Privacy Policy

1. Information We Collect

1.1 Account information

When you create an account we collect your email address and, if you sign in via Google, your public Google profile name and avatar. We do not store your password in plain text; authentication is managed by Supabase Auth.

1.2 Profile & onboarding data

During onboarding you may provide optional context about yourself — your profession, AI use cases, tone preferences, target audience, and skill level. This information is stored in your user profile and used solely to personalise the prompts we generate for you.

1.3 Prompt data

Every prompt you submit and every enhanced prompt we return is stored in your prompt library so you can access it later. You may delete individual prompts or your entire library at any time.

1.4 Usage & analytics data

We use PostHog to collect anonymous, aggregated usage analytics (page views, feature clicks, session duration). This data is never linked to an identifiable individual and is used only to improve the product.

2. How We Use Your Information

• To operate, maintain, and improve the PromptIt service.
• To personalise AI-generated prompts using your saved profile context.
• To manage your account, subscription, and billing via Dodo Payments.
• To send transactional emails (account verification, password reset, payment receipts). We do not send marketing emails without your explicit opt-in.
• To detect and prevent fraud, abuse, or violations of our Terms of Service.
• To comply with applicable legal obligations.

We do not sell, rent, or trade your personal data. We do not use your data to serve third-party advertisements.

3. Third-Party Services & Sub-processors

Each sub-processor is bound by their own privacy policy and, where applicable, a Data Processing Agreement (DPA) with us. Anthropic processes prompt data under their privacy policy.

4. Cookies & Local Storage

We use strictly necessary cookies to maintain your authenticated session (managed by Supabase) and local storage keys to track guest usage limits. We do not use advertising cookies or third-party tracking pixels. You may clear cookies and local storage at any time via your browser settings; doing so will sign you out.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all personal data including your prompt library and profile is permanently deleted within 30 days, except where retention is required by applicable law (e.g. financial records for tax purposes, which are kept for seven years).

6. Your Rights

Depending on your jurisdiction you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your prompt library as a structured export.
• Objection / Restriction — object to or restrict certain processing activities.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email hi@promptitin.com. We will respond within 30 days.

7. Security

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted storage via Supabase, and strict Row-Level Security policies so users can only access their own data. No method of transmission or storage is 100% secure; if you discover a vulnerability please disclose it responsibly to hi@promptitin.com.

8. Children's Privacy

PromptIt is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

9. Chrome Extension

We offer a Chrome browser extension ("PromptIT — Improve Your Prompts") available on the Chrome Web Store. The extension operates under the same privacy principles as this web application. The following disclosures apply specifically to the extension:

• Permissions used: The extension requests the cookies permission solely to read your authentication session from promptitin.com, so it can identify you as a logged-in user without requiring a separate login inside the extension. The storage permission is used to save your personalisation preferences (role, task, format, etc.) locally in your browser.
• Data sent to our servers: When you click "Enhance" inside the extension, the text you have typed into the ChatGPT input field is sent to our servers (promptitin.com) for processing via the Anthropic API — exactly as it would be if you used the web app directly. No other content from ChatGPT or any other website is read or transmitted.
• Data stored locally: Your personalisation preferences are stored in chrome.storage.local on your device. Prompts are never cached locally; they are processed in real time and discarded.
• Sites accessed: The extension only injects its interface on chatgpt.com and chat.openai.com. It does not read, access, or transmit data from any other website you visit.
• No background tracking: The extension does not monitor your browsing activity, collect keystrokes, or operate outside of the ChatGPT pages where it is explicitly activated by you.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If the changes are material, we will notify you by email or by displaying a prominent notice in the application before the changes take effect. Continued use of the service after the effective date constitutes your acceptance of the updated policy.

11. Contact Us

PromptIt
Email: hi@promptitin.com
Website: promptitin.com