Privacy Policy
PromptSpotter ("we", "us", "our") provides a browser extension and a companion administrator console (together, the "Service") that helps organizations prevent inadvertent disclosure of sensitive information to generative AI tools.
This policy explains what information we and the Service handle, what we do with it, and the choices available to you. The Service is designed around a single principle: the content you type or upload to AI tools never leaves your browser. The sections below describe how that principle is implemented in code and in practice.
1. Who this policy is about
- End users — people who have the PromptSpotter extension installed in their browser
- Administrators — people at customer organizations who sign in to the admin console
- Visitors to this website
For end users, the organization that deployed PromptSpotter is the data controller; we act as the data processor. For administrators and website visitors, we are the data controller.
2. What the extension does in your browser
When you use ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, or any of the other AI tools the extension monitors, it inspects the text you paste or type into the prompt area (only at the moment you press Send) and the contents of files you select for upload (PDF, Word, Excel, CSV, source code, Jupyter notebooks, images via OCR).
That inspection is performed by a deterministic rule engine that runs entirely inside your browser. None of that content is transmitted to us, stored by us, or shared with any third party.
3. What information leaves your browser
When the extension detects sensitive content, it sends a small event record to our servers over an encrypted (HTTPS) connection. Each record contains:
| Field | Example |
|---|---|
| AI tool name | chatgpt |
| Rule identifier(s) that fired | aws_access_key |
| Risk category | api_keys |
| Severity | critical |
| Action taken | block |
| Surface | submit |
| Whether the end user chose to override | true / false |
| Whether the end user applied automatic redaction | true / false |
| An opaque per-installation identifier | random 16-byte ID |
| Timestamp | ISO 8601 |
That is the complete list. Our backend explicitly rejects any payload that contains a field whose name resembles content (text, prompt, content, body, match, snippet, excerpt, transcript, message, payload, raw). This rejection is enforced both server-side and inside the extension before any network call.
4. What administrators can see
Administrators at your organization, signed in to the admin console, can see aggregate counts of detection events, which rule fired on which AI tool, an anonymized per-installation identifier, the action the extension took, and whether the user chose to override or apply redaction.
Administrators cannot see the text of your prompts, the contents of your uploaded files, the result of any optical character recognition, or any other reconstruction of your input.
5. Information we collect about administrators
When you create an admin account we collect your email address (used to send the magic sign-in link and identify you in the admin console) and a timestamp of your last sign-in. We do not collect passwords.
6. Information we collect from this website
This site uses privacy-respecting analytics to count visits and identify which pages people read most. We do not use cross-site tracking cookies or sell advertising on the site.
7. Why we process this information (lawful bases)
| Activity | Lawful basis (GDPR) |
|---|---|
| Processing event metadata on behalf of customer organizations | Performance of a contract |
| Processing administrator account information | Performance of a contract |
| Sending the magic sign-in email | Performance of a contract |
| Securing the Service against abuse | Legitimate interests |
We do not sell personal data. We do not use personal data to train AI models, for advertising, or for any purpose other than operating the Service.
8. Service providers we use
We use a small number of carefully selected service providers ("sub-processors") to operate the Service. Each is bound by a data processing agreement and has access only to the minimum data necessary for its function.
| Provider | Purpose | Data handled |
|---|---|---|
| Netlify, Inc. | Application hosting (admin console, API, marketing site) | All event metadata, admin sessions |
| Turso (ChiselStrike, Inc.) | Primary database (libSQL) | All event metadata, customer + admin records |
| Stripe, Inc. | Billing + payment processing | Billing contact, billing address, payment card details (held by Stripe, never by us) |
| Resend (Drago, Inc.) | Transactional email (magic sign-in link, billing notices) | Administrator email addresses only |
| GitHub, Inc. | Source code hosting (no customer data) | None |
The current list is always available at /subprocessors. We will provide at least 30 days' notice of any change to this list.
9. Where your information is stored
The Service's primary database is hosted by Turso in Frankfurt, Germany (EU). Application functions are hosted on Netlify in the EU and US edge regions. Stripe processes billing data in the US and EU. Resend delivers transactional email from the US. If you are located in the European Union, the United Kingdom, or Switzerland and your data is transferred to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (Module 2 — Controller to Processor) and, where applicable, the UK International Data Transfer Addendum.
10. How long we keep your information
| Data category | Retention |
|---|---|
| Event metadata | 12 months from event timestamp, then permanently deleted |
| Administrator account records | Until you or your organization closes the account; then deleted within 30 days |
| Magic sign-in tokens | 15 minutes (or until used), then immediately invalidated |
| Audit logs of administrator actions | 12 months |
Customer organizations may request earlier deletion at any time.
11. Your rights
Depending on where you live, you have rights of access, rectification, erasure, restriction, portability, objection, and lodging a complaint with your local data protection authority.
To exercise any of these rights, write to info@promptspotter.com. Because we store only an opaque per-installation identifier rather than your name or email, end users may need to coordinate with their employer's administrator to identify the relevant records.
We will respond to verifiable requests within 30 days (or sooner where required by law).
12. Security
- Encryption in transit: all connections to our Service use TLS 1.2 or higher
- Encryption at rest: customer data is encrypted at rest at our database and hosting providers
- Access controls: internal access to production systems is restricted to a small number of named staff, requires multi-factor authentication, and is logged
- Tenant isolation: customer organizations' data is isolated at the application layer and never commingled
- Append-only event log: the event log table is structurally append-only, with no API or interface for retrospective modification
- Incident response: in the event of a personal data breach, we will notify affected customer organizations within 72 hours of becoming aware
For our current security commitments, including our SOC 2 roadmap, see /security.
13. Children's privacy
The Service is intended for use by employees and contractors of organizations. We do not knowingly collect personal data from anyone under 16 years of age.
14. California residents (CCPA / CPRA)
If you reside in California, you have the right to know what personal information we have collected, to delete it, to correct inaccuracies, and to opt out of any "sale" or "sharing" of it.
We do not sell or share personal information as those terms are defined under the CCPA. To submit a request, write to info@promptspotter.com.
15. Changes to this policy
We may update this policy from time to time. We will post the new version at this URL along with the effective date. For material changes affecting personal data processing, we will notify administrators at least 30 days in advance via email.
16. Contact us
- Privacy enquiries: info@promptspotter.com
- Security enquiries: info@promptspotter.com
- General support: info@promptspotter.com
- Postal: Charlie Bracken (sole trader, trading as PromptSpotter, United Kingdom) — registered postal address available on request via info@promptspotter.com.
If you are in the European Union, the United Kingdom, or Switzerland and a representative is required under Article 27 GDPR, we will publish the appointed representative's name and address here once formally engaged.
17. Related documents
This Privacy Policy sits alongside the other documents that make up our legal pack:
- Security overview — architectural and operational safeguards
- Sub-processors — the third parties that process data on our behalf
- Terms of Service — the contract for using the Service
- Data Processing Agreement — GDPR Article 28 terms for business customers
- Acceptable Use Policy — what the Service may and may not be used for