Privacy Policy

This Privacy Policy applies to PromptOS, including the PromptOS website, web application, public prompt pages, team workspace features, and the PromptOS Chrome extension.

PromptOS is operated by Product Musketeers. For the personal data we decide how and why to process, we act as the data controller under EU and UK data protection law.

PromptOS helps users save, organize, import, optimize, search, share, and reuse AI prompts across tools such as ChatGPT, Claude, Gemini, Perplexity, and similar AI services.

PromptOS is intended for professional and general productivity use. It is not intended for children under 16, and it is not designed for storing sensitive personal data such as health, government ID, financial account, or special-category data unless you have a lawful reason to do so.

Account and profile data: email address, display name, avatar URL, account identifiers, authentication provider identifiers, plan tier, onboarding status, and similar account settings.

Google sign-in data: if you choose Continue with Google, we receive basic profile information needed to authenticate you, such as your name, email address, profile image, and Google account identifier. We do not request access to Gmail, Google Drive, Google Calendar, or other Google account content.

Authentication and security data: session state, authentication tokens or cookies, login events, rate-limit records, device/browser metadata, IP-derived request metadata, and server logs needed to keep the service secure and available.

Prompt library data: prompt titles, bodies, descriptions, tags, categories, tools, folders, context blocks, versions, ratings, usage counts, imports, search metadata, generated embeddings, and similar prompt-management data you choose to create or upload.

Workspace and collaboration data: workspace names, slugs, roles, memberships, invitations, seat requests, auto-join domain settings, workspace-visible prompts, and related collaboration records.

Public and community data: prompts you publish publicly, submit to the community library, or make workspace-visible, together with review status, ratings, copy counts, and related metadata.

AI feature inputs and outputs: prompt text and supporting context you submit for categorization, import analysis, optimization, community review, or embedding generation, plus the generated result returned to you.

Chrome extension data: when you explicitly click Save, Optimize, Insert, or use the context menu save action, the extension may access selected page text or the current prompt text in the active AI chat composer. The extension also stores limited local state and authentication/session data in Chrome storage.

Feedback, privacy, and support data: messages, request type, email address, screenshots, page URL, and other information you submit through feedback, privacy, support, or account deletion requests.

Billing data: subscription status, plan, Stripe customer and subscription identifiers, checkout or invoice metadata, and transaction references. Payment card details are processed by Stripe and are not stored directly by PromptOS.

Cookie consent data: consent choices, consent or withdrawal action, consent identifier, policy version, banner version, page path, country code where available, and server-side hashed IP address and user-agent values. We do not store raw IP address or raw user-agent in cookie consent audit records.

Product and website analytics data: product actions such as prompt saves, copies, searches, shares, optimizations, imports, and workspace actions, plus website analytics or session-insight data such as page views, clicks, approximate device/browser information, and product error signals.

We process account, authentication, prompt, workspace, and billing data to provide PromptOS under our contract with you, including creating accounts, keeping you signed in, syncing libraries, running search, managing workspaces, enforcing plan limits, and processing subscriptions.

We process prompt content and AI feature inputs to provide the specific user-facing AI feature you request, such as categorizing a prompt, analyzing an import, optimizing a prompt, reviewing a community submission, or generating search embeddings.

We process transactional email, support, privacy request, feedback, security, and abuse-prevention data based on our legitimate interests in operating, improving, protecting, and supporting PromptOS, and where needed to comply with legal obligations.

We process billing, tax, accounting, and fraud-prevention records where necessary for contract performance, legitimate interests, and legal obligations.

We process cookie consent records to remember and document your cookie choices, including acceptance, rejection, preference changes, and withdrawal.

We process product analytics, website analytics, and service logs based on our legitimate interests in understanding usage, diagnosing bugs, improving the product, and measuring reliability.

We do not sell your personal data. We do not use your personal data for targeted advertising, creditworthiness, or lending decisions. We do not use your private prompt content to train our own general-purpose AI model.

PromptOS does not make decisions about you that have legal or similarly significant effects based solely on automated processing.

PromptOS uses Google sign-in through Supabase Auth. We use Google account information only to authenticate you, create or connect your PromptOS account, secure your session, and provide the service you requested.

PromptOS's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The PromptOS Chrome extension's use of information received from Chrome extension APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

The extension has a narrow purpose: save prompts, retrieve prompts from your library, optimize prompts, and insert prompts into supported AI chat interfaces when you ask it to do so.

The extension uses temporary active-tab access only after a user action. It may read selected text, read the current draft prompt, or insert selected library content into the active AI chat composer when you click the relevant extension command.

The extension does not passively monitor unrelated pages, collect browsing history for profiling, sell browsing data, use data for advertising, or use remote code.

The extension stores session data and limited local state in Chrome storage so you can stay signed in and complete prompt actions reliably.

Private prompts are intended to be visible only to you and to the service providers needed to operate PromptOS. Workspace-visible prompts and context may be visible to members of the relevant workspace according to their role and permissions.

