Privacy Policy

Account Information:

When you create an account, we collect your email address, chosen password (encrypted), and subscription preferences. We may also collect billing information through our payment processor (Stripe) for subscription management.

Usage Data:

We collect information about how you use our service, including:

• Optimization requests and results for template saving

• API usage patterns and quota consumption

• Performance metrics and error logs for service improvement

• Dashboard interactions and feature usage analytics

Prompts and Templates:

Your original prompts, optimization results, and automatically saved templates are stored in our secure cloud database. This data includes optimization goals, confidence scores, timestamps, and associated metadata for your reference and audit purposes.

Service Provision:

We process your prompts solely to provide optimization services. Your prompt data is used to generate improved versions based on your selected optimization goals and is automatically saved as templates for your future reference.

Account Management:

We use your account information to manage subscriptions, process payments, provide customer support, and communicate important service updates or security notifications.

Service Improvement:

We may use anonymized, aggregated data from optimization patterns to improve our algorithms and service quality. Individual prompts or templates are never shared or used for training purposes without explicit consent.

Security and Compliance:

We monitor usage patterns to detect and prevent abuse, ensure fair usage according to subscription limits, and maintain the security and integrity of our platform.

Cloud Infrastructure:

All optimization processing occurs in our secure cloud environment hosted on Northflank with enterprise-grade security. Your prompts are processed in real-time and results are stored as templates in our Supabase PostgreSQL database with encryption at rest.

Local MCP Bridge:

Our NPM package (mcp-prompt-optimizer) acts as a local proxy between MCP clients and our cloud API:

• No prompt data is stored or processed locally

• Only your API key is stored locally for authentication

• All requests are forwarded directly to our cloud infrastructure

• No caching or logging of sensitive content occurs on your local machine

Data Flow:

Prompt data flows from your MCP client → NPM bridge → Cloud API → Processing → Template storage. At no point is sensitive prompt data retained locally beyond the immediate request-response cycle.

Encryption:

All data is encrypted in transit using HTTPS/TLS 1.3 and at rest using AES-256 encryption. API keys are hashed using industry-standard cryptographic methods before storage.

Access Controls:

We implement role-based access control (RBAC) ensuring that your templates and data are accessible only to your authenticated account. Our staff cannot access your prompt content or templates without explicit permission for support purposes.

Infrastructure Security:

Our cloud infrastructure includes:

• SOC 2 Type II compliant hosting on Northflank

• Regular security audits and penetration testing

• Automated threat detection and response systems

• Secure database hosting through Supabase with enterprise security features

API Security:

API keys follow industry standards (sk-opt-* format) and include rate limiting, usage monitoring, and automatic revocation capabilities for suspicious activity.

Automatic Template Saving:

Every successful optimization is automatically saved as a structured template with rich metadata including timestamps, optimization goals, confidence scores, and request identifiers. This provides you with a comprehensive optimization history.

Data Retention Policy:

• Templates are retained for the lifetime of your account plus 90 days after termination

• You can export your template data at any time through the dashboard

• Complete data deletion is available upon request

• Backup copies are maintained for disaster recovery for up to 30 additional days

Template Privacy:

Your templates are private and accessible only through your authenticated account. They are never shared between users, used for training AI models, or accessed by our staff without explicit permission for technical support purposes.

Payment Processing:

We use Stripe for secure payment processing. Stripe handles all credit card information according to PCI DSS standards. We do not store complete payment information on our servers.

Cloud Infrastructure:

Our service relies on enterprise-grade third-party providers:

• Northflank for application hosting and deployment

• Supabase for database services and real-time features

• OpenAI for some optimization processing (prompts are not used for training)

NPM Package Distribution:

Our MCP bridge package is distributed through the official NPM registry. NPM's privacy policy applies to package downloads and installation analytics.

Analytics and Monitoring:

We use privacy-focused analytics to monitor service performance and usage patterns. No personally identifiable information is shared with analytics providers.

Data Access:

You can access all your stored data through the dashboard, including templates, usage history, and account information. API endpoints are available for programmatic access to your templates.

Data Portability:

You can export your template history and optimization data in standard formats (JSON, CSV) at any time through the dashboard export functionality.

Data Correction:

You can update your account information through the dashboard. Template data reflects historical optimization results and cannot be modified, but can be deleted.

Data Deletion:

You can request complete data deletion by contacting support. This includes all templates, account information, and associated metadata. Note that some data may be retained for legal compliance or security purposes.

Consent Withdrawal:

You can withdraw consent for data processing by terminating your account. Service functionality will cease, but you have 90 days to export your data before permanent deletion.

Data Location:

Your data is primarily stored and processed in secure data centers operated by our cloud providers (Northflank, Supabase). These services may involve international data transfers subject to appropriate safeguards.

Transfer Safeguards:

International transfers are protected by:

• Standard Contractual Clauses (SCCs) with our cloud providers

• Adequacy decisions where applicable

• Enterprise-grade security measures regardless of location

Regional Compliance:

We comply with applicable data protection regulations including GDPR, CCPA, and other regional privacy laws based on your location and our service operations.

Essential Cookies:

We use essential cookies for authentication, session management, and security. These are necessary for the service to function and cannot be disabled.

Analytics Cookies:

We use privacy-focused analytics to understand service usage and improve performance. These cookies do not track personal information across websites.

No Third-Party Tracking:

We do not use third-party advertising networks or tracking cookies. Our NPM package does not include any tracking mechanisms beyond standard NPM download statistics.

Policy Updates:

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be announced through:

• Email notification to registered users

• Dashboard notifications for active subscribers

• Website announcement with 30-day advance notice

Continued Use:

Continued use of our service after policy changes constitutes acceptance of the updated terms. If you disagree with changes, you may terminate your account before they take effect.

Version History:

Previous versions of this policy are available upon request for reference and compliance purposes.

Privacy Questions:

For questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@promptoptimizer.com

• Support Portal: Available through dashboard for subscribers

• Legal Inquiries: legal@promptoptimizer.com

Data Protection Officer:

For GDPR-related inquiries, you can contact our Data Protection Officer through the privacy email above.

Response Times:

We aim to respond to privacy inquiries within 72 hours for urgent matters and within 30 days for general requests as required by applicable law.