Last Updated: November 11, 2025
This page provides transparency about our data processing activities and the third-party service providers we work with to deliver PR Bot.
PR Bot Ltd acts as the data controller for all personal information you provide through our Service. This means we determine how and why your data is processed.
Under GDPR Article 28, we are required to have written contracts (Data Processing Agreements) with all third-party service providers who process personal data on our behalf. These agreements ensure that your data is protected to the same standards we maintain directly.
The following service providers process personal data on our behalf under Data Processing Agreements:
| Service Provider | Purpose | Data Categories | DPA Status |
|---|---|---|---|
| Supabase Inc. United States | Database, authentication, file storage | All user data, profile data, account information, files | ✓ Active View DPA |
| OpenAI, L.L.C. United States | AI content generation (GPT models) | Profile data, journalist queries, generated responses | ✓ Active View Terms |
| Anthropic PBC United States | AI content generation (Claude models) | Profile data, journalist queries, generated responses | ✓ Active View Terms |
| Google LLC United States | AI content generation (Gemini models) | Profile data, journalist queries, generated responses | ✓ Active View DPA |
| Stripe, Inc. United States | Payment processing, subscriptions | Payment information, billing details, transaction history | ✓ Active View DPA |
| Stripe Connect United States (via Stripe, Inc.) | Affiliate payouts, tax reporting (1099 forms) | Banking details, tax IDs, commission data (affiliates only) | ✓ Active Covered by Stripe DPA |
| Vercel Inc. United States / Global CDN | Application hosting, content delivery network | Log data, IP addresses, usage data | ✓ Active View DPA |
As a US-based company, we transfer and process data in the United States. For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on the following legal mechanisms for lawful data transfers:
We have implemented Standard Contractual Clauses as approved by the European Commission with all sub-processors listed above. These clauses provide appropriate safeguards for your personal data when transferred outside the EEA.
In accordance with the Schrems II decision, we have implemented additional technical and organizational measures to protect data transfers:
We retain your personal data only for as long as necessary to provide our services and comply with legal obligations:
In the unlikely event of a data security breach that affects your personal information, we will:
Our breach notifications will include:
Under GDPR and similar data protection laws, you have the following rights:
To exercise these rights, please contact us at privacy@prbot.ai.
If you are located in the EEA, UK, or Switzerland and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.
A list of EEA data protection authorities can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Website: https://ico.org.uk/
Phone: +44 303 123 1113
We may add, replace, or remove sub-processors as necessary to provide and improve our Service. We will:
For questions about our data processing practices or to exercise your data protection rights, please contact:
This Data Processing Information page complements our Privacy Policy and provides additional transparency about our data processing activities required under GDPR and similar regulations.