v7.6.6

PromptSafe
Log in

Privacy Policy

We built PromptSafe with privacy as the foundation, not an afterthought.

Your Documents Never Leave Your Device

All text processing, AI detection, and anonymization happens 100% locally in your browser. We cannot see, access, or store your documents because they never reach our servers.

No Upload
No Storage
No Tracking
No Selling

The Short Version

  • Your documents and text are processed entirely in your browser and never sent anywhere
  • All processing libraries (AI model, PDF reader, OCR) download once and run locally on your device
  • We don't track what you type, paste, or anonymize
  • We only collect email (for login) and payment info (for Pro subscriptions)

What We DON'T Collect

Unlike most web applications, we have no ability to access:

Data Type Collected? Why
Your documents / text Never Processed locally in browser
Detected sensitive items Never Stays in your browser only
Mapping vault data Never Stored locally in your browser
Anonymized output Never Generated and kept locally
Uploaded files (PDF/DOCX) Never Read locally, never uploaded

What We DO Collect

We collect minimal data required to provide the service:

Account Information

  • Email address - Required for account creation and login (via Supabase Auth)
  • Subscription status - Whether you're on Free or Pro plan

Payment Information (Pro Users Only)

  • Payments are processed by Stripe
  • We never see or store your full card number
  • We only receive: last 4 digits, card type, and billing status

Basic Analytics

  • Page views and general usage patterns (no personal data)
  • We do NOT track what you type, paste, or process

How Local Processing Works

When you use PromptSafe:

  1. You paste text or upload a file - It stays in your browser's memory
  2. AI model runs locally - The BERT-NER model runs in your browser via WebAssembly
  3. Detection happens on-device - Names, emails, and IDs are found without any network calls
  4. Anonymization is instant - Placeholders replace sensitive data locally
  5. You copy the result - The anonymized text never touches our servers

Verify It Yourself

  1. Open your browser's Developer Tools (F12 or right-click → Inspect)
  2. Go to the Network tab
  3. Process a document in PromptSafe
  4. You'll only see library downloads (JS, WASM, fonts) - never your text content

Third-Party Services

We use the following services, none of which receive your document content:

Service Purpose Data Shared
Supabase Authentication Email, login sessions only
Stripe Payment processing Payment info (Pro users only)
Hugging Face AI model hosting Model download request only (one-time)
Netlify Website hosting Standard web logs (IP, user agent)
Cloudflare CDN / Security Standard web traffic

Chrome Extension

The PromptSafe Chrome Extension provides the same privacy-first approach directly within ChatGPT and Claude.

How the Extension Works

  • Document processing: PDF and DOCX files are extracted and processed entirely in your browser — document content is never uploaded to any server
  • PII detection: All sensitive data detection happens locally using the same engine as the web app
  • Text injection: Anonymized text is inserted directly into ChatGPT/Claude's text box

Extension Permissions Explained

Permission Why We Need It
chatgpt.com, claude.ai To inject the PromptSafe panel and button into these pages
promptsafe.app To connect your subscription after login (auth bridge)
storage To save your login session locally in Chrome
offscreen To process PDFs in the background without blocking the UI

What the Extension Sends

  • Authentication: Your email is sent to Supabase for magic link login
  • Subscription check: Your user ID is sent to verify your plan status
  • Nothing else: Document content, detected entities, and anonymized text stay entirely in your browser

What the Extension Stores Locally

  • Authentication tokens (in chrome.storage.local)
  • Your subscription status (plan type, entity limits)

Limited Use Disclosure: The PromptSafe extension's use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Data Retention

  • Your documents: Never stored - exist only in your browser during your session
  • Mapping vault: Stored in your browser's local storage until you clear it
  • Account data: Retained until you delete your account
  • Payment history: Retained as required by law (typically 7 years)

Your Rights

You have the right to:

  • Access your account data
  • Delete your account and associated data
  • Export your data
  • Opt out of marketing emails

To exercise these rights, contact us at hello@promptsafe.app

Cookies

We use minimal cookies:

  • Authentication cookies - To keep you logged in
  • Preference cookies - To remember your settings (like Smart Scan toggle)

We do NOT use advertising cookies or third-party tracking cookies.

Children's Privacy

PromptSafe is not intended for children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy from time to time. We'll notify users of significant changes via email or a notice on our website.

Contact Us

Questions about privacy? Contact us at:

Last updated: February 6, 2026

Back to PromptSafe