Privacy Policy

Last updated: March 17, 2026 — Version 1.0

1. Introduction and Data Controller

This Privacy Policy applies to the PROLINE AI mobile application (“the App”) developed and operated by Proline Web (“we”, “us”, “our”), a business based in Italy.

As the entity responsible for the App, Proline Web acts as the Data Controller under the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) and applicable Italian data protection law (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).

Contact: info@prolineweb.com

2. Data We Do NOT Collect

PROLINE AI is built on a privacy-first architecture. We do not collect, process, store, transmit, or share any personal data. Specifically:

• We do not collect your name, email address, or any contact information
• We do not store your conversations, messages, or prompts on any server
• We do not track your usage, behaviour, or in-app activity
• We do not use any analytics, advertising, or tracking SDKs
• We do not use cookies or similar tracking technologies
• We do not sell, rent, or share any data with third parties
• We do not create user profiles or perform profiling

3. Data Stored Locally on Your Device

All data generated through your use of the App — including conversations, settings, preferences, and personas — is stored exclusively on your own device using local device storage (AsyncStorage). This data never leaves your device and is not accessible to Proline Web or any third party.

Your API keys are stored in your device’s secure hardware-backed keychain (Android Keystore on Android / iOS Keychain on iOS). These credentials are encrypted at rest and are never transmitted to Proline Web servers under any circumstances.

4. Legal Basis for Processing (GDPR Article 6)

Since PROLINE AI does not process any personal data on our servers, there is no personal data processing by Proline Web that requires a legal basis under GDPR Article 6. All data processing occurs locally on your device and is fully within your control.

5. Third-Party AI Providers

When you send a message in the App, it is transmitted directly from your device to the AI provider you have selected. The App currently supports:

• Anthropic (Claude) — Privacy Policy: anthropic.com/privacy
• OpenAI (GPT-4o and others) — Privacy Policy: openai.com/privacy
• Google (Gemini) — Privacy Policy: policies.google.com/privacy
• Ollama (local models) — Processed entirely on-device, no external transmission

These transmissions are made directly between your device and the provider using your own API key. Proline Web has no access to, and receives no copies of, these communications. Each provider’s own privacy policy governs their handling of your data.

6. International Data Transfers

Proline Web does not transfer any personal data internationally, as we do not collect or hold any personal data. Any data transmitted to third-party AI providers (section 5) is subject to those providers’ own data transfer policies and safeguards, which may include Standard Contractual Clauses or other GDPR-compliant transfer mechanisms.

7. Data Retention

Since all data is stored exclusively on your device, retention is entirely within your control. You may delete any or all data at any time using the App’s built-in privacy tools (Privacy Center → Nuclear Wipe), or by uninstalling the App.

8. Your Rights Under GDPR

As a user in the European Union or European Economic Area, you have the following rights. Since Proline Web holds no personal data about you, most of these rights are exercised directly through the App’s on-device controls.

9. California Residents (CCPA)

PROLINE AI does not sell personal information. We do not share personal information with third parties for cross-context behavioural advertising. California residents have the right to know, delete, and opt-out of the sale of personal information — none of which is applicable here as we collect no personal information.

10. Children’s Privacy (COPPA)

The App is not directed at children under the age of 13 (or 16 in the EU/EEA where applicable). We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us and we will take appropriate steps.

11. Security

Although we do not hold your data, the App employs strong device-level security measures including hardware-backed keychain storage for API keys, optional biometric authentication for sensitive features, and local encryption for stored conversations.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App or applicable law. Any material changes will be communicated through an in-app notice or updated App description. The date at the top of this policy indicates when it was last revised. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact and Complaints