Seedlingseedling
Registruj se

Privacy Policy

How Seedling handles your personal data.

Last updated: April 10, 2026.

1. Who is the data controller

The data controller for personal data collected through Seedling is Prometheus Works LLC, a Wyoming limited liability company with its registered address at 30 N Gould St, Ste R, Sheridan, WY 82801, United States. For any privacy or data-subject request, contact dpo@prometheusworks.co.

2. What data we collect

Information you provide

  • Account data: name, email address, and authentication details provided through our identity provider (Clerk).
  • Profile data: information you add to your Seedling profile (first name, last name, preferences).
  • Space and program data: content you create as a Curator (space name, descriptions, themes, gatherings, programs, application questions).
  • Application data: answers submitted when you apply to a program.
  • Conversation data: messages exchanged with Seedling AI (SAI) for platform assistance and content generation.
  • Billing data: when you pay for a program, payment details are collected and processed by Stripe. We do not store full card numbers; we only retain a reference to the Stripe charge, the amount, and the status.

Information collected automatically

  • Device and browser information (user agent, screen size).
  • IP address and general location derived from it.
  • Usage data (pages viewed, features used, errors encountered).

What we do not collect

  • We do not collect conversation content for advertising purposes.
  • We do not track your browsing outside the Platform.
  • We do not sell your personal data to third parties.

3. Why we use your data (legal bases)

  • To provide the Platform — creating your account, showing you spaces and programs, processing applications and payments (performance of a contract under GDPR Art. 6(1)(b)).
  • To operate Seedling AI — answering your questions, helping with content, and performing tasks you ask it to perform (performance of a contract).
  • To communicate with you — service updates, transactional emails (application confirmations, payment receipts, reminders) (performance of a contract and legitimate interest under GDPR Art. 6(1)(f)).
  • To keep the Platform secure — preventing fraud, abuse, and unauthorized access (legitimate interest).
  • To comply with law — tax, accounting, and legal obligations (legal obligation under GDPR Art. 6(1)(c)).

4. Who we share data with (subprocessors)

We use a small number of trusted third-party services to operate the Platform. Each operates under a data processing agreement and is bound to only process data on our instructions.

  • Clerk — identity and authentication (account creation, sign-in, session management).
  • Stripe — payment processing for paid programs via Stripe Connect. Card data never touches our servers.
  • Mailjet — transactional and application email delivery (confirmations, reminders, notifications).
  • Anthropic — language model provider for Seedling AI conversations.
  • Amazon Web Services (AWS) — hosting, serverless compute, object storage, and database infrastructure.
  • Zoom — optional video meeting integration for gatherings (only if a Space connects its own Zoom account).
  • Google (Calendar) — optional calendar integration for gatherings (only if a Space connects its own Google account).

5. International transfers

Seedling infrastructure runs on AWS (primarily in the United States). Some subprocessors are based outside the European Economic Area. When your data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

6. How long we keep your data

  • Account data — as long as your account is active, and for a reasonable period after deletion to satisfy legal or security obligations.
  • Payment records— 7 years from the transaction date, in line with Stripe’s data retention policy and applicable tax and accounting law.
  • SAI conversations — automatically deleted after 30 days of inactivity. Deleted immediately upon account closure.
  • Logs and analytics — typically 90 days.

7. Your rights

If you are in the European Economic Area, the United Kingdom, or a jurisdiction with similar rules, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Receive a portable copy of your data.
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority in your country.

To exercise any of these rights, contact dpo@prometheusworks.co.

8. Security

We apply industry-standard security measures, including encryption in transit (TLS), encryption at rest on managed databases, limited access controls, and regular reviews of our infrastructure. No system is ever perfectly secure, but we take reasonable steps to protect your data.

9. Children

Seedling is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact dpo@prometheusworks.co and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and, for material changes, notify users through the Platform or by email.

11. Contact

For any privacy-related question, contact dpo@prometheusworks.co. For general inquiries, contact office@prometheusworks.co.