Privacy Policy

1. Who we are

PromptSpark is operated by Next Shape. For privacy inquiries or data-deletion requests, contact support@promptspark.app and include the email address tied to your account.

2. Data we collect

Account information — email address, display name, and authentication credentials (Google OAuth or email/password). When you connect the Chrome extension, a time-limited authentication token (JWT) is stored locally in the browser via chrome.storage.local.

Prompt content — the text you type, paste, or dictate into PromptSpark or into a supported AI platform (ChatGPT, Claude, Gemini, Perplexity, Cursor) while the Chrome extension is active. This text is sent to our server for enhancement or evaluation when you click the Spark or Evaluate button.

Voice and audio — when you use the voice-input feature, the extension may access your microphone. On browsers that support the Web Speech API, audio is processed locally by the browser and only the resulting text transcript is sent to our server. On browsers without Web Speech API support (e.g. Brave), the recorded audio is sent to our server for transcription via a third-party speech-to-text service, then immediately discarded after the transcript is returned.

Usage statistics — the extension tracks how many times you use each enhancement mode (Primer, Amplifier, Mastermind) as anonymous counters stored locally. These counters are included in the uninstall-survey URL so we can understand which features are most used. No browsing history, page content, or personal identifiers are included.

Local preferences — theme (light/dark), language selection, dock position per platform, and onboarding status. These are stored in chrome.storage.local and never leave your device.

Billing information — if you subscribe to a paid plan, payment details are collected and processed by Stripe. PromptSpark does not store credit card numbers.

Technical and operational data — server logs, IP addresses, browser type, and error reports used to operate and secure the service.

3. How we use your data

Authentication — to verify your identity and authorize API requests from the web app and Chrome extension.

Service delivery — to enhance, evaluate, save, and organize your prompts. Prompt text is processed by the Anthropic Claude API on our server and returned to you.

Voice transcription — to convert speech to text so it can be inserted or enhanced as a prompt. Audio sent to our server is used only for transcription and is not retained.

Usage analytics — anonymous mode counters help us understand feature adoption and prioritize development. We do not build advertising profiles or sell data.

Billing — to process payments, manage subscriptions, and enforce plan limits via Stripe.

Security and abuse prevention — to detect and prevent unauthorized access, spam, or misuse of the service.

4. Third-party services

Anthropic (Claude API) — processes prompt text for enhancement and evaluation. Anthropic's data handling is governed by their API terms at anthropic.com/policies.

Supabase — hosts our PostgreSQL database with row-level security. Data is stored in the EU or US depending on the project configuration.

Stripe — processes payments. Stripe's privacy policy applies to all billing data: stripe.com/privacy.

Vercel — hosts the web application. Server logs may include IP addresses and request metadata.

We do not sell, rent, or share your personal data with advertisers or data brokers.

5. Chrome extension permissions

activeTab — allows the extension to detect the text-input field on the currently active AI-platform tab so it can read and replace prompt text when you click Spark or Evaluate.

storage — stores your authentication token, preferences (theme, language, dock position), onboarding status, and anonymous usage counters locally in the browser.

contextMenus — provides right-click menu items ("Spark this selection" and "Save selection to library") on supported AI platforms.

Host permissions (chatgpt.com, claude.ai, gemini.google.com, perplexity.ai, cursor.com, promptspark.app) — required to inject the floating toolbar and read/write the composer field on each supported platform, and to run the authentication bridge on promptspark.app.

6. Data storage and security

All data transmitted between the extension, the web app, and our servers is encrypted via HTTPS/TLS.

Authentication tokens stored in chrome.storage.local include an expiration timestamp and are automatically cleared when expired. You can disconnect the extension at any time from the popup menu.

Server-side data is stored in Supabase PostgreSQL with row-level security policies that restrict access to the owning user. Access to production systems is restricted by role.

7. Data retention and deletion

Prompt content is retained in your library until you delete it. You can delete individual prompts, folders, context genies, and snippets from the web app at any time.

Voice audio sent for Whisper transcription is processed in memory and discarded immediately after the transcript is returned. We do not store audio recordings.

Local extension data (token, preferences, usage counters) is removed when you uninstall the extension or click Disconnect in the popup.

To request full account deletion, email support@promptspark.app. We will delete your account and all associated data within 30 days.

8. Your rights

You have the right to access, correct, export, or delete your personal data. You can manage most of this directly from the web app (Settings > Account).

You can revoke microphone access at any time through your browser's site-permission settings.

You can disconnect the Chrome extension from the popup menu, which clears all stored tokens and preferences.

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR, including the right to lodge a complaint with your local data-protection authority.

9. Children's privacy

PromptSpark is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact support@promptspark.app and we will delete it.

10. Chrome Web Store Limited Use disclosure

PromptSpark's use of information received from Chrome APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically: data obtained through Chrome APIs is used only to provide and improve the extension's stated functionality, is not transferred to third parties except as needed to provide the service, is not used for advertising or sold to data brokers, and is not used for creditworthiness or lending purposes.

11. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you via email or a notice in the web app. Continued use of PromptSpark after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy questions, data-access requests, or deletion requests, email support@promptspark.app. Include the email address associated with your account so we can locate your data.