
| Data | Retained for |
|---|---|
| Account & profile data | Until you request deletion or your account is deleted. Deleted within 30 days of request. |
| Saved prompts | Until you delete them or your account is deleted. |
| Generated prompt logs | 90 days from generation, then automatically purged. |
| Contact form submissions | 12 months from receipt, then deleted. |
| Payment records (Stripe) | Retained by Stripe per their legal obligations (typically 7 years for financial records). We retain only the Stripe customer ID and plan status. |
| Error logs (Sentry) | 90 days. |
| Analytics events (PostHog) | 12 months. |
| IP addresses (rate limiting) | In-memory only. Cleared when the server restarts. Not written to persistent storage. |
08
Depending on where you are located, you may have the following rights regarding your personal data. To exercise any of them, email us at support@humble-ui.co.uk. We will respond within 30 days.
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete personal data.
Request deletion of your account and associated personal data. Note that Stripe retains financial records for the period required by law independently of this request.
Ask us to pause processing your data in certain circumstances.
Receive your personal data in a structured, machine-readable format (where technically feasible).
Object to processing based on legitimate interests, such as analytics. Where you object to analytics, we will cease processing for that purpose.
If you are in the UK, you may complain to the Information Commissioner's Office (ICO). If you are in the EEA, you may contact your local supervisory authority.
09
Some of our sub-processors are based in the United States. Where personal data is transferred from the UK or EEA to the US, such transfers are made under appropriate safeguards:
You may request a copy of the relevant transfer safeguards by emailing support@humble-ui.co.uk.
10
The Service is not directed to children under the age of 13 (or 16 in the EEA and UK where applicable). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@humble-ui.co.uk and we will delete it promptly.
11
We implement appropriate technical and organisational measures to protect your personal data:
No method of transmission or storage is 100% secure. While we take security seriously, we cannot guarantee absolute security. If you discover a vulnerability, please report it responsibly to support@humble-ui.co.uk.
12
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email.
Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.
13
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
Email: support@humble-ui.co.uk
Website: humble-ui.com
Response time: We aim to respond to all privacy requests within 30 days.
If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office (ICO) or your local data protection authority.