Your privacy is important to us. This Privacy Policy explains how Keep My Prompts collects, uses, and protects your personal information when you use our service.

1. Data We Collect

We collect the following information when you use Keep My Prompts:

Account information: email and name (if provided via Google OAuth)
User content: the prompts, categories, and tags you create (encrypted before storage - see Section 3)
Usage data: daily activity tracking (which pages you visit, not what you do on them), subscription tier changes, and AI feature usage counts
Payment information: processed securely via Stripe (we do not store card data)
Analytics data: anonymous page view statistics collected via Umami (privacy-friendly, no personal data, no cookies)

2. How We Use Your Data

We use the collected information to:

Provide and maintain the service
Process payments and manage subscriptions
Send you important communications about the service (subscription changes, account deletion, team invitations)
Improve the service based on anonymous usage patterns
Process your prompts through AI features when you explicitly request it (Prompt Score, Promptimizer Agent)

3. Data Storage, Encryption, and Security

Your prompt data (title, content, notes) is encrypted with AES-256-GCM before being stored in our database. This is a zero-knowledge encryption model: we cannot read your encrypted prompt data, even with database access. The encryption key is stored separately from the database and is never exposed. Your data is hosted on PostgreSQL servers with additional encryption at rest and in transit (TLS). We implement industry-standard security measures to protect your information from unauthorized access.

5. Third-Party Services

We use the following third-party services to operate Keep My Prompts:

PostgreSQL / Self-hosted - PostgreSQL database and self-hosted application (EU servers)
Stripe - Payment processing (PCI DSS compliant, we never see your card details)
Resend - Transactional emails (subscription notifications, team invitations, account deletion confirmations)
Perplexity - AI prompt analysis and optimization (receives only prompt text, no personal data)
Umami - Privacy-friendly web analytics (no cookies, no personal data, GDPR compliant)

4. Data Sharing and AI Processing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Your prompts are never used to train AI models. When you use AI features:

Prompt Score and Promptimizer Agent send only the text of your prompt to the Perplexity API for analysis. No personal information (email, name, account details) is included in these requests
AI processing results (scores, optimized variants) are stored in our database associated with your account for caching purposes
You can choose not to use AI features - they are opt-in and only activated when you explicitly click the corresponding buttons

6. Team Data

If you use a Team plan, the following additional data practices apply:

Team prompts are shared among all team members and encrypted with the same AES-256-GCM standard as personal prompts
Team members can see each other's contributions (e.g., who saved a version), but only within the team context
The team manager can invite and remove members. Removed members immediately lose access to all team data
Team invitation emails contain only the team name, inviter email, and an invitation link - no prompt content is shared in invitations

7. Data Retention

We retain your data as follows:

Account data and prompts: retained as long as your account is active
Version history: retained as long as the associated prompt exists
AI optimization results: retained for caching purposes (to avoid re-processing identical prompts) as long as your account is active
Activity data: daily activity records are retained for analytics purposes
After account deletion: all data is permanently deleted after the 14-day grace period (see Section 8)

8. Account Deletion

You can request account deletion from the Settings page. Upon request:

A 14-day grace period begins, during which you can cancel the deletion via a link sent to your email
After 14 days, all your data is permanently and irreversibly deleted: prompts, categories, tags, versions, ratings, optimization history, and account information
Active Stripe subscriptions are automatically cancelled at the time of the deletion request

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

Access your personal data at any time through your account
Request correction of inaccurate data
Request deletion of your data (via the account deletion feature in Settings)
Export your data in a portable JSON format at any time from Settings
Object to processing - you can stop using AI features at any time, and your prompts will remain encrypted and unprocessed

10. Cookies

We only use essential cookies necessary for the service to function: session cookies for authentication, a language preference cookie, and a theme preference cookie. We do not use tracking or advertising cookies. Our analytics tool (Umami) is cookieless and does not track individual users. For more details, see our Cookie Policy.

11. Contact Us

For any questions about our Privacy Policy or to exercise your data rights, contact us at: support@keepmyprompts.com