Privacy Policy

Effective Date: 11/04/25 Last Updated: 11/04/25

1. Introduction

This Privacy Policy explains how PromptBuddy collects, utilizes, secures, and discloses information obtained from users ("User," "you," or "your") of the PromptBuddy Chrome Extension (referred to as the "Extension"). PromptBuddy is designed to improve your experience with Large Language Model (LLM) chat platforms. To provide personalized features and manage access (including potential subscription tiers), PromptBuddy requires users to create and log into an account. Our functionalities include bookmarking relevant prompts ("Bookmark"), assisting with prompt creation ("Magic Prompt Writer"), identifying previously used prompts ("Auto-detect"), allowing local export of conversations ("Export Conversation"), and enabling secure archival of entire chat sessions ("Superbook Mark"), all linked to your user account.

We are dedicated to protecting your privacy. This document details our procedures concerning data handled locally within your browser and data securely stored on our servers associated with your account. Your installation, account creation, and use of the PromptBuddy Extension constitute your agreement to the terms outlined in this policy. If you disagree with any part of this policy, you should refrain from creating an account, installing, or using the Extension.

2. Information We Collect

To deliver PromptBuddy's personalized features, manage accounts, and handle subscriptions, we gather specific categories of information.

• A. Information You Provide Directly for Account Creation and Management:

  • Account Credentials: When you create a PromptBuddy account, we collect information necessary for authentication, typically including your Email Address and a Password (which we store securely using industry-standard hashing techniques, never in
  • Support and Feedback Communications: Should you contact us directly (e.g., via email), we collect your email address, User ID (if logged in or provided), and the content of your communication to respond effectively.

• B. Data Processed and Stored Locally (Exclusively on Your Device):

  • Extension Configuration Data: Your personalized settings and preferences for the Extension's operation, potentially including opt-in/opt-out choices for optional data collection, are saved within your browser's local storage system.
  • Ephemeral Session Information: Temporary data required for immediate actions, such as holding conversation content momentarily while generating a file for the "Export Conversation" feature before you initiate the save action. This data is not retained by the Extension once the task is completed.
  • Magic Prompt Writer Input Processing:
    • Secure Ephemeral Server Processing: For generating more advanced suggestions or utilizing complex templates, the prompt text you are currently inputting might be sent securely via HTTPS encryption to our servers solely for real-time processing. This data is used exclusively to return the suggestion, is immediately discarded after processing, and is never stored or associated with your User Account or other saved data on our servers.

• C. Data Transmitted To and Stored on Our Servers (Linked to Your User Account): Certain PromptBuddy features necessitate persistent storage associated with your account for functionality, synchronization across sessions/devices, backup, or access reliability (particularly for Superbook Mark during LLM service disruptions). The data listed below is encrypted during transit (using HTTPS) and stored securely within our databases, linked directly to your User ID:

  • User Account Information: Your User ID, Email Address, hashed password, Subscription Status, Account Settings (including privacy preferences), and any optional profile information you provided.
  • Bookmarked Prompt Content: When you utilize the "Bookmark" feature, the text content of the specific prompts you designate for saving is transmitted and stored, linked to your account.
  • Data for Auto-Detect Functionality: To enable the recognition of similar past queries, the text content of relevant prompts (sourced from your ongoing interactions and/or saved Bookmarks associated with your account) is sent to our servers for storage and indexing, linked to your account.
  • Superbook Mark Conversation Archives: Upon choosing to save a conversation using the Superbook Mark feature, the complete textual content of that specific chat session (encompassing both your input prompts and the responses generated by the LLM) is securely transmitted and stored in our database, linked to your account.
  • Associated Metadata: For both Bookmarks and Superbook Mark entries, we store supplementary information such as the timestamp indicating when the entry was saved, and any descriptive tags or notes you voluntarily add, linked to your account.
  • System Operational Data: We log technical details linked to server requests for operational purposes (debugging, security, service health), which includes information like the Extension version, timestamp, User ID, IP address (potentially anonymized where feasible), and request details.

• D. Usage and Diagnostic Data Collection: To help us improve PromptBuddy and troubleshoot issues, we may offer you the option to share certain usage and diagnostic data. 

