Back to Home

Privacy Policy

Last updated: December 2024

2.1 Introduction

Welcome to Promptimizer. This Privacy Policy explains how we collect, use, disclose and safeguard information when you:

  • visit promptimizer.co (the "Site"), or
  • install or use the Promptimizer Chrome extension (the "Extension").

By accessing the Site or installing the Extension you acknowledge that you have read and understood this Policy.

2.2 Information We Collect

Category Details How Collected Purpose
Personal Data name, email, billing details (if you buy a subscription) user input via forms or Google OAuth consent screen account creation, payment processing
Technical Data browser type, OS, extension version, IP address automatic log files & analytics scripts service delivery, debugging
Usage Data feature interactions, clickstream, error reports in-extension telemetry & first-party cookies improve functionality & user experience
Limited Google API Data (if you opt-in) scopes explicitly shown in the OAuth consent screen (e.g., user profile) Google OAuth provide optional features; never sold or used for ads (see §2.4)

No sensitive categories (health, precise GPS, biometric, child-directed data) are intentionally collected.

2.3 How We Use Information

We process data only when we have a valid legal basis (GDPR Art. 6) and a defined business purpose, including:

  • Contractual necessity – operate the Extension, authenticate users, fulfil purchases.
  • Legitimate interest – prevent fraud, debug errors, compile aggregated statistics while respecting user rights.
  • Consent – send marketing emails, place non-essential cookies, access Google API scopes beyond minimum permissions.
  • Legal obligation – comply with accounting, tax or law-enforcement requests.

2.4 Sharing & Disclosure

We disclose data only:

  • to vetted service providers (e.g., cloud hosting, payment processors) under contracts meeting GDPR Art. 28 requirements;
  • to authorities when legally compelled;
  • during a corporate reorganisation, in line with Chrome Web Store Limited Use clause 4 (mergers/acquisitions).

We never sell personal information and we prohibit partners from using it for behavioural advertising.

2.5 Data Security

We maintain an Information Security Management System aligned with ISO/IEC 27001:2022 controls (access control, encryption, incident response) and the NIST CSF Protect & Detect functions. All data:

  • is encrypted in transit via HTTPS/WSS, satisfying Chrome Web Store requirements;
  • is encrypted at rest (AES-256 or RSA-2048 equivalent);
  • undergoes periodic penetration testing and least-privilege access review.

2.6 User Rights

Depending on your jurisdiction you may:

  • Access / Port your data (GDPR Art. 15; CCPA §1798.100).
  • Rectify inaccuracies (GDPR Art. 16).
  • Delete data ("right to delete" under CCPA; "right to erasure" under GDPR Art. 17).
  • Opt-out of sale/sharing (CCPA/CPRA §7026).
  • Object or restrict processing (GDPR Art. 21).

Submit requests via the methods in §2.10; we will verify identity and respond within statutory timeframes.

2.7 Cookies & Tracking Technologies

We use:

  • Strictly-necessary cookies – site security & login (no consent required).
  • Analytics cookies – first-party only; placed only after opt-in for EU users per ePrivacy Directive.

Your Choices: disable non-essential cookies via the banner or browser settings; withdrawing consent will not affect core functionality.

2.8 Children's Privacy

The Site and Extension are not directed to children under 13 (COPPA) nor knowingly collect data from them. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

2.9 Policy Updates

We may revise this Policy to reflect legal, technical or business changes. Material changes will be highlighted on the Site and, where required, we will obtain renewed consent. The "Last Updated" date appears at the top of this page.

2.10 Chrome Web Store User Data Policy Compliance

"The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements."

  • We request only the minimum permission set required for the Extension's single purpose, consistent with Developer Program Policies.
  • OAuth consent-screen accurately describes the data requested and purpose, as required by Google API Services User Data Policy.

Contact

For privacy concerns or questions, please open an issue on our GitHub repository.