Privacy Policy

1. Summary

Promptseng is a prompt-engineering workbench. We store only what we need to deliver the product and improve prompt quality. Your LLM API keys are yours; your prompt runs are yours; we do not sell your data.

2. What we collect

• Account data: email, display name, OAuth identifiers provided by Google/GitHub.
• Prompt usage history: which prompts you ran, model, token counts, and agreement scores. Retained for 30 days by default.
• API keys (BYOK): you bring your own keys for OpenAI / Anthropic / Google. We encrypt them at rest with AES-256-GCM using a server-only secret. We never log raw keys.
• Server logs: request paths, status codes, and latency. IP addresses are truncated. Retained for 30 days.

3. What we do NOT store

• Raw model outputs beyond your usage history. Responses from your BYOK providers are returned to you and not retained long-term.
• Payment card numbers. Stripe handles payments directly.

4. GDPR / CCPA

Users in the EU and California have the right to access, correct, export, and delete their data. Email privacy@promptseng.com and we'll respond within 30 days. Account deletion purges all rows in profiles, user_api_keys, prompt_usage_history, and user_saved_prompts.

5. Third parties

• Supabase — database and auth.
• Railway — hosting.
• Stripe — payments (when enabled).
• PostHog — product analytics (optional, opt-out via DNT).

6. Contact

Questions? Write to privacy@promptseng.com.

Terms of Service →