Privacy
How PromptHush handles your data, what we collect, and how we keep it safe.
PromptHush helps identify sensitive content before you send prompts to AI tools. Detection and redaction are designed to happen locally in your browser extension. We do not need the original prompt text to provide account, billing, credit, or usage features.
We collect account information such as email address, authentication provider, subscription status, credit balance, and high-level usage counters such as scans, findings, blocked sends, redactions, and overrides.
Before a paid subscription checkout, we record Terms of Service acceptance details including timestamp, selected plan, IP address, hashed IP address, user agent, language, origin, referrer, selected request headers, and the related Stripe Checkout session identifier when available.
For abuse prevention, we may store hashed signals such as normalized email, device or install identifiers, IP-derived rate-limit hashes, and extension session token hashes.
PromptHush is built around a local-first model. Your original prompt text and detected sensitive values should stay on your device. Server-side records use counts, statuses, and idempotency keys rather than the prompt content itself.
Payments and subscription management are handled by Stripe. We store Stripe customer, price, subscription, checkout session, Terms acceptance, and billing status identifiers needed to manage your plan. We do not store full payment card numbers.
We use collected information to authenticate users, provide extension sessions, enforce monthly scan credits, prevent abuse, process subscriptions, show dashboard usage, and improve reliability and security.
We do not sell personal information. We share data with service providers only as needed to operate PromptHush, such as Supabase for authentication/database infrastructure and Stripe for billing.
We use server-side authentication checks, row-level security, service-role-only operations for sensitive backend tasks, hashed tokens, and rate limits for abuse-prone endpoints. No system is perfect, so avoid entering secrets unless PromptHush has flagged and redacted them locally.
You can sign out, stop using the extension, cancel paid plans through the billing portal, or contact support to request account deletion or data access where required by law.
For privacy questions, contact the PromptHush operator at support@prompthush.com.