Legal

Privacy Policy.

Last updated: April 13, 2026

Introduction

PromptOT is a prompt management platform that helps developers manage, version, evaluate, and deliver LLM system prompts via API. This Privacy Policy describes how we collect, use, and protect your information. By using PromptOT, you agree to the practices described in this policy.

Information We Collect

  • Account information — Your email address, display name, and profile information provided during sign-up.
  • Usage data — Pages visited, features used, session duration, browser type, device information, and interaction patterns.
  • Prompt content — The prompts, blocks, and variables you create and store on the platform. Stored encrypted at rest.
  • API usage logs — Request metadata including timestamps, endpoints accessed, API key identifiers (not the keys themselves), and response status codes.

How We Use Your Data

  • Service delivery — To operate the platform, authenticate sessions, compile and deliver prompts, and manage your organization.
  • Analytics — To understand how the platform is used, identify areas for improvement, and measure feature adoption.
  • Service improvement — To fix bugs, improve performance, develop new features, and enhance the overall user experience.

Third-Party Services

  • Supabase — Database hosting, authentication, and storage infrastructure.
  • Google Analytics — Web analytics to understand usage patterns and traffic sources.
  • Microsoft Clarity — Session replay and heatmaps to understand user interactions and improve UX.
  • OpenRouter — LLM processing for AI-powered features such as prompt rewriting and evaluation.

Each of these services has its own privacy policy. We encourage you to review their policies for details on how they handle data.

Free Tools

PromptOT offers free developer tools at promptot.com/tools that do not require an account:

  • Token Counter — Runs entirely in your browser. No data is sent to our servers.
  • Prompt Structurer & Quality Analyzer — Your prompt is sent to our server and forwarded to OpenRouter for AI processing. We do not store the raw prompt text. For abuse prevention, we log a SHA-256 hash, character length, and anonymized IP bucket. Logs retained for 30 days.
  • Bot protection — AI-powered free tools use Cloudflare Turnstile. Turnstile does not use CAPTCHAs and does not track users across sites.
  • Rate limiting — Free tools are rate-limited per IP address. No personal information is used for rate limiting.

Cookies

We use essential cookies to maintain your authentication session. We also use analytics cookies via Google Analytics 4 to collect anonymized usage data. You can control cookie preferences through your browser settings.

Data Security

All data is encrypted at rest and in transit. We implement strict access controls. API keys are hashed using SