Privacy Policy

PromptPal is an AI-powered prompt workspace. Prompt Store, Library, Refine, Security Scanner, Personal Brain, Team Workspaces, Organization Workspaces, and Chrome Extension. This policy explains how we collect, use, disclose, and safeguard your information.

Last Updated: 27th May 2026

PromptPal respects your privacy and is committed to protecting personal data in compliance with the General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation (NDPR).

This Privacy Policy applies to our website, web application, Chrome Extension, and related services (collectively, "PromptPal" or the "Services").

1. Overview

This policy describes how we handle personal data when you use PromptPal, including when you browse the Prompt Store, save prompts to your library, use Refine or the security scanner, connect third-party tools to Personal Brain, collaborate in Team Workspaces or organization workspaces, or use our Chrome Extension.

2. Data We Collect

Account and profile data

Name and email address
Authentication identifiers (e.g., email/password or OAuth sign-in)
Subscription and plan status

Prompt and workspace data

Prompts, refinements, collections, tags, variables, and context blocks you create or save
Visibility settings (private, team, or public Prompt Store)
Favorites, version history, and collaboration metadata
Team workspace membership, roles, and invites
Prompts and collections shared within a team workspace (visible to members according to permissions)

Usage and communications data

Feature usage and interaction timestamps
Transactional emails (verification, billing, security) and product lifecycle messages related to features you use
Records of which product emails were sent (e.g., campaign type and date), not the full content of your prompts in those emails

Technical data

IP address, browser type, and device information
Server and application logs for security and reliability

Integration and Personal Brain data

If you enable Personal Brain, we may also collect data described in Section 4. Team Workspaces and organization features are described in Section 5 (including organization knowledge connectors where enabled).

We do not collect

Passwords from other websites or apps
Full payment card numbers (handled by our payment processor)
Background browsing history outside user-initiated actions

3. Chrome Extension (PromptPal)

Single purpose: The PromptPal Chrome Extension helps you analyze and refine prompts on supported AI websites when you choose to use it.

This section applies when you use the PromptPal browser extension published on the Chrome Web Store. It describes how we collect, handle, store, and share data in that product.

Collection

Prompt text read from input fields on supported AI websites (for example ChatGPT, Claude, and Gemini) when you use the extension's analyze or refine features
Selected or highlighted text only when you use those features
Account information when you sign in (email, name, and authentication tokens)
Google account profile and email when you choose "Continue with Google" (OAuth scopes: profile, email)
Extension settings and preferences you configure
Feedback you submit through the extension, if you choose to send it
Library and template metadata retrieved from PromptPal when you are signed in

When collection happens

Data is collected only after you accept the in-extension privacy notice and only in connection with actions you initiate. We do not monitor your general browsing activity or collect data from tabs you are not actively using for PromptPal features.

Handling

Prompt scoring runs locally in your browser until you request a server-side refine or agent flow
When you improve, save, or sync prompts, content is sent to our API over secure HTTPS (TLS)
We use your sign-in token only to authenticate API requests and validate your session periodically
The PromptPal website may inject an auth token into the extension when you sign in on the web app (allowed origins only)

Storage

Locally in your browser via chrome.storage.local: access tokens, user profile cache, extension settings, template/library caches, and refinement history
On PromptPal servers: prompts and account data you choose to save or refine while signed in, subject to your plan and retention settings
Uninstalling the extension removes extension-local storage; server-side data remains until you delete your account or request erasure

Sharing

With PromptPal infrastructure and AI processors that power refine features (see Sections 6 and 8)
With Google when you use Google sign-in (subject to Google's policies)
We do not sell extension data or use it for third-party advertising

Extension — we do not collect

Background browsing history outside supported sites
Passwords stored on other websites
Payment card numbers in the extension

Before first use, the extension shows a privacy notice and requires your acceptance. You can reset consent in extension Settings. Use of the extension is also governed by our Terms of Service. For questions, contact privacy@promptpal.app.

4. Personal Brain and Connected Tools

Personal Brain is an optional feature. When you connect a third-party tool via OAuth, you authorize PromptPal to access data according to that integration's disclosed scope (typically read-only sync of content relevant to your workflows).

