Privacy Policy

Last Updated: November 13, 2025

Your Privacy is Our Priority

This Privacy Policy describes how Prompt Cheat ("we," "us," or "our") collects, uses, and protects your personal information when you use our Chrome extension. We are committed to transparency about our data practices and your rights.

1. Overview

Prompt Cheat is a Chrome extension designed to help you manage and organize your AI prompts. We take your privacy seriously and have designed our extension with a local-first architecture, meaning your data stays on your device by default.

Key Principles:

  • Local-First: All prompts are stored locally on your device by default
  • Optional Cloud Sync: Cloud synchronization requires explicit user sign-in
  • No Tracking: We do not track your browsing activity or use analytics
  • No Sale of Data: Your data is never sold or used for advertising

2. Third-Party Services: Firebase

We use Firebase, a third-party service provided by Google LLC, to enable optional cloud synchronization features. Firebase is used only when you explicitly sign in with your Google account.

2.1 Firebase Services Used:
  • Firebase Authentication: Manages secure Google Sign-In
  • Cloud Firestore: Stores your prompts and user profile when you choose to sync
2.2 Firebase Data Protection:

Firebase provides enterprise-grade security:

  • All data transmitted to Firebase is encrypted using HTTPS/TLS
  • Data stored in Firebase is encrypted at rest
  • Strict security rules ensure only you can access your data
  • Firebase complies with GDPR, CCPA, and other privacy regulations

Important: Firebase is only activated when you sign in. If you choose not to sign in, no data is ever sent to Firebase or any external servers.

For more information about Firebase's privacy practices, please visit: Firebase Privacy Policy

3. Information We Collect

Collection Summary

The data we collect depends entirely on whether you choose to sign in:

Without Sign-In

No personally identifiable information is collected. All data stays local on your device.

With Sign-In

We collect your Google Account information and sync your prompts to Firebase for cross-device access.

3.1 Personally Identifiable Information (PII)

When you sign in with Google, we collect the following Personally Identifiable Information for the sole purpose of authentication and account management:

  • Google Account ID: A unique identifier (Firebase UID) associated with your Google account
  • Email Address: Your Google account email address
  • Display Name: Your Google account display name
  • Profile Photo URL: Your Google account profile picture (if available)

Purpose of PII Collection:

This information is collected exclusively for authentication purposes to:

  • Verify your identity when you sign in
  • Associate your prompts with your account
  • Enable secure cross-device synchronization
  • Display your profile information in the extension
3.2 Website Content: Your Prompt Data

When you sign in and enable cloud sync, we collect and store your "Website Content" - specifically, the AI prompt templates you create, which may include:

  • Prompt Title: The name you give to each prompt
  • Prompt Content: The full text of your AI prompt templates
  • Categories and Tags: Organization metadata you assign
  • Variables: Template variables you define
  • Usage Metadata: Creation date, last modified date, and usage count

Purpose of Prompt Data Collection:

Your prompt data is stored on Firebase servers solely to provide the cloud synchronization feature, which allows you to:

  • Access your prompts across multiple devices
  • Automatically back up your prompt library
  • Sync changes in real-time across your devices
3.3 Technical Information

We automatically collect minimal technical information necessary for the extension to function:

  • Chrome Extension ID: A unique identifier for the extension installation
  • Timestamps: When prompts are created, modified, or synced
  • Sync Status: Whether cloud sync is enabled or disabled

We do NOT collect: Your browsing history, the content you type into AI platforms (ChatGPT, Claude, Gemini), cookies, IP addresses, device identifiers, or any analytics data.

4. How We Use Your Information

Explicit Data Use Declaration

Your data is used EXCLUSIVELY for the following purposes:

  • Authentication: To verify your identity when you sign in with Google
  • Synchronization: To sync your prompts across your devices via Firebase
  • Storage: To store your prompts securely in Firebase Firestore
  • Display: To show your profile information and prompts within the extension

We do NOT:

  • Sell your data to third parties or advertisers
  • Use your data for advertising or marketing purposes
  • Share your data with any third parties except Firebase (our service provider)
  • Analyze your prompts for any purpose unrelated to providing the sync feature
  • Train AI models or machine learning systems with your data
  • Use your data for research or product development

Your data is used strictly to operate the extension's core functionality. Nothing more, nothing less.

5. Data Storage and Security

5.1 Local Storage (Default)

By default, all your prompts are stored locally in your Chrome browser using Chrome's chrome.storage.local API. This data:

  • Remains on your device only
  • Is encrypted by Chrome's built-in security
  • Is never transmitted to any external servers
  • Can be deleted at any time by uninstalling the extension
5.2 Cloud Storage (Optional)

When you sign in, your data is stored in Firebase Cloud Firestore, a secure cloud database:

  • Encryption in Transit: All data is transmitted over HTTPS with TLS 1.2+ encryption
  • Encryption at Rest: Firebase encrypts all data stored in its databases
  • Access Control: Strict Firestore security rules ensure only you can access your data
  • Geographic Location: Data is stored in Firebase's secure data centers (location: United States)
5.3 Security Measures

We implement the following security measures to protect your information:

  • Firestore Security Rules: Each user's data is isolated; no cross-user access is possible
  • Content Security Policy (CSP): Prevents malicious script injection
  • No Inline Scripts: All code is externally loaded and auditable
  • Input Validation: All user inputs are validated to prevent injection attacks
  • OAuth 2.0: Secure authentication via Chrome Identity API with limited scopes
  • Token Management: Authentication tokens are handled securely by Chrome

Note: While we implement industry-standard security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously monitor and update our security practices.