Usage Analytics: We may collect pseudonymized data about how you interact with the Extension's features (e.g., which features are used most often, clicks on certain buttons). This data may be linked internally to your User ID to understand usage patterns across different user segments (e.g., subscription tiers) but is aggregated for analysis. We use tools like Google Analytics for this purpose. This data explicitly excludes the text content of your prompts and conversations. 

• Error Diagnostics: If the Extension encounters a technical fault, diagnostic reports may be sent automatically if you have opted in. These reports typically include technical details like error messages (stack traces), Extension version, browser type, operating system, and potentially your User ID to help us identify and fix bugs, especially those affecting specific accounts or configurations. These reports strictly exclude the text content of your prompts and conversations.

• E. Explicitly Excluded Data Collection: We categorically DO NOT collect or store: 

  • Your passwords for the LLM services you access while using the Extension.
  • Your full payment card numbers, bank account details, or similar sensitive financial information (this is handled directly by our Third-Party Payment Processor).
  • Your general web browsing history beyond the direct interactions on the specific LLM chat pages necessary for the Extension's designated functions

3. How We Utilize Collected Information

The information gathered serves the following specific purposes:

• Delivering Core Extension Services & Managing Accounts:

  • To authenticate you and manage your User Account, including your settings and preferences.
  • To securely persist your saved Bookmark prompts and archived Superbook Mark conversations linked to your account on our servers.
  • To retrieve your stored prompts and conversations from our servers when you access these features through the Extension interface, logged into your account.
  • To perform plain text. We will also assign you a unique User ID.
  •  Name: We may collect your name if you choose to provide it during registration or profile setup.
  • Subscription Information (Managed via Third Party): If you subscribe to a paid tier, our designated Third-Party Payment Processor (Razorpay) will collect payment information directly. We receive confirmation of your payment and subscription status (e.g., tier level, renewal date) from the processor, linked to your User ID, but we do not directly collect, store, or process your full payment card numbers or financial account details.
  • Support and Feedback Communications: Should you contact us directly (e.g., via email), we collect your email address and the content of your communication.
  • Managing Subscriptions: To process and manage your subscription status based on information received from our payment processor. To grant or restrict access to features based on your current subscription tier.

• Maintaining and Enhancing the Service:

  • To monitor the health and performance of our server infrastructure.
  • To identify and rectify software bugs using associated technical logs (potentially linked to User IDs for targeted troubleshooting) or optional error/performance diagnostics.
  • To gain insights into user engagement patterns through optional aggregated usage statistics, informing future feature development and improvements.

• Ensuring Security and Preventing Misuse:

  • To monitor our systems for potential security vulnerabilities or unauthorized access attempts, utilizing operational logs which include User IDs.
  • To investigate activities that may violate our terms of service or legal requirements.

• Facilitating User Communication:

  • To send important account-related notices (e.g., password resets, subscription confirmations, policy updates) to your registered email address.
  • To effectively respond to your user inquiries, provide technical support, and address feedback received via direct channels like email.

• Fulfilling Legal and Regulatory Obligations:

  • To comply with applicable legal statutes, regulations, financial record-keeping requirements, court orders, or other lawful governmental requests.

4. Data Storage, Security Protocols, and Geographic Location

The security of your data, especially your account information and stored content, is paramount.

• Server-Based Storage: Data actively saved through features (Bookmarks, Auto-Detect base prompts, Superbook Mark conversations), your User Account information (email, hashed password, User ID, subscription status), associated metadata, is stored within our secured database systems hosted on robust server infrastructure.

  • Geographic Location of Servers: Our primary data storage and processing servers are situated in the United States.
  • Hosting Infrastructure Provider: We partner with leading, reputable third-party cloud service providers, such as Microsoft Azure, selected for their adherence to stringent security certifications and practices.

• Implemented Security Safeguards: We employ a comprehensive suite of industry-standard technical and administrative security measures designed to safeguard the data residing on our servers against unauthorized access, modification, disclosure, or deletion. These measures include:

  • Encryption During Transit: All data communication between the PromptBuddy Extension and our servers is secured using strong Transport Layer Security (TLS/HTTPS) encryption.
  • Encryption At Rest: Sensitive data stored within our database infrastructure (including account details like email and hashed passwords, and your stored prompts/conversations) is protected using robust, modern encryption algorithms.
  • Secure Password Handling: User passwords are never stored in plaintext; we use strong, one-way hashing algorithms.
  • Strict Access Control Policies: Access to production databases and underlying infrastructure is strictly limited on a need-to-know basis to authorized personnel solely for essential system administration, maintenance, support, and security functions.
  • Continuous Security Monitoring and Review: We regularly assess and update our security architecture, protocols, and practices to adapt to evolving threats.

