Privacy Policy

Last updated: March 2026

PromptFlow ("we", "our", "us") operates the PromptFlow Chrome extension and related services. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By using PromptFlow, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account Information

When you sign in with Google OAuth, we collect:

• Email address — used to identify your account and communicate with you.
• Display name and profile picture — used to personalize your experience within the extension.

We do not receive or store your Google password. Authentication is handled entirely through Google's OAuth 2.0 protocol.

1.2 Prompt Text

When you use the "Improve" feature, your prompt text is sent to the Google Gemini API for processing. We transmit this text solely to generate an improved version of your prompt. Prompt text is not stored on our servers after the improvement is returned to you.

1.3 Usage Data

We collect usage data to operate and improve the service, including:

• Prompt scores — the numerical quality score generated for your prompts (original and improved scores).
• Truncated prompt text — the first 500 characters of your original and improved prompts are logged for quality monitoring purposes. Full prompt text is not permanently stored.
• Improve counts and response time — the number of times you have used the improve feature and how long each improvement took.
• Credit balance and purchase history — to manage your account and credit packs.
• Feature usage — which improvement modes (Standard / Pro) you use, which site you are on, and streak data.
• Feedback — if you submit feedback, we store your rating, message, and contextual information (current site, browser info, screen size) to improve the service.

1.4 Payment Data

Payments are processed by Lemon Squeezy, our third-party payment provider. We do not directly collect or store your credit card number or financial account details. Lemon Squeezy may collect billing information in accordance with their own privacy policy.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the PromptFlow service.
• Process prompt improvements via the Google Gemini API.
• Manage your account, credit balance, and purchases.
• Track your daily free improve usage to enforce free-tier limits.
• Communicate important service updates or respond to support requests.
• Monitor and improve the reliability and performance of the extension.

3. Data Storage

Your account data, usage statistics, and credit balance are stored in Supabase, a cloud-hosted PostgreSQL database. Supabase provides encryption at rest and in transit. Our database is secured with row-level security policies to ensure users can only access their own data.

4. Third-Party Services

PromptFlow relies on the following third-party services:

• Google (OAuth & Gemini API) — for user authentication and AI-powered prompt improvement. When you use the improve feature, your prompt text is sent to Google's Gemini API. Google's privacy policy applies to data processed by their services.
• Supabase — for cloud database hosting and user data storage. Supabase's privacy policy governs their handling of data on their infrastructure.
• Lemon Squeezy — for payment processing. Lemon Squeezy handles all financial transactions and is PCI-compliant. Their privacy policy governs the payment data they collect.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

Complete list of all parties your data is shared with:

• Google (Gemini API) — your prompt text is sent to Google's Gemini API when you click "Improve." This is necessary to generate an improved version of your prompt. Google processes this data according to their privacy policy. We do not retain prompt text on our servers after the improvement is returned.
• Google (OAuth) — your email address and display name are transmitted to Google during authentication. Google processes this data according to their privacy policy.
• Supabase — your account information (email, display name), credit balance, usage statistics, and feedback are stored in Supabase's cloud database. Supabase processes this data according to their privacy policy.
• Lemon Squeezy — when you purchase credits, your payment information is processed by Lemon Squeezy. We do not receive or store your credit card details. Lemon Squeezy processes this data according to their privacy policy.

No other parties receive your data. We do not use analytics services, advertising networks, or any other third-party data processors beyond those listed above.

We may disclose information if required by law, regulation, or legal process, or to protect the rights, safety, or property of PromptFlow, our users, or the public.

6. Cookies & Local Storage

PromptFlow does not use traditional browser cookies. Instead, we use:

• chrome.storage.local — used within the Chrome extension to store your settings, cached authentication tokens, and preferences locally on your device.
• localStorage — used on supported sites (ChatGPT, Gemini, Claude) to store lightweight preferences for the extension's UI behavior.

This data remains on your device and is not transmitted to our servers unless required for authentication or service functionality.

7. Data Retention

We retain your account data for as long as your account is active. Usage statistics are retained to maintain your credit balance and improve history. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

8. Your Rights

You have the following rights regarding your data:

• Access — you may request a copy of the personal data we hold about you.
• Correction — you may request corrections to inaccurate or incomplete data.
• Deletion — you may request deletion of your account and associated data.
• Data export — you may request an export of your data in a portable format.
• Withdraw consent — you may stop using the service at any time and request account deletion.

To exercise any of these rights, please contact us at [email protected].

9. GDPR Compliance

If you are located in the European Economic Area (EEA), you are entitled to the protections afforded by the General Data Protection Regulation (GDPR). Under GDPR:

• We process your data based on consent (which you grant by signing in and using the service) and legitimate interest (to operate and improve the service).
• You have the right to data portability — request an export of your data.
• You have the right to erasure — request complete deletion of your data.
• You have the right to lodge a complaint with your local data protection authority.

To make a GDPR-related request, email [email protected]. We will respond within 30 days.

10. Children's Privacy

PromptFlow is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete that information promptly.

11. Security

We take reasonable measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) for all communications.
• Encryption at rest for data stored in Supabase.
• Row-level security policies in our database.
• Secure OAuth 2.0 authentication via Google.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: [email protected]