Tools available in Personal Brain

Depending on your plan and product configuration, connectors may include productivity, developer, and communication tools such as Notion, GitHub, Slack, Linear, Jira, Gmail, Outlook, Zendesk, Fireflies, Otter, and Zoom. Available connectors may change over time; only tools you explicitly connect are accessed.

Data we process for Personal Brain

OAuth tokens and connection metadata (status, last sync)
Ingested content snippets and derived knowledge (e.g., text chunks, workflow patterns, facts, and episodes used for learning)
Generated recommendations, prompt templates, and Personal Brain chat messages you create in the product

How we use this data

To sync and refresh context from tools you connected
To identify recurring workflows and suggest reusable prompts
To power Personal Brain features such as template review, recommendations, and in-product chat

We do not use Personal Brain data for third-party advertising. Ingested content is processed by automated systems (including AI providers acting as processors); it is not routinely reviewed by humans. You are responsible for ensuring you have the right to connect each workspace and for not submitting unlawful content or highly sensitive personal data without appropriate safeguards.

You can disconnect a tool from your dashboard. When you disconnect, you may choose to remove associated ingested knowledge from PromptPal. Disconnecting does not change data already stored in the third-party service.

5. Team Workspaces and Organizations

Team Workspaces

Team Workspaces let you collaborate on shared prompt libraries without requiring a full organization account. If you create or join a team workspace, we process workspace and team names, membership, roles, invites, shared prompts and collections, and related activity metadata. Team owners and administrators may manage membership and access content within the workspace according to product permissions. Team Workspaces do not include organization governance features or Company Brain unless you also use those features separately.

Organizations

If you join or administer an organization on PromptPal, we process organization membership, roles, shared prompts and collections in organization-linked workspaces, governance settings (such as policies and review queues where enabled), and organization knowledge features (including Company Brain templates and connected org tools where your plan includes them). Organization administrators may have visibility into content and settings within their organization as permitted by product roles. This policy applies together with any agreement between you and your organization.

6. Legal Basis for Processing

We process personal data based on:

Contractual necessity (providing the Services you request)
Your consent (e.g., optional connectors, marketing where applicable)
Legitimate interests (security, fraud prevention, and product analytics that do not override your rights)
Legal obligations

7. How We Use Data

We use data to:

Provide, operate, and maintain PromptPal
Process, refine, and scan prompts at your direction
Authenticate users and enforce plan limits
Send service, security, and relevant product communications
Prevent abuse, fraud, and security incidents
Comply with legal obligations

8. AI Processing and Security Scanner

Prompts, refinements, connector-derived context, and related inputs may be processed automatically by AI systems to generate outputs, suggestions, or risk indicators.

Content is not routinely reviewed by humans for these features
We do not sell your prompts or Personal Brain data for advertising
AI providers act as data processors under contractual safeguards
The security scanner provides automated risk signals only; it is not a substitute for professional security, legal, or compliance review

9. Cookies and Analytics

We use cookies and similar technologies for:

Authentication and session management
Preferences (e.g., theme, sidebar state)
Affiliate attribution where applicable

Product analytics (PostHog)

We use PostHog to collect limited, event-based analytics (for example, feature usage you trigger in the app). We configure PostHog without autocapture or session recording. Analytics data may be stored in local storage in your browser and sent to our analytics provider when events occur. You can limit non-essential tracking by disabling analytics in your browser or blocking third-party scripts, though core features may still log server-side events required for security and billing.

11. Data Retention

We retain data only as long as necessary for the purposes below:

Data type	Retention
Account data	Until you delete your account
Private prompts and library data	Until you delete them or your account
Public Prompt Store listings	Until you remove or change visibility; copies others saved may persist in their libraries
Team workspace shared content	Until removed, you leave the workspace, or account deletion
Connector tokens and sync metadata	Until you disconnect the integration
Personal Brain ingested knowledge	Until you disconnect with purge, delete related data, or delete your account
Product email send logs	Typically up to 24 months for operational records
Server logs	30–90 days
Billing records	As legally required

12. Your Rights and Deletion

Depending on your location, you may have the right to:

Access your personal data
Correct inaccuracies
Delete your account and associated data
Export your data where the product provides export tools
Withdraw consent for optional processing
Object to or restrict certain processing

You can manage prompts, disconnect integrations (with optional knowledge purge), and delete your account from account settings where available, or contact us at privacy@promptpal.app. Transactional emails required for the Services may still be sent until your account is closed.

