What is The Prompt Fixer?

The Prompt Fixer is an AI-powered tool that transforms your basic prompts into expert-level prompts, helping you get better results from any AI assistant like ChatGPT, Claude, or Gemini.

How does prompt optimization work?

Our AI analyzes your prompt for clarity, specificity, context, and structure, then rewrites it using proven prompt engineering techniques to get you better responses from AI assistants.

How much does The Prompt Fixer cost?

Basic is $5/month for 5 AI optimizations per day. Pro is $9/month for unlimited access. Both plans include a 3-day free trial.

Data Processing Agreement | The Prompt Fixer™

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between The Prompt Fixer™ ("Processor", "we", "us") and the organization or individual using our services ("Controller", "you") for the processing of personal data in connection with The Prompt Fixer™ service.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
"Sub-processor" means any third party engaged by the Processor to process Personal Data.
"Data Subject" means the individual to whom Personal Data relates.
"Zero Data Retention (ZDR)" means processing where data is not stored or retained after the immediate processing operation is complete.
"Encryption at Rest" means data encrypted when stored on disk or in databases.

3. Scope of Processing

3.1 Categories of Data Subjects

Users of the Controller's organization who access The Prompt Fixer™
Individuals whose information may be included in prompts submitted by users

3.2 Types of Personal Data

Account information (email address)
Usage data (feature usage, timestamps)
Content data (prompts and outputs, if stored)
Technical data (IP address, device information, user agent)
Authentication data (hashed passwords, encrypted MFA secrets)
Session data (active sessions, device fingerprints)
Audit logs (authentication events, security-related actions)

3.3 Purpose of Processing

Personal Data is processed solely for the purpose of providing The Prompt Fixer™ service, including prompt optimization, account management, security monitoring, and service improvement.

4. Processor Obligations

The Processor agrees to:

Process Personal Data only on documented instructions from the Controller
Ensure persons authorized to process Personal Data are bound by confidentiality obligations
Implement appropriate technical and organizational security measures
Not engage Sub-processors without prior authorization (see Section 6)
Assist the Controller in responding to Data Subject requests
Delete or return all Personal Data upon termination, at the Controller's choice
Make available information necessary to demonstrate compliance
Maintain audit logs of data processing activities for 90 days
Implement and maintain encryption for sensitive data at rest and in transit

5. Security Measures

The Processor implements the following security measures:

Encryption of data in transit (TLS 1.3)
Encryption of data at rest (AES-256)
Additional AES-256-GCM encryption for sensitive user data with per-user key derivation (PBKDF2)
Access controls and authentication (Supabase Auth)
Multi-Factor Authentication (TOTP-based) support
Row Level Security (RLS) for data isolation on all database tables
Account lockout after failed login attempts
Session management with device tracking and remote revocation
Redis-based rate limiting to prevent abuse
Input validation and sanitization (XSS, SQL injection prevention)
Regular security assessments
Incident response procedures
Comprehensive audit logging

6. Sub-processors

The Controller authorizes the use of the following Sub-processors:

Supabase Inc.

Database hosting, authentication, and prompt history storage for logged-in users. SOC 2 Type II certified. Location: United States/EU.

Vercel Inc.

Application hosting, content delivery, and AI Gateway services. SOC 2 Type II + ISO 27001 certified. Location: Global (edge network).

Stripe Inc.

Payment processing. PCI DSS Level 1 certified. Location: United States.

Anthropic PBC

AI processing via Anthropic Claude 4.5 Haiku through Vercel AI Gateway with Zero Data Retention (ZDR) enabled. Anthropic is a verified ZDR provider - data is processed transiently and not retained after response generation. Anthropic does not use ZDR-enabled API data for model training. SOC 2 Type II certified. Location: United States.

Upstash Inc.

Redis-based rate limiting, session caching, and temporary data storage. SOC 2 Type II certified. Data is ephemeral and automatically expires. Location: Global (serverless edge).

The Processor will notify the Controller of any intended changes to Sub-processors, providing the Controller an opportunity to object.

7. Data Subject Rights

The Processor will assist the Controller in fulfilling Data Subject requests including: access, rectification, erasure, restriction, portability, and objection. Requests should be submitted to privacy@thepromptfixer.com.

Self-Service Options: Users can manage their data directly through account settings, including viewing active sessions, enabling/disabling MFA, and deleting their account.

8. Data Breach Notification

The Processor will notify the Controller without undue delay (and in any event within 72 hours) upon becoming aware of a Personal Data breach. Notification will include the nature of the breach, categories of data affected, likely consequences, and measures taken to address the breach.

9. International Transfers

Personal Data may be transferred to countries outside the European Economic Area. Such transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, or other legally recognized transfer mechanisms.

10. Data Retention

Personal Data is retained only for as long as necessary to provide the service:

Prompts: Not retained (Zero Data Retention via AI Gateway)
Account Data: Retained while account is active, deleted within 30 days of account closure
Audit Logs: 90 days for security and compliance purposes
Session Data: Active sessions retained while logged in, inactive sessions expire after 30 days
Rate Limit Data: Temporary, expires within 60 seconds to 1 month depending on type
Failed Login Attempts: Cleared after 15-minute lockout period

11. Audit Rights

The Processor will make available to the Controller all information necessary to demonstrate compliance with this DPA. The Controller may conduct audits, either directly or through an appointed third-party auditor, with reasonable notice and during normal business hours.

12. Liability

Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service. Nothing in this DPA limits either party's liability for breaches of data protection law or for gross negligence or willful misconduct.

13. Term and Termination

This DPA remains in effect for the duration of the Controller's use of The Prompt Fixer™ services. Upon termination, the Processor will delete all Personal Data within 30 days unless instructed otherwise or required by law to retain it.

14. Contact

For questions about this DPA or to request a signed copy, contact: privacy@thepromptfixer.com