• Third-Party Payment Processing: We utilize Razorpay to handle all subscription payments. Your full payment information is provided directly to them via their secure platform; PromptBuddy does not receive or store your full credit card number or bank details. 

• Inherent Security Limitations Disclaimer: While we are committed to maintaining high security standards, no digital transmission or electronic storage system can be guaranteed to be 100% impenetrable. We cannot warrant absolute security against all unforeseen circumstances or malicious attacks. Users also bear responsibility for choosing a strong, unique password and maintaining the security of their own computer, browser, and account credentials.

• Local Device Storage: Data not intended for server storage (like some Extension settings or temporary export data) is kept within your browser's standard local storage facilities on your device.

5. Data Disclosure and Sharing Practices

We do not sell, trade, or lease your personal information or stored chat content. We limit the sharing of information solely to the essential circumstances detailed below:

• Essential Third-Party Service Providers: We collaborate with trusted external service providers who perform critical functions necessary for operating and maintaining the PromptBuddy service. These may include:
  • Cloud Hosting and Database Infrastructure: (Microsoft Azure) Hosts the servers where your account data and content are stored. They operate under strict confidentiality and data protection agreements.
  • Payment Processors: (Razorpay) Process subscription payments directly. We share necessary information (like your User ID or email) with them to identify your account and manage subscription status, and they provide us with confirmation details. They do not receive your saved prompt/conversation content.
  • Usage Analytics Platforms: (Google Analytics) Employed for processing pseudonymized, aggregated usage statistics. Data shared is limited according to the platform's requirements and our configuration, and excludes your chat content.
• Legal Compliance and Lawful Requests: We may disclose collected information (including account information and potentially stored content) if legally obligated to do so by applicable law, regulation, valid subpoena, court order, or other formal request from public authorities. We will attempt to notify you of such requests unless prohibited by law or urgent circumstances. We may also disclose information if we believe in good faith that action is necessary to protect our legal rights, property, or safety, or that of our users or the public, or to investigate fraud or security concerns.
• Corporate Transactions (e.g., Merger, Acquisition): If PromptBuddy undergoes a business transition like a merger, acquisition, bankruptcy, or asset sale, user information (including account data and content) might be transferred. We will provide prior notice (e.g., via email or prominent notice) before your information is transferred and becomes subject to a different privacy policy, allowing you to delete your account if desired.
• Protection of Rights and Property: We reserve the right to disclose information when necessary to investigate, prevent, or act regarding potential illegal activities, fraud, threats to safety, violations of our Terms of Service, or as otherwise mandated or permitted by law.
• Aggregated, Anonymized Data Sharing: We may share data that has been thoroughly aggregated and anonymized (irreversibly stripped of any link to individual users or accounts) for purposes like statistical analysis or industry reporting.

6. Data Retention Policies

We retain different categories of data for varying durations:

• User Account Information: Retained as long as your PromptBuddy account remains active.
• Server-Stored Content (Bookmarks, Auto-Detect Base, Superbook Mark Archives): Retained while linked to your active account, until you delete the specific content or delete your account.
  • User-Initiated Content Deletion: Purged from active databases typically within 7 to 15 calendar days after deletion request via the interface.
  • Account Deletion: Triggers deletion of account info and associated content from active systems, typically completed within 30 to 90 days.
• Operational Logs: Retained for a limited period necessary for security, debugging, and analysis (e.g., 30), then typically anonymized or deleted, unless required for specific ongoing investigations or legal obligations.
• Subscription and Payment Records: Transaction confirmations may be retained longer as required by financial, tax, or legal regulations (e.g., 7 years), even after account deletion.
• Optional Usage Analytics & Error Logs: Retained as needed for analysis (e.g., 12-24 months), then pseudonymized data may be further aggregated or deleted.
• Backup Archives: Data may persist in secure, encrypted system backups for disaster recovery for a limited period (e.g.,45 to 90 days) after deletion from active systems, before being permanently erased.
• Direct Communication Records (Emails): Retained as needed for support history and standard business practices.

