Legal

Privacy Policy

Last updated: 29 April 2026

PromptEzy ("we", "our", "us") respects your privacy. This policy explains what we collect, how we use it, and the choices you have. It applies to our web application and the free PromptEzy Chrome extension.

What we collect

Account information. Email, name, and profile image you provide at sign-up (or that your Google account provides on OAuth sign-in).
Authentication token. After you sign in, we issue a short-lived session token. The PromptEzy Chrome extension caches this token locally (inchrome.storage.local) so you stay signed in across browser sessions without logging in twice. The token lives on your device and is sent to our API only to authenticate your enhancement requests.
Prompt content. The prompts you submit for enhancement, the enhanced output, and the quality scores calculated for each prompt. The extension only reads the input field on an AI site at the moment you click Enhance or Interview - nothing is transmitted before you explicitly trigger an enhancement.
Usage metadata. Per-account daily enhancement counts (used to enforce plan limits), timestamps, the AI platform used (ChatGPT, Claude, Gemini, Grok, Perplexity, Copilot, DeepSeek), and your plan tier.
Billing. Handled by Stripe on our web app. The Chrome extension never sees payment data. We do not see or store your card details.
Login activity. When you sign in or sign out, we record the timestamp, IP address, browser user-agent, and approximate country. This helps you detect unauthorised access to your account and lets us understand product engagement in aggregate. We do not sell or share this data.

How we use it

Your prompts are sent to a third-party AI LLM provider to perform the enhancement. We store the original prompt and its enhanced version so you can access your history. We use aggregate usage numbers (prompts enhanced, quality score lifts) to improve the product.

We do not sell, rent, or share your data with third parties for advertising or profiling.

Content moderation

Before any prompt is sent to our AI provider, we run it through a lightweight filter that rejects prompts falling into the categories listed in our Terms of Service (drugs, adult content, personal messaging and dating, spam and phishing, hate speech, excessive profanity) and prompts that are too short or vague to enhance meaningfully. Rejected prompts are never transmitted to the AI provider, never appear in your history, and do not count against your daily limit.

We do, however, keep an internal audit record of rejected prompts - the original text, the rejection category, timestamp, IP address, browser user-agent, and platform it was submitted from. This is used solely to identify accounts that repeatedly attempt disallowed content so we can enforce our Terms of Service. These records are not shared with third parties.

Chrome Extension

The PromptEzy Chrome extension is the client that adds the Enhance button to supported AI chat sites. Because browser extensions warrant an explicit data disclosure, here is exactly what it does and does not handle.

Data the extension sends to our servers:

The prompt text from the input field of a supported AI site - but only when you click Enhance or Interview. No background reading, no keystroke logging.
Your cached session token, attached as an Authorization header so our API knows which account is making the request.

Data the extension stores locally on your device (via chrome.storage.local, not transmitted anywhere):

Your cached session token.
Your theme preference (light or dark).
Your button customisation (position, shape, colour) and enabled-platform toggles.
Your popup vs side-panel preference.

Data the extension does not collect:

Web history. Content scripts only run on the AI chat sites listed in the extension manifest, and only to inject the Enhance button. We do not track which pages you visit, page titles, or visit timestamps.
Location. We do not access GPS, device location, or derive geolocation from your IP beyond the approximate country recorded in the login activity log above.
Personal communications. We do not read your emails, texts, DMs, or any chat conversation content. Prompts sent to an AI chatbot through the Enhance flow are treated as website content you explicitly submit, not interpersonal messages.
Financial information. The extension never handles card numbers, transactions, or credit data. All billing runs through Stripe on our web app.
Health information. Never collected.
Keystrokes, clicks, or mouse movement on AI sites. The extension only reads the contents of the input field at the moment you click Enhance.

We do not sell or transfer user data to third parties outside of approved use cases (Stripe for payments, our AI LLM provider for the enhancement itself, Supabase for data storage, and Resend for transactional email). We do not use your data for advertising, profiling, creditworthiness scoring, or any purpose unrelated to the single purpose of enhancing the prompts you choose to submit.

Your data, your control

You can delete any enhancement from the History page.
You can export your saved prompts from the Library page.
You can delete your account from Settings. This removes all stored prompts, enhancements, and account data.

Security

Data is stored on Supabase (Postgres) with row-level security so only you can read your own records. Traffic is encrypted with TLS. Authentication uses short-lived session tokens.

AI provider API keys

If you add your own AI provider API key (Anthropic, OpenAI, Google, or xAI) via Settings › AI Providers, here is exactly how we handle it:

Encrypted at rest. Your API key is encrypted with AES-256 before being written to our database. The plaintext key is never stored. We hold only the encrypted ciphertext plus the last four characters of the key so you can identify which key you saved.
Used only for your requests. The key is decrypted in memory only at the moment your enhancement request is processed, and only to call the AI provider on your behalf. It is never logged, never exposed in API responses, and never used for any other account.
Never shared or sold.Your key is not shared with third parties beyond the provider it belongs to (e.g. your Anthropic key is sent only to Anthropic's API endpoint during your enhancement call).
You control deletion.You can remove your API key at any time from Settings › AI Providers. Deletion permanently removes the encrypted ciphertext from our database.

Cookies

We use essential cookies for authentication and a theme preference cookie. We do not use third-party advertising or tracking cookies.

Changes to this policy

If we make material changes, we will update the date above and, for signed-in users, show a notice on your next visit.

Contact

Questions? Email privacy@promptezy.com or see our Terms of Service.