Privacy Policy

Effective May 9, 2026

Data controller: Prompten is owned and operated by Banana Holdings LLC, a US-registered limited liability company. References to “we”, “us”, “our”, and “Prompten” in this policy mean Banana Holdings LLC, which is the data controller for the personal data described below. For privacy inquiries (including GDPR/CCPA access, correction, or deletion requests) contact us at the email at the bottom of this page.

Prompten takes a minimalist approach to data: we collect only what we need to run the service, we don't store the content of your prompts or AI responses, and we don't sell anything to anyone. This page describes exactly what happens to your data when you use our website or Chrome extension.

1. What we collect

Account information. When you sign up we collect your email address and either a password (hashed by our auth provider) or a Google account identifier if you sign in with Google. We assign you a user ID we use everywhere internally instead of your email.

Subscription information. If you subscribe to Pro, our payment processor (Stripe) handles your card details — we never see them. We store the resulting Stripe customer ID and subscription metadata (plan, status, renewal date).

Usage counters. We store the number of enhancements and clarifying-question rounds you use per UTC day (and per month for billing summaries) so we can enforce the Free-tier cap and bill Pro users correctly. We do not store the prompts themselves.

Operational logs. Our hosting provider records standard request logs (IP address, timestamp, response status, User-Agent) for a short period for security and debugging. We send anonymized error reports to our error-tracking provider so we can fix bugs.

2. What we don't collect

Prompt content. The text of your prompts, your answers to clarifying questions, and the enhanced output are forwarded to the LLM provider in the moment of the request and returned to you. They are not written to our database, not used to train models, and not retained beyond the duration of the request.

Browsing activity. The Chrome extension does not read or transmit anything from the page beyond the prompt text you have typed and explicitly clicked “enhance” on.

Analytics tracking. We do not currently use third-party analytics or ad-tracking cookies. If we add product analytics in the future we'll update this policy and use privacy-respecting tools (no cross-site tracking, no PII).

3. Third parties we share with

Running Prompten requires sending data to a small number of service providers, each scoped to a specific purpose:

• Supabase — authentication and database hosting (your account, sessions, subscription metadata).
• OpenAI — the LLM provider that performs the actual prompt rewriting. Your prompt text is sent here for the duration of the request. Per OpenAI's API terms, content sent via the API is not used to train their models.
• Stripe — subscription billing. Your card details go directly to Stripe and never touch our servers.
• Sentry — automated error tracking. Stack traces and request metadata are recorded; PII is filtered out.
• Vercel — hosting and CDN for our website and API.
• Resend — transactional email (e.g. legacy license-key delivery). Used only when you complete a purchase.

Each of these providers has its own privacy policy, accessible from their respective websites. We do not share your data with advertisers or data brokers.

4. Cookies

We use cookies for one purpose: keeping you signed in. Our auth provider sets a session cookie when you log in; deleting it logs you out. We don't set marketing or analytics cookies.

5. Your rights

You can sign out, change your password, or delete your account at any time from the account page. Deleting your account removes your user record, sign-in credentials, and usage counters. Stripe retains billing records as required by law (typically 7 years); ask us at the email below if you need them removed early.

If you're in the EU, UK, or California, you have additional rights under GDPR / CCPA: access, correction, portability, and erasure. Email [email protected] and we'll respond within 30 days.

6. Data retention

Account data: kept while your account is active, deleted on request. Usage counters: kept for the current and prior calendar month, then aggregated. Operational logs: typically 30 days. Subscription records: kept as required by tax law.

7. Security

We use industry-standard practices: TLS for all traffic, hashed passwords (or none, if you sign in with Google), short-lived authorization codes for the extension sign-in flow, and hashed session credentials at rest. We are a small team, not a large enterprise — if you spot a vulnerability please email us first instead of disclosing publicly.

8. Children

Prompten is not directed at children under 13. If you believe we've collected information from a child, contact us and we'll delete it.

9. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via the email on file or a banner on the site. The effective date at the top reflects the current version.

10. Contact

Questions, requests, or concerns: [email protected].