13. Security Measures

We implement appropriate technical and organizational safeguards, including:

Encryption in transit and at rest where applicable
Access controls and role-based permissions
Audit and security logging
Secure cloud infrastructure

14. Data Breaches

In the event of a personal data breach, we will notify affected users and regulators within legally required timelines.

15. International Transfers

Where data is transferred internationally, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms required by applicable law.

16. Children's Data

PromptPal is not intended for children under 18. We do not knowingly collect children's personal data.

17. Updates to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the Services or by email where appropriate. The "Last Updated" date at the top indicates when this version was published.

18. Contact and Data Protection Officer

For privacy questions or to exercise your rights, contact:

privacy@promptpal.app

Privacy Policy

Last Updated: 27th May 2026

PromptPal respects your privacy and is committed to protecting personal data in compliance with the General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation (NDPR).

This Privacy Policy applies to our website, web application, Chrome Extension, and related services (collectively, "PromptPal" or the "Services").

1. Overview

2. Data We Collect

Account and profile data

Name and email address
Authentication identifiers (e.g., email/password or OAuth sign-in)
Subscription and plan status

Prompt and workspace data

Prompts, refinements, collections, tags, variables, and context blocks you create or save
Visibility settings (private, team, or public Prompt Store)
Favorites, version history, and collaboration metadata
Team workspace membership, roles, and invites
Prompts and collections shared within a team workspace (visible to members according to permissions)

Usage and communications data

Feature usage and interaction timestamps
Transactional emails (verification, billing, security) and product lifecycle messages related to features you use
Records of which product emails were sent (e.g., campaign type and date), not the full content of your prompts in those emails

Technical data

IP address, browser type, and device information
Server and application logs for security and reliability

Integration and Personal Brain data

We do not collect

Passwords from other websites or apps
Full payment card numbers (handled by our payment processor)
Background browsing history outside user-initiated actions

3. Chrome Extension (PromptPal)

Single purpose: The PromptPal Chrome Extension helps you analyze and refine prompts on supported AI websites when you choose to use it.

This section applies when you use the PromptPal browser extension published on the Chrome Web Store. It describes how we collect, handle, store, and share data in that product.

Collection

Prompt text read from input fields on supported AI websites (for example ChatGPT, Claude, and Gemini) when you use the extension's analyze or refine features
Selected or highlighted text only when you use those features
Account information when you sign in (email, name, and authentication tokens)
Google account profile and email when you choose "Continue with Google" (OAuth scopes: profile, email)
Extension settings and preferences you configure
Feedback you submit through the extension, if you choose to send it
Library and template metadata retrieved from PromptPal when you are signed in

When collection happens

Handling

Prompt scoring runs locally in your browser until you request a server-side refine or agent flow
When you improve, save, or sync prompts, content is sent to our API over secure HTTPS (TLS)
We use your sign-in token only to authenticate API requests and validate your session periodically
The PromptPal website may inject an auth token into the extension when you sign in on the web app (allowed origins only)

Storage

Locally in your browser via chrome.storage.local: access tokens, user profile cache, extension settings, template/library caches, and refinement history
On PromptPal servers: prompts and account data you choose to save or refine while signed in, subject to your plan and retention settings
Uninstalling the extension removes extension-local storage; server-side data remains until you delete your account or request erasure

Sharing

With PromptPal infrastructure and AI processors that power refine features (see Sections 6 and 8)
With Google when you use Google sign-in (subject to Google's policies)
We do not sell extension data or use it for third-party advertising

Extension — we do not collect

Background browsing history outside supported sites
Passwords stored on other websites
Payment card numbers in the extension

