Account

Product/Privacy

Privacy Policy

Full policy for Promptly (website + Chrome extension).

1. Introduction

Promptly (“Promptly,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website, web applications, APIs, and the Promptly browser extension (collectively, the “Services”). By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

This policy is designed to follow common practices used in public templates (for example, general GDPR- style transparency, California notice elements, and plain-language summaries). It is not a substitute for legal advice. Laws vary by region; where they conflict, we aim to comply with the requirements that apply to us.

2. Who we are

Promptly is operated by the entity or individual responsible for the Services and the Chrome Web Store listing identified as “Promptly.” The “data controller” for personal data we determine the purposes and means of processing is that operator. For contact details, see Section 15 (Contact).

3. Scope

This policy applies to:

  • Visitors and users of our website (for example, promptly.com and related subdomains);
  • Users of the Promptly Chrome extension when it runs on supported third-party AI chat websites; and
  • API and account interactions tied to your Promptly account.

Third-party services (including AI chat providers and sign-in providers) have their own privacy policies. We do not control how they process data on their platforms.

4. Information we collect

We may collect the following categories of information:

4.1 Information you provide

  • Account data. When you create or access an account, we may collect your name, email address, and other identifiers depending on the sign-in method (for example, Google account information that the provider shares with us).
  • Content you submit. When you use features such as prompt improvement or generation, we process the text you submit through the extension or website, including the prompt text read from the supported chat interface and any instructions you add in Promptly.
  • Communications. If you email us or contact support, we collect the contents of those messages and related metadata.

4.2 Information collected automatically

  • Device and log data. IP address, browser type, operating system, referring URLs, pages viewed, date/time stamps, and similar diagnostics.
  • Usage data. API calls, approximate token or credit usage, feature usage, and error logs needed to run and secure the Services.
  • Cookies and similar technologies. On our website, we may use cookies, local storage, or similar technologies for session management, preferences, analytics (if enabled), and security. You can control cookies through your browser settings where applicable.

4.3 Extension-related data

  • Locally stored settings. The extension may store preferences (such as API base URL or UI options) using browser extension storage APIs on your device.
  • Authentication tokens. To call our APIs, the extension may cache short-lived tokens needed for Google sign-in flows and Promptly session handling, consistent with the extension’s manifest permissions.

5. How we use information

We use information to:

  • Provide, operate, maintain, and improve the Services;
  • Create and manage accounts and authenticate users;
  • Process prompts and return improved or generated text;
  • Enforce terms, usage limits, credits, or anti-abuse measures;
  • Monitor performance, debug issues, and protect security and integrity;
  • Comply with legal obligations and respond to lawful requests; and
  • Communicate with you about updates, security, or support (where permitted).

We do not sell your personal information in the common sense of selling lists to data brokers. We may use service providers who process data on our behalf under contract.

6. Legal bases (EEA, UK, and similar regions)

Where GDPR-style rules apply, we rely on one or more of the following:

  • Contract — processing needed to provide the Services you request (for example, running Improve).
  • Legitimate interests — for security, fraud prevention, service improvement, and analytics that are not overridden by your rights.
  • Legal obligation — where the law requires us to process data.
  • Consent — where we ask for it (for example, optional marketing cookies if we use them).

7. Sharing and disclosure

We may share information with:

  • Service providers who host infrastructure, databases, monitoring, email, analytics, or customer support tools;
  • AI and API providers when necessary to perform operations you initiate (for example, sending prompt text to a model API to return a result);
  • Professional advisors (lawyers, accountants) under confidentiality obligations;
  • Authorities if we believe disclosure is required by law, subpoena, or to protect rights, safety, or security; and
  • Business transactions — in connection with a merger, acquisition, financing, or sale of assets, subject to standard protections.

We require processors to use information only as instructed and to implement appropriate safeguards.

8. International transfers

We and our providers may process data in the United States and other countries. Those countries may not provide the same level of protection as your home country. Where required, we use appropriate safeguards (such as standard contractual clauses) or other lawful transfer mechanisms.

9. Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer period is required by law. Criteria include whether we have an ongoing relationship with you, whether we must meet legal or contractual duties, and whether retention is warranted for security or dispute resolution. We may retain de-identified or aggregated information where permitted.

10. Security

We implement reasonable technical and organizational measures designed to protect information. No method of transmission or storage is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials where applicable.

11. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and in some cases to data portability or withdrawal of consent. You may lodge a complaint with a supervisory authority. To exercise rights, contact us (Section 15). We may need to verify your identity.

12. California residents (summary)

If California law applies, you may have additional rights under the CCPA/CPRA, such as requesting access or deletion of personal information and opting out of certain sharing (we do not “sell” or “share” personal information for cross-context behavioral advertising as defined by CPRA if we do not operate such programs—adjust this sentence if that changes). You may designate an authorized agent where permitted. We will not discriminate for exercising rights.

13. Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps.

14. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and update the “Last updated” date. For material changes, we may provide additional notice (for example, a notice on the website or in-product message) where appropriate.

15. Contact

For privacy-related requests or questions, contact us using the email address on our Chrome Web Store developer listing.

Last updated: March 30, 2026