Privacy Policy

Last Updated: January 1, 2025

Our Core Principle: PromptSentry is designed to prevent data from being shared with third parties. We never store the actual sensitive information we detect.

1. Information We Collect

Account Information

When you create an account, we collect:

Email address
Organization name
Full name (optional)
Password (encrypted)

Usage Information

When the extension detects and blocks sensitive data, we log:

Types of data detected (e.g., "email", "SSN", "API key")
Platform where detection occurred (e.g., "ChatGPT", "Claude")
Timestamp of when the block occurred
User ID of who triggered the block

What We DON'T Collect

Critical: We never store the actual sensitive content you type. When we detect an email address, credit card, or API key, we only log that it was detected, not the actual value.

2. How We Use Your Information

We use the collected information to:

Provide the data loss prevention service
Display incident reports to organization administrators
Generate compliance reports and analytics
Improve our detection algorithms
Send service-related notifications

3. Data Storage and Security

Your data is stored securely using:

Supabase (cloud database with enterprise-grade security)
Encryption for all data in transit (HTTPS/TLS)
Encryption for passwords at rest
Row-level security policies to isolate organizational data

4. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

Within your organization: Administrators can view incident logs for users in their organization
Service providers: Supabase (database hosting) - see their privacy policy at supabase.com/privacy
Legal requirements: When required by law, court order, or government regulation

5. Data Retention

We retain your data as follows:

Account data: Until you delete your account
Incident logs: For the duration of your subscription, or as required for compliance purposes
Deleted accounts: Data is permanently deleted within 30 days of account deletion

6. Your Rights

You have the right to:

Access your personal data
Correct inaccurate data
Delete your account and associated data
Export your data
Opt-out of non-essential communications

7. Browser Extension Permissions

PromptSentry requests the following browser permissions:

Storage: To save your authentication session locally
ActiveTab: To monitor text input on AI platforms
Host Permissions: Access to specific AI platforms (ChatGPT, Claude) to detect sensitive data

Important: The extension only monitors text on specified AI platforms. It does not track your browsing history or activity on other websites.

8. Cookies and Tracking

We use minimal cookies for:

Authentication (session management)
User preferences

We do not use third-party tracking or advertising cookies.

9. Children's Privacy

PromptSentry is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

Posting the updated policy with a new "Last Updated" date
Sending an email notification to registered users

11. Contact Us

If you have questions about this privacy policy or our data practices, please contact us at:

Email: privacy@promptsentry.io
Website: promptsentry.io

GDPR & CCPA Compliance

For users in the EU or California, you have additional rights under GDPR and CCPA. To exercise these rights, contact us at privacy@promptsentry.io.

← Back to Dashboard