Privacy Policy
Effective date: April 30, 2026 · Last updated: April 30, 2026
Welcome to Promptheus ("we", "our", or "us"). We operate promptheus.io (the "Service"), an AI prompt management platform that helps you craft, organize, analyze, and share prompts for large language models.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data. By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account we collect your email address and, if you sign up via Google OAuth, your name and profile photo as provided by Google. You may also voluntarily add a display name, bio, and avatar to your Promptheus profile.
1.2 User-Generated Content
The Service stores content you create, including prompts, templates, collections, and marketplace submissions. Marketplace submissions you choose to publish are visible to all users of the Service.
1.3 Prompt & AI Interaction Data
When you use the Prompt Workspace, Score, or other AI-powered features, the text you enter is sent to third-party AI providers (OpenAI and Anthropic) to generate a response. We do not persistently store the full conversation history of your workspace sessions beyond what you explicitly save to your library. However, content transmitted to AI providers is subject to their respective privacy policies.
1.4 Payment Information
Subscription and payment processing is handled by Stripe. We do not store your full card number, CVV, or bank account details. Stripe shares with us limited billing metadata (e.g., plan type, subscription status, last-four digits of card) to manage your subscription.
1.5 Usage & Analytics Data
We collect information about how you interact with the Service — such as pages visited, features used, prompt counts, and session duration — to improve the product and power the in-app Insights dashboard.
1.6 Log & Device Data
Our servers automatically record standard log data including your IP address, browser type and version, operating system, referring URLs, and timestamps when you access the Service.
2. How We Use Your Information
- Provide, operate, and maintain the Service and your account.
- Process transactions and manage your subscription via Stripe.
- Send transactional emails (account confirmation, password reset, billing receipts) via Resend.
- Transmit prompt text to OpenAI and Anthropic APIs solely to fulfil your AI feature requests.
- Generate in-app analytics and insights displayed on your dashboard.
- Improve and develop new features based on aggregated, anonymized usage patterns.
- Detect, investigate, and prevent fraudulent or abusive activity.
- Comply with legal obligations.
We do not sell your personal data to third parties. We do not use your prompt content to train our own AI models.
3. Third-Party Services
We share data with the following service providers only to the extent necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, user content |
| OpenAI | GPT model API | Prompt text you submit to AI features |
| Anthropic | Claude model API | Prompt text you submit to AI features |
| Stripe | Payment processing | Email, billing details |
| Resend | Transactional email | Email address, email content |
| OAuth authentication (optional) | Name, email, profile photo |
Each provider processes your data under their own privacy policy and applicable data processing agreements. We encourage you to review them.
4. Cookies & Local Storage
We use browser cookies and local storage for authentication session management and user preferences (e.g., theme selection). These are strictly necessary for the Service to function. We do not currently use third-party tracking or advertising cookies.
5. Data Retention
We retain your account data and user content for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or to resolve disputes. Marketplace submissions that other users may have copied or saved are outside our control after publication.
6. Data Security
We implement industry-standard security measures including encryption in transit (TLS), Row-Level Security (RLS) policies in our database so users can only access their own data, and access controls for internal systems. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Children's Privacy
The Service is not directed to children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Correction — request that inaccurate data be corrected.
- Deletion — request erasure of your personal data ("right to be forgotten").
- Portability — request your data in a structured, machine-readable format.
- Objection / Restriction — object to or restrict certain types of processing.
- Withdraw Consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at support@promptheus.io. We will respond within 30 days. You may also delete your account directly from the profile settings page, which will initiate deletion of your data.
9. Chrome Browser Extension
The Promptheus Chrome extension ("Extension") extends the Service into your browser. This section describes specifically what the Extension does and how it handles data.
9.1 What the Extension Does
The Extension injects a floating button into supported AI chat platforms (chatgpt.com, claude.ai, gemini.google.com, perplexity.ai, grok.com, x.com/grok). When you click the button, the Extension reads the text currently typed in that platform's prompt input field and passes it to the Promptheus side panel so you can save, improve, or reuse it. From the side panel, you can also send text back to the same input field.
9.2 Data Read from Third-Party AI Sites
The Extension reads only the text you have typed into the prompt input field on the supported AI platforms listed above. This text is:
- Stored temporarily in
chrome.storage.localon your device to transfer it to the side panel. - Not transmitted to Promptheus servers unless you explicitly save it to your Promptheus library.
- Cleared from local storage after it is consumed by the side panel.
The Extension does not read your conversation history, AI responses, browser history, cookies, or any other content on these sites.
9.3 Browser Local Storage (chrome.storage.local)
The Extension stores the following data locally on your device:
- Last captured prompt — the text read from the AI platform input, cleared after use.
- Button position — where you have dragged the floating button on screen.
- Authentication state — whether you are logged in to Promptheus, so the side panel can show your library without requiring you to log in repeatedly.
- Supabase session tokens — your encrypted access and refresh tokens, synced from your Promptheus web session so you stay logged in across the Extension and the web app. These tokens are stored only on your device and are used solely to authenticate requests to Promptheus.
9.4 Session Synchronisation
When you visit your Promptheus dashboard (promptheus.io/dashboard) while logged in, the Extension uses the scripting permission to read your authentication session from the page's local storage. This allows the Extension's side panel to stay authenticated without requiring a separate login. No data from this process is sent to any third party; it is stored locally in chrome.storage.local.
9.5 Permissions Used
| Permission | Why it is needed |
|---|---|
| sidePanel | Opens the Promptheus panel in Chrome's sidebar. |
| storage | Saves prompt text, button position, and auth tokens locally on your device. |
| tabs | Detects when you navigate to your Promptheus dashboard to sync your login session. |
| scripting | Reads your auth session from the Promptheus dashboard page so the side panel can stay logged in. |
9.6 What We Do Not Do
- We do not read or store your conversations with AI platforms.
- We do not track which websites you visit outside of detecting navigation to promptheus.io/dashboard.
- We do not sell or share any Extension-captured data with third parties.
- We do not use prompt text captured by the Extension to train AI models.
10. International Data Transfers
Your data may be processed in the United States or other countries where our service providers operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for transfers of personal data from the European Economic Area.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please reach out:
Promptheus
Email: support@promptheus.io
Website: promptheus.io