If you create a public prompt link, anyone with access to that public page may view the shared prompt content. If you submit a prompt to the community library, PromptOS may review it and, if approved, show it to other PromptOS users.

Workspace owners and admins may see workspace membership, invitations, roles, seat requests, and workspace-visible content. If your organization asks you to use PromptOS, your organization may have its own privacy obligations and policies for content it instructs you to process.

Please do not submit secrets, API keys, passwords, confidential third-party data, or personal data about other people unless you have the right to process and share that information in PromptOS.

We may disclose information if required by law, to protect rights or security, to investigate abuse, to enforce our terms, or as part of a merger, acquisition, financing, reorganization, or asset sale, subject to appropriate safeguards.

We share personal data with service providers only as needed to operate, secure, support, and improve PromptOS.

Supabase provides authentication, PostgreSQL database hosting, storage, server-side functions, and related backend infrastructure.

Vercel provides application hosting, serverless execution, CDN, deployment, and related infrastructure services.

Google provides Google sign-in infrastructure when you choose Google authentication, and Chrome Web Store services for extension distribution.

Anthropic processes prompt text and supporting context when you request AI-powered categorization, import analysis, optimization, or community review features.

Stripe processes checkout, billing, subscription, payment, tax, and fraud-prevention data for paid plans.

Resend delivers transactional emails such as workspace invitations, seat-request notifications, billing notices, and account-related messages.

Formspree receives privacy, support, and account deletion form submissions when that form is used.

Osano provides cookie banner and preference interface tooling where enabled. PromptOS stores consent audit records in Supabase.

Contentsquare provides website analytics and session-insight tooling that helps us understand product issues and improve PromptOS.

We require service providers to process data only for permitted purposes and to protect it with appropriate confidentiality, security, and data protection safeguards.

PromptOS is operated for users in the EU and elsewhere. Our service providers may process personal data in the European Economic Area, the United Kingdom, the United States, or other countries where they or their subprocessors operate.

When personal data is transferred outside the EEA or UK, we rely on appropriate transfer mechanisms where required, such as adequacy decisions, Standard Contractual Clauses, data processing agreements, and supplementary safeguards provided by our vendors.

By using PromptOS, you understand that your data may be processed in countries that may have data protection laws different from those in your country.

We keep account, prompt, workspace, support, analytics, and billing data for as long as reasonably necessary to provide PromptOS, comply with legal obligations, resolve disputes, prevent abuse, maintain security, and enforce agreements.

Prompt library data remains in your account until you delete it, change its visibility, or delete your account. Public and community content remains available until removed, unpublished, rejected, or deleted according to product controls and moderation needs.

When you delete your account in Settings, PromptOS deletes your Supabase Auth user, removes your account record and personal prompt-library data from active systems, deletes your uploaded feedback files from Supabase Storage, cancels any active Stripe subscription linked to your account, removes your workspace memberships, and deletes workspaces you own.

If you own a workspace, deleting your account removes the workspace. Content created by other members may be disconnected from that workspace or returned to those users as private content rather than deleted as your personal data.

Some limited data may remain for a period in backups, logs, billing records, tax/accounting records, fraud-prevention records, legal records, or security records where deletion is not technically immediate or where retention is legally or operationally necessary. Backup and log data is protected and removed according to normal retention cycles.

Verified privacy and deletion requests submitted outside the in-app deletion flow will be handled without undue delay and ordinarily within one month, unless the law permits a longer period because of request complexity or volume.

Depending on where you live, including if you are in the EEA or UK, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of your personal data. You may also have the right to withdraw consent where processing is based on consent.

You can update or delete prompt content inside PromptOS, manage sharing settings, control which prompts are private, public, community-submitted, or workspace-visible, and delete your account from the Settings page.

You can stop using the Chrome extension at any time by removing it from Chrome. You can also sign out of PromptOS or revoke Google sign-in access through your Google Account settings.

We may need to verify your identity before fulfilling a privacy request, especially for access, portability, or deletion requests.

We will respond to GDPR rights requests without undue delay and ordinarily within one month. If we cannot fulfill a request, we will explain why, subject to legal limits.

You have the right to lodge a complaint with your local data protection authority. In the EEA, this may be the authority where you live, work, or where you believe an infringement occurred.

We use reasonable technical and organizational measures intended to protect personal data, including encrypted transport, Supabase Row-Level Security for user data, authenticated API access, server-side authorization checks, restricted administrative keys, rate limits, and vendor security controls.

No online service can guarantee absolute security. You are responsible for using a strong account password if you use password login, protecting access to your email and Google account, and avoiding the storage of secrets or highly sensitive data in prompts.

We may update this Privacy Policy from time to time to reflect product, vendor, legal, or operational changes.

If we make material changes, we will update the effective date on this page and take additional steps where appropriate, such as notifying users in-product or by email.

For privacy questions, data requests, or account deletion requests, use the contact form below.

You can also contact us at promptos@productmusketeers.com. Please use the email address associated with your PromptOS account where possible so we can verify your request.