7. Your Privacy Rights and Choices

You possess rights concerning your personal information and data associated with your PromptBuddy account:

• Right to Access: Access much of your account info and stored content via the Extension interface or account settings in your “Profile Settings”. Request confirmation and access to other personal data by contacting us.
• Right to Rectification: Update account info via “Profile Settings” in settings. Edit metadata within the Extension. Contact us for other corrections.
• Right to Erasure ('Right to be Forgotten'): Delete individual content items via the Extension. Delete your account and associated personal data by contacting support@thepromptbuddy.com. See Section 6 for retention details post-deletion.
• Right to Restrict Processing: Under specific legal circumstances, request a temporary restriction on processing.
• Right to Data Portability: Where applicable by law, request a copy of your provided personal data (account info, content) in a common machine-readable format. Contact us.
• Right to Object: Object to certain processing (e.g., direct marketing). Note that processing for core service delivery is necessary.
• Managing Communications: Manage non-essential communication preferences (if any) via settings or unsubscribe links. Essential transactional emails cannot be opted out of.
• Exercising Your Rights: Use account settings and Extension interface first. For other requests, contact privacy support at  support@thepromptbuddy.com. We respond to verifiable requests as required by law.

8. Commitment to Children's Privacy

PromptBuddy requires account creation and is not designed for or targeted at children under 13 (or 16 in EU/UK, unless law provides otherwise). We do not knowingly collect personal information from underage individuals. If we learn of such collection, we will delete the account/data promptly. Parents/guardians, contact us if you believe your child created an account.

9. Explanation of Chrome Extension Permissions

PromptBuddy requires only the necessary Chrome permissions:

• Storage: Used to save local settings, sessions, and privacy preferences.
• Side panel: Enables quick access to bookmarks and tags without disrupting browsing.
• Active tab: Detects tab changes to adjust features dynamically.
• Scripting: Powers PDF export, bookmarks, and superbookmarks.
• Tabs: Tracks page transitions to update features in real time.
• AILanguageModelOrigin: Tests AI features like summarisation and smart prompts.
• Identity: Supports real-time updates across tabs and sessions.
• Cookies: Accesses login cookies from promptbuddy.com for secure sessions.
• WebRequest: Captures submitted prompts to suggest similar ones locally.
• Host: Checks login status on dashboard.promptbuddy.com to enable features.

We practice permission transparency.

10. International Data Transfers

Your personal information (account details, subscription status) and stored content (Bookmarks, Superbook Mark archives) will be transferred electronically from your location to our servers in the United States. Data protection laws may differ. We ensure secure treatment per this policy (HTTPS, secure hosting). By creating an account and using PromptBuddy, you explicitly acknowledge and consent to the transfer, processing, and storage of your data in the United States as described.

11. Modifications to This Privacy Policy

We may provide the service to you.

• Legal Compliance and Lawful Requests: We may disclose collected information (including account information and potentially stored content) if legally obligated to do so by applicable law, regulation, valid subpoena, court order, or other formal request from public authorities. We may also disclose information if we believe in good faith that such action is necessary to protect our legal rights, ensure the safety of our users or the public, investigate fraudulent activities, or respond appropriately to a government request.
• Corporate Transactions (e.g., Merger, Acquisition): In the scenario where PromptBuddy undergoes a major business transition, such as a merger, acquisition by another entity, bankruptcy proceeding, or the sale of all or a significant portion of its assets, user information (including your account data and associated content) might be among the assets transferred. In such an event, we will endeavor to provide prior notice (for instance, via email to registered users or a prominent notice on our website/Extension) before your information is transferred and becomes subject to a different privacy policy.
• Protection of Rights and Property: We reserve the right to disclose information when we deem it necessary to investigate, prevent, or take action concerning potential or suspected illegal activities, fraud, situations posing potential threats to the physical safety of any individual, violations of our Terms of Service, or as otherwise mandated or permitted by law.
• Aggregated, De-identified Data Sharing: We may occasionally share statistical data derived from usage patterns, but only after it has been aggregated and de-identified such that it cannot reasonably be linked back to any individual user or specific account/content. This type of data might be used for purposes like statistical analysis, academic research, or illustrating usage trends.

12. How to Contact Us

For questions, concerns, or requests about this policy or our practices:

• By Email:  support@thepromptbuddy.com
• Via Website (if applicable): https://www.thepromptbuddy.com