4. Personal Brain and Connected Tools

Tools available in Personal Brain

Data we process for Personal Brain

OAuth tokens and connection metadata (status, last sync)
Ingested content snippets and derived knowledge (e.g., text chunks, workflow patterns, facts, and episodes used for learning)
Generated recommendations, prompt templates, and Personal Brain chat messages you create in the product

How we use this data

To sync and refresh context from tools you connected
To identify recurring workflows and suggest reusable prompts
To power Personal Brain features such as template review, recommendations, and in-product chat

5. Team Workspaces and Organizations

Team Workspaces

Organizations

6. Legal Basis for Processing

We process personal data based on:

Contractual necessity (providing the Services you request)
Your consent (e.g., optional connectors, marketing where applicable)
Legitimate interests (security, fraud prevention, and product analytics that do not override your rights)
Legal obligations

7. How We Use Data

We use data to:

Provide, operate, and maintain PromptPal
Process, refine, and scan prompts at your direction
Authenticate users and enforce plan limits
Send service, security, and relevant product communications
Prevent abuse, fraud, and security incidents
Comply with legal obligations

8. AI Processing and Security Scanner

Prompts, refinements, connector-derived context, and related inputs may be processed automatically by AI systems to generate outputs, suggestions, or risk indicators.

Content is not routinely reviewed by humans for these features
We do not sell your prompts or Personal Brain data for advertising
AI providers act as data processors under contractual safeguards
The security scanner provides automated risk signals only; it is not a substitute for professional security, legal, or compliance review

9. Cookies and Analytics

We use cookies and similar technologies for:

Authentication and session management
Preferences (e.g., theme, sidebar state)
Affiliate attribution where applicable

Product analytics (PostHog)

11. Data Retention

We retain data only as long as necessary for the purposes below:

Data type	Retention
Account data	Until you delete your account
Private prompts and library data	Until you delete them or your account
Public Prompt Store listings	Until you remove or change visibility; copies others saved may persist in their libraries
Team workspace shared content	Until removed, you leave the workspace, or account deletion
Connector tokens and sync metadata	Until you disconnect the integration
Personal Brain ingested knowledge	Until you disconnect with purge, delete related data, or delete your account
Product email send logs	Typically up to 24 months for operational records
Server logs	30–90 days
Billing records	As legally required

12. Your Rights and Deletion

Depending on your location, you may have the right to:

Access your personal data
Correct inaccuracies
Delete your account and associated data
Export your data where the product provides export tools
Withdraw consent for optional processing
Object to or restrict certain processing

13. Security Measures

We implement appropriate technical and organizational safeguards, including:

Encryption in transit and at rest where applicable
Access controls and role-based permissions
Audit and security logging
Secure cloud infrastructure

14. Data Breaches

In the event of a personal data breach, we will notify affected users and regulators within legally required timelines.

15. International Transfers

Where data is transferred internationally, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms required by applicable law.

16. Children's Data

PromptPal is not intended for children under 18. We do not knowingly collect children's personal data.

17. Updates to This Policy

18. Contact and Data Protection Officer

For privacy questions or to exercise your rights, contact:

privacy@promptpal.app

Privacy Policy

1. Overview

2. Data We Collect

3. Chrome Extension (PromptPal)

4. Personal Brain and Connected Tools

5. Team Workspaces and Organizations

6. Legal Basis for Processing

7. How We Use Data

8. AI Processing and Security Scanner

9. Cookies and Analytics

10. Data Sharing and Processors

11. Data Retention

12. Your Rights and Deletion

13. Security Measures

14. Data Breaches

15. International Transfers

16. Children's Data

17. Updates to This Policy

18. Contact and Data Protection Officer

Privacy Policy

1. Overview

2. Data We Collect

3. Chrome Extension (PromptPal)

4. Personal Brain and Connected Tools

5. Team Workspaces and Organizations

6. Legal Basis for Processing

7. How We Use Data

8. AI Processing and Security Scanner

9. Cookies and Analytics

10. Data Sharing and Processors

11. Data Retention

12. Your Rights and Deletion

13. Security Measures

14. Data Breaches

15. International Transfers

16. Children's Data

17. Updates to This Policy

18. Contact and Data Protection Officer