Prompt Vault
by A.L. Jenkins Technology Partners
Privacy Policy
Last updated: May 20, 2026
This Privacy Policy describes how Prompt Vault ("we", "us", "the extension") collects, uses, and protects information when you use the Chrome extension and any related services. By installing or using Prompt Vault, you agree to this policy.
The short version: Your saved prompts stay on your device. We only collect data when you choose to share a prompt publicly. We never sell your data, never use it for advertising, and never collect your real IP address or identity.
1. Information We Collect
1.1 Stored locally on your device (not transmitted to us)
Prompt Vault stores the following data only on your device using Chrome's local storage:
- Prompts you create or save (text, titles, tags)
- Your pin and usage history
- App preferences and settings
This data never leaves your computer unless you explicitly choose to share a prompt to the community.
1.2 Data we receive when you share a prompt publicly
When you choose to share a prompt to the public Discover feed by clicking "Share to community," we receive:
- The prompt text and title you submit
- The category and AI model you select
- Your optional handle/username (if you provide one)
- A cryptographically hashed version of your IP address (used only for abuse prevention)
- Your browser's user agent string (for spam detection)
- A Cloudflare Turnstile captcha verification token
About IP hashing: We never store your real IP address. Instead, we apply a one-way SHA-256 hash with a secret server-side salt before storage. The hash cannot be reversed to reveal your IP, even by us. We use this hash purely to detect and prevent abuse (rate limiting, ban evasion).
1.3 Data we do NOT collect
- Real IP addresses
- Email addresses
- Names or real identities
- Browsing history outside the extension
- Content from web pages you visit
- Cookies or tracking data
- Analytics or behavioral data
2. How We Use Information
| Data | Purpose |
|---|
| Submitted prompt text | Display in the community marketplace after moderation |
| Hashed IP | Rate limiting, spam prevention, ban enforcement |
| User agent | Detect automated submission tools |
| Optional handle | Attribute submitted prompts to a creator name you choose |
| Moderation scores | Determine if a submission passes our content policy |
3. Third-Party Services
To operate the community marketplace, we share submitted prompt text with the following services:
3.1 Supabase
We use Supabase (operated by Supabase Inc.) to host the community database and run our moderation infrastructure. Supabase processes all submitted prompts on our behalf. See Supabase's Privacy Policy.
3.2 OpenAI (moderation only)
Submitted prompts are sent to OpenAI's Moderation API to detect harmful content (hate speech, violence, sexual content, self-harm, harassment). According to OpenAI's policy, content sent to the Moderation API is not used to train OpenAI models. See OpenAI's Privacy Policy.
3.3 Cloudflare
We use Cloudflare Turnstile to verify that submissions come from humans rather than bots. Turnstile does not use tracking cookies. See Cloudflare's Privacy Policy.
We do not sell, rent, or share your data with any other third parties for marketing, advertising, or analytics purposes.
4. Data Retention
- Local data: Stays on your device until you delete the extension or clear its storage.
- Approved community prompts: Retained indefinitely while live in the marketplace. You can request removal of any prompt you submitted by contacting us.
- Pending and rejected submissions: Retained for up to 90 days for moderation audit purposes, then deleted.
- Hashed IPs in rate-limit records: Automatically purged 30 days after the last submission.
- Abuse reports: Retained for 1 year after resolution for pattern analysis.
5. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of any prompts you've submitted (identify them by handle or contact us).
- Deletion: Request removal of any community prompt you submitted at any time.
- Report: Flag any community prompt you believe violates our policies. Three independent reports automatically hide a prompt pending review.
- Local deletion: Uninstall the extension at any time to remove all locally stored data.
For GDPR-covered users, you also have the right to data portability and to lodge a complaint with your local data protection authority.
To exercise any of these rights, email privacy@aljenkins.tech.
6. Children's Privacy
Prompt Vault is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has submitted a prompt, contact us and we will remove it immediately.
7. Security
We protect submitted data using:
- HTTPS encryption for all data transmission
- Row-level security policies in the database
- IP hashing with a server-side secret salt
- Service role keys restricted to our moderation servers
- Automated content moderation on every submission
No system is 100% secure. If you believe a security incident has occurred, contact us immediately at security@aljenkins.tech.
8. Changes to This Policy
We may update this policy periodically. Material changes will be announced in the extension and via the "Last updated" date above. Continued use of the extension after changes constitutes acceptance of the updated policy.
9. Contact
For privacy questions, data requests, or concerns: