Our Core Principle: We don't store, sell, or share the content of your prompts. Ever. Your sensitive data is analyzed in real-time and never persisted to our servers.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Company name
- Name (optional)
- Billing information (processed by Stripe)
Usage Metadata
We collect anonymized metadata to improve our service:
- Number of prompts scanned (count only)
- Types of sensitive data detected (categories, not content)
- Actions taken (warn, mask, block)
- Browser and extension version
What We DON'T Collect
- The actual content of your prompts
- The sensitive data we detect (we analyze and discard)
- AI responses or conversation history
- Browsing history outside of supported AI tools
2. Zero Data Retention Policy
PromptDuty operates on a zero data retention model for prompt content:
- Real-time processing: Prompts are analyzed in your browser
- No server storage: Content is never transmitted to our servers for storage
- Immediate disposal: Any data processed for detection is immediately discarded
- No AI training: We never use your data to train AI models
3. How We Use Your Information
Account and metadata information is used to:
- Provide and maintain the service
- Process payments and manage subscriptions
- Generate aggregate compliance reports
- Improve detection accuracy (using anonymized patterns)
- Send service updates and security notifications
4. Data Sharing
We do not sell your data. We share information only with:
- Stripe: Payment processing
- Infrastructure providers: Hosting (data encrypted at rest and in transit)
- Legal requirements: When required by law
5. Data Security
We implement industry-standard security measures:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- SOC 2 Type II compliance
- Regular third-party security audits
- Bug bounty program
6. Your Rights
You have the right to:
- Access: Request a copy of your account data
- Correction: Update inaccurate information
- Deletion: Delete your account and associated data
- Export: Download your compliance reports
- Opt-out: Disable optional analytics
7. GDPR Compliance
For EU users, we comply with GDPR requirements including:
- Lawful basis for processing (legitimate interest, consent)
- Data minimization principles
- Right to erasure ("right to be forgotten")
- Data portability
- 72-hour breach notification
8. Children's Privacy
PromptDuty is designed for business use and is not intended for children under 16. We do not knowingly collect data from children.
9. Changes to This Policy
We may update this policy periodically. We will notify you of significant changes via email and update the "Last updated" date.
10. Contact Us
For privacy-related questions or requests:
- Email: legal@promptduty.com