Privacy Policy

Last Updated: January 25, 2026

1. Introduction

This Privacy Policy describes how PromptZap ("we", "our", "us", or "PromptZap") collects, uses, and protects your information when you use our web application at promptzap.io and our Chrome browser extension (collectively, the "Service").

By using PromptZap, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Password (encrypted and never stored in plain text)
  • Profile information you provide (name, company, job title, bio, etc.)
  • Authentication provider information (if using OAuth: Google, GitHub)

2.2 Usage Data

We collect information about how you use our Service:

  • Prompts you generate (stored for history and analytics)
  • Framework selections and preferences
  • Usage statistics (prompts generated, saved prompts, etc.)
  • Session information and timestamps
  • Browser type, device information, and IP address (for security and analytics)

2.3 Payment Information

For paid subscriptions:

  • Subscription plan details (managed through Stripe)
  • Billing information (processed securely by Stripe, not stored by us)
  • Payment history and subscription status

Note: We do not store credit card information. All payment processing is handled by Stripe, a PCI-compliant payment processor.

2.4 Chrome Extension Data

The Chrome extension stores locally in your browser:

  • API endpoint configuration (default: promptzap.io)
  • Extension settings (framework preferences, tone, industry settings)
  • No prompts or personal data are stored by the extension

2.5 Enhanced Profile Data (Community Feature)

To enable community discovery and prompt sharing, we collect:

  • Display Name: Your public-facing name visible to other users in the community
  • Industry: Your primary industry for filtering and discovery purposes
  • Role/Job Title: Your professional role to establish expertise context
  • Bio: Optional biographical information visible in your public profile

This information is used to enable prompt discovery, ranking, and community features. You can update or remove this information at any time through your profile settings.

3. How We Use Your Information

We use the collected information for:

  • Service Delivery: To provide, maintain, and improve our Service
  • Account Management: To manage your account, subscriptions, and preferences
  • Prompt History: To save and display your generated prompts
  • Analytics: To understand usage patterns and improve our Service
  • Security: To detect and prevent fraud, abuse, and security threats
  • Communication: To send service-related notifications and respond to support requests
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Community and Public Sharing

When you share prompts publicly in our Community feature, the following information becomes visible to other users:

  • Your display name (as set in your profile)
  • Your industry and role (for context and discovery)
  • The prompt content you choose to share
  • Framework, industry, and model used for the prompt
  • Engagement metrics (views, saves) - aggregated and anonymized

You maintain full control over which prompts are shared publicly. You can make any shared prompt private at any time through your account settings. We automatically detect and mask sensitive information (API keys, passwords, tokens) before allowing public sharing to protect your data.

4.1 Sensitive Information Detection

To protect your data and ensure compliance, we automatically detect and mask sensitive information in prompts:

  • API Keys: OpenAI, AWS, GitHub, Stripe, and other service API keys
  • Passwords: Passwords and authentication credentials
  • Tokens: Access tokens, OAuth tokens, JWT tokens
  • Secrets: Database connection strings, private keys
  • PII: Credit card numbers, Social Security Numbers (if detected)

Detected sensitive information is automatically replaced with [REDACTED: TYPE] before storage or sharing. We log detections for security monitoring but do not store the original sensitive data. You will be notified if sensitive information is detected in your prompts.

5. Data Storage and Security

We use industry-standard security measures to protect your data:

  • Database: Data is stored securely in Supabase (PostgreSQL) with encryption at rest
  • Authentication: Passwords are hashed using secure algorithms (never stored in plain text)
  • Transmission: All data transmission uses HTTPS/TLS encryption
  • Access Control: Row-level security (RLS) policies ensure users can only access their own data
  • Payment Processing: Stripe handles all payment data with PCI-DSS compliance
  • Sensitive Data Protection: Automatic detection and masking of sensitive information in user prompts

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Sharing and Third-Party Services

We do not sell your personal information. We may share data with:

5.1 Service Providers

  • Supabase: Database and authentication services
  • Stripe: Payment processing (payment data is not shared with us)
  • OpenRouter/OpenAI: AI model providers for prompt generation
  • Railway: Application hosting infrastructure

5.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Enforce our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

7. Chrome Extension Permissions

The Chrome extension requires the following permissions:

activeTab

  • Purpose: To inject the enhancement button on supported LLM platforms
  • Usage: Only when you visit ChatGPT, Claude, Gemini, or Perplexity
  • Data: No data is collected from visited pages

storage

  • Purpose: To save your extension settings and preferences
  • Usage: Stores your API URL and configuration locally
  • Data: Only your settings, no personal information

host_permissions

  • Purpose: To communicate with the PromptZap API server
  • Usage: Only when you click "PromptZap It!" button
  • Data: Sends your prompt text to the API for enhancement
  • Domains: chat.openai.com, chatgpt.com, claude.ai, gemini.google.com, perplexity.ai, promptzap.io

8. Data Retention

We retain your information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

9. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent for data processing where applicable

To exercise these rights, contact us at info@codezapai.com. We will respond within 30 days.

9.1 Community-Specific Rights

In addition to the above, you have specific rights regarding shared prompts:

  • Right to Make Private: You can make any shared prompt private at any time
  • Right to Delete: You can delete shared prompts, which removes them from public view
  • Right to Update: You can update your profile information (display name, industry, role) at any time
  • Right to Opt-Out: You are not required to share prompts publicly - sharing is always optional

10. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze Service usage and performance

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the "Last Updated" date at the top of this page
  • Posting a notice on our website
  • Sending an email to your registered address (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding this Privacy Policy, please contact us:

Data Protection Officer: For GDPR-related inquiries, contact us at the email above.

By using PromptZap, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.