Privacy Policy
Last updated: January 23, 2026
1. Introduction
The Prompt Fixer™ ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI prompt optimization service. Please read this policy carefully.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address and authentication data when you create an account
- Prompt Content: Prompts are processed transiently for optimization. We do not store, log, or retain your prompt content.
- Payment Information: Processed securely through Stripe; we never store full payment details
- Multi-Factor Authentication: If you enable MFA, we store encrypted TOTP secrets using AES-256-GCM encryption with per-user key derivation
2.2 Automatically Collected Information
- Usage Data: Features used, prompts generated (count only, not content), timestamps, subscription tier
- Device Identifier: A randomly generated device ID stored in localStorage to track daily usage limits
- Device Information: Browser type, operating system, device type
- Local Storage: Theme preferences only
- Session Information: For authenticated users, we track active sessions including browser, device type, and approximate location for security purposes
- Security Audit Logs: Authentication events, account changes, and security-related actions are logged for fraud prevention and security monitoring
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve our Service
- Process transactions and manage subscriptions
- Enforce usage limits based on subscription tier
- Send service-related communications and updates
- Respond to customer support requests
- Detect, prevent, and address technical issues and security threats
- Enforce rate limits and prevent abuse through Redis-based tracking
- Implement account lockout after failed login attempts for security
- Comply with legal obligations
3.5 Data Security Measures
We implement industry-standard security measures to protect your data:
Encryption
- TLS 1.3 encryption for all data in transit
- AES-256-GCM encryption for sensitive data at rest
- Per-user encryption key derivation using PBKDF2
- SHA-256 hashing for sensitive secrets
Authentication Security
- Optional TOTP-based Multi-Factor Authentication (MFA)
- Account lockout after 5 failed login attempts (15-minute cooldown)
- Session management with device tracking
- Password strength requirements with breach detection
Database Security
- Row Level Security (RLS) on all database tables
- Users can only access their own data
- Automatic backups with point-in-time recovery
- IP-based access restrictions available
4. Data Processing and AI Providers
To provide prompt optimization, we offer two processing modes:
Standard Mode (No AI Processing)
Standard Mode uses deterministic, rule-based prompt enhancement that runs entirely in your browser:
- No AI involved: Prompts never leave your browser for AI processing
- Template-based: Uses pre-built prompt templates and structural improvements based on proven prompt engineering patterns
- Deterministic: Same input always produces the same output
- Instant: No network latency - results appear immediately
Standard Mode applies best practices like adding role context, specifying output formats, breaking down complex requests, and structuring instructions clearly.
Smart Mode - Zero Data Retention (ZDR) Enabled
Smart Mode uses Anthropic Claude 4.5 Haiku through Vercel AI Gateway with Zero Data Retention enabled. This means:
- Your prompts are not used to train AI models
- Data is processed transiently and not retained after generating a response
- This protection applies to all users (free and paid)
- Anthropic (Claude 4.5 Haiku via Vercel AI Gateway): Prompts are processed with Zero Data Retention. Anthropic is a verified ZDR provider through Vercel AI Gateway, meaning your data is not retained or used for model training.
4.1 How Your Data Flows
You
Enter your prompt
TLS 1.3 Encryption
256-bit encryption in transit
Prompt Fixer Servers
Redis rate limiting, ZDR policy enforced
Vercel AI Gateway
ZDR routing enforced
Anthropic Claude
Process & immediately discard
Response Returns
24hr cache max, then deleted
You
Receive optimized prompt
4.2 Why Smart Mode?
We selected Claude 4.5 Haiku for optimal performance across key metrics:
- Speed: < 1 second typical response time vs 3-5s for larger models
- Cost-efficiency: Allows competitive pricing
- Quality: 95%+ optimization quality vs larger models
- Privacy: Full Zero Data Retention support
5. Data Sharing and Disclosure
We may share your information with:
- Service Providers: Third parties who assist in operating our Service (see Sub-processors below)
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets
6. Sub-processors
6.5 Infrastructure Resilience
Our data processing infrastructure is designed for high availability and data protection:
- Database Resilience: Automatic retry with exponential backoff for transient connection failures, ensuring your requests complete even during infrastructure maintenance
- Distributed Rate Limiting: Redis-based sliding window algorithm (Upstash) with in-memory fallback ensures fair usage while never blocking legitimate users
- Circuit Breaker Pattern: SDK includes automatic circuit breakers to prevent cascade failures and protect your integrations
- Fail-Open Design: Rate limiting and usage checks gracefully degrade to allow requests when backend services are temporarily unavailable
- Physical Backups: Daily physical database backups with point-in-time recovery capability
7. Your Rights
Depending on your location, you may have the right to:
- Access and receive a copy of your personal data
- Rectify inaccurate personal data
- Request deletion of your personal data
- Object to or restrict processing of your personal data
- Data portability
- Withdraw consent at any time
- View and revoke active sessions from your account settings
- Enable or disable Multi-Factor Authentication
To exercise these rights, contact us at privacy@thepromptfixer.com
8. Data Retention
- Prompts: Not retained (transient processing only)
- Account Data: Retained while account is active, deleted within 30 days of account closure
- Usage Statistics: Retained for 12 months for service improvement
- Device IDs: Retained for rate limiting purposes, reset daily at 1:00 AM PST
- Audit Logs: Retained for 90 days for security and compliance
- Session Data: Active sessions retained while logged in, inactive sessions expire after 30 days
- Failed Login Attempts: Cleared after 15-minute lockout period
9. Children's Privacy
The Prompt Fixer™ is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
For privacy-related questions or to exercise your rights:
- Email: privacy@thepromptfixer.com
- Security Issues: security@thepromptfixer.com