Privacy Policy
Last updated: March 10, 2026
This Privacy Policy explains how Private Prompt ("we", "us", "our") handles data when you use our browser extension and related services ("Service"). We are committed to protecting your privacy.
Key principle: Private Prompt processes your prompts and sensitive data entirely locally in your browser. We never see, collect, store, or transmit the content of your prompts or the sensitive data detected within them.
1. Data We Do NOT Collect
We want to be explicit about what we never access:
- Prompt content — the text you type into AI chatbots.
- Detected sensitive data — names, emails, phone numbers, PESEL, NIP, credit cards, or any other PII identified by the extension.
- Anonymization mappings — the link between original data and placeholders (e.g., "Jan Kowalski" ↔ "[NAME_1]").
- AI responses — the text returned by AI chatbots.
- Browsing history — which websites you visit or what conversations you have.
2. Data We Do Collect
We collect minimal data necessary to operate the Service:
| Data | Purpose | Storage |
|---|---|---|
| Anonymous usage count | Enforce free plan daily limit (count only, no content) | Our server, 30 days |
| Email address (Pro/Business) | Account management, billing | Stripe + our database |
| Payment information | Subscription billing | Stripe only (we never see full card numbers) |
| License key | Validate Pro/Business subscription | Our server + browser storage |
| Extension settings | Your preferences (detection toggles, whitelist) | Browser sync storage only |
3. How the Extension Works
3.1 Local Processing
When you type a prompt in a supported AI chatbot (ChatGPT, Claude, Gemini, Copilot, Grok, Perplexity):
- The extension intercepts the request in your browser before it leaves.
- It scans the text using pattern matching and heuristic rules locally.
- Detected sensitive data is replaced with placeholders locally.
- The anonymized text is sent to the AI service instead of the original.
- When the AI responds, placeholders are replaced back with original data locally.
At no point does your original data leave your browser via our systems.
3.2 Browser Storage
The extension stores the following data in your browser's local storage:
- Anonymization mappings (original ↔ placeholder) — for the current session only, cleared when you clear session data.
- Settings and preferences — synced via Chrome's sync storage across your devices.
- Daily usage counter — reset daily, used for free plan limits.
4. Third-Party Services
4.1 Stripe
We use Stripe for payment processing. When you subscribe to a paid plan, Stripe collects and processes your payment information according to their Privacy Policy. We receive only a confirmation of payment status and a customer identifier — never your full card details.
4.2 AI Chatbot Services
Private Prompt modifies the data sent to AI chatbot services. However, the anonymized version of your prompt is still sent to these services and is subject to their respective privacy policies. We recommend reviewing:
- OpenAI (ChatGPT) Privacy Policy
- Anthropic (Claude) Privacy Policy
- Google (Gemini) Privacy Policy
- Microsoft (Copilot) Privacy Policy
- xAI (Grok) Privacy Policy
- Perplexity AI Privacy Policy
5. Data Retention
- Prompt data, PII, mappings: Never stored by us. Local browser storage only.
- Usage counts: Retained for 30 days, then automatically deleted.
- Account data (paid plans): Retained while your subscription is active and for 90 days after cancellation.
- Payment records: Retained as required by tax and accounting regulations (typically 5-7 years).
6. Your Rights (GDPR / RODO)
If you are located in the European Economic Area, you have the following rights regarding data we store on our servers (account and payment data for paid plans):
- Right of access — request a copy of your data.
- Right to rectification — correct inaccurate data.
- Right to erasure — request deletion of your data.
- Right to portability — receive your data in a structured format.
- Right to object — object to data processing.
- Right to withdraw consent — at any time.
To exercise these rights, contact us at privacy@safeyourprompt.com. We will respond within 30 days.
Note: Since prompt content and PII are processed entirely locally and never reach our servers, there is no server-side data to access, rectify, or delete for this category.
7. Security
We implement appropriate technical and organizational measures to protect the data we do process:
- HTTPS encryption for all server communications.
- Secure API authentication for license validation.
- Stripe PCI-DSS compliance for payment processing.
- No logging of prompt content or PII on our servers.
8. Children's Privacy
The Service is not intended for use by children under 16 years of age. We do not knowingly collect data from children.
9. Important Limitations
While Private Prompt is designed to protect your privacy, please note:
- The extension uses automated pattern matching that may not detect all forms of sensitive data.
- Unusual formats, misspellings, or context-dependent information may bypass detection.
- The extension does not protect data entered in non-supported AI services.
- You remain responsible for reviewing your prompts before submission.
For complete details on limitations and liability, please refer to our Terms of Service.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the extension interface or email (for paid users). The "Last updated" date at the top reflects the most recent revision.
11. Contact
For privacy-related questions or to exercise your data rights:
- Email: privacy@safeyourprompt.com