6. Your Data Rights and Control

6.1 Access to Your Data

You have complete control over your data:

  • View: Access all your prompts at any time through the extension interface
  • Export: Export your entire prompt library in JSON format (feature available in the extension)
  • Edit: Modify any prompt content, categories, or tags whenever you want
  • Delete: Remove individual prompts or your entire library at any time
6.2 Cloud Sync Control

You can control cloud synchronization at any time:

  • Enable/Disable: Turn cloud sync on or off in the extension settings
  • Sign Out: Signing out stops all cloud synchronization immediately
  • Local-Only Mode: Use the extension without ever signing in to keep all data local
6.3 Data Deletion

You can delete your data at any time:

  • Local Data: Uninstall the extension to remove all local data
  • Cloud Data: Sign out and delete your account to remove all data from Firebase
  • Permanent Deletion: Deleted data is permanently removed and cannot be recovered

To request complete data deletion: Contact us at support@prompt-cheat.com with your account email, and we will delete all your data within 30 days.

6.4 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct any inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Restrict processing of your personal data
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time (by signing out)
6.5 CCPA Rights (California Users)

If you are a California resident, you have the following rights under CCPA:

  • Right to Know: Request information about personal data we collect, use, and disclose
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out: Opt-out of sale of personal data (Note: We do NOT sell personal data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

7. Data Sharing and Disclosure

Clear Declaration

We do NOT sell, rent, trade, or share your personal information with any third parties for their marketing or advertising purposes.

7.1 Service Providers

We share your data only with the following service provider necessary to operate the extension:

  • Firebase (Google LLC): Cloud storage and authentication service
    • Firebase processes data on our behalf under strict confidentiality obligations
    • Firebase is GDPR and CCPA compliant
    • Firebase's Privacy Policy: firebase.google.com/support/privacy
7.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal requests (subpoenas, court orders, etc.)
  • Protection of our legal rights or property
  • Prevention of fraud or illegal activity
  • Protection of the safety of our users or the public
7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you via email or prominent notice in the extension before your data is transferred and becomes subject to a different privacy policy.

8. Chrome Extension Permissions

Our Chrome extension requests the following permissions. Here's why we need each one:

Permission Purpose
storage Store your prompts locally on your device
activeTab Detect which AI platform you're using (ChatGPT, Claude, Gemini) to show the prompt library
identity Enable Google Sign-In for optional cloud synchronization
notifications Display sync status notifications (e.g., "5 prompts synced")
Host: chat.openai.com Inject prompt library UI into ChatGPT interface
Host: claude.ai Inject prompt library UI into Claude interface
Host: gemini.google.com Inject prompt library UI into Gemini interface
Host: *.googleapis.com Communicate with Google's authentication servers
Host: *.firebaseapp.com Communicate with Firebase for cloud storage and authentication

Important: We only use these permissions for the purposes stated above. We do NOT:

  • Read or collect the content of web pages you visit
  • Monitor your browsing activity
  • Access data from other websites or extensions
  • Capture what you type into AI platforms

9. Children's Privacy

Our extension is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@prompt-cheat.com, and we will delete such information immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. Specifically:

  • Firebase servers are located primarily in the United States
  • If you are located outside the United States, your data will be transferred to U.S. servers
  • Firebase complies with applicable data protection laws including GDPR
  • Data transfers are protected by Firebase's security measures and legal safeguards

By using our extension and signing in, you consent to the transfer of your information to the United States and other jurisdictions where Firebase operates.

11. Data Retention

We retain your data for as long as necessary to provide our services:

  • Local Data: Remains on your device until you uninstall the extension or clear browser data
  • Cloud Data: Stored in Firebase until you delete your account or request data deletion
  • Account Data: Retained while your account is active; deleted upon account deletion

Deletion Timeline: When you request data deletion, we will permanently delete all your data within 30 days. Backups may be retained for up to 90 days for disaster recovery purposes, after which they are permanently erased.

12. Cookies and Tracking Technologies

We do NOT use cookies or tracking technologies in our Chrome extension. Specifically:

  • No analytics cookies (we do not use Google Analytics or similar services)
  • No advertising cookies
  • No third-party tracking scripts
  • No session cookies

Firebase may use: Session tokens for authentication purposes. These are managed securely by the Chrome Identity API and Firebase Authentication and are not used for tracking.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • The "Last Updated" date at the top will be revised
  • Material changes will be notified via the extension (notification banner)
  • The updated policy will be posted at https://prompt-cheat.com/privacy-policy
  • Continued use of the extension after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Prompt Cheat Support

Email: support@prompt-cheat.com

Website: https://prompt-cheat.com

GitHub: https://github.com/AtaNexus

We will respond to all privacy-related inquiries within 30 days.

15. Compliance and Legal Framework

Our privacy practices comply with:

  • GDPR (General Data Protection Regulation) - EU privacy law
  • CCPA (California Consumer Privacy Act) - California privacy law
  • Chrome Web Store Developer Program Policies
  • Google API Services User Data Policy
  • Firebase Terms of Service

Privacy Policy Summary

What We Collect:

  • Google Account info (only when signed in)
  • Your prompt templates (synced to Firebase when signed in)
  • NO browsing history
  • NO analytics or tracking

Your Rights:

  • Access and export your data anytime
  • Delete your data permanently
  • Use offline without cloud sync
  • Full control over your privacy

Your data is never sold or used for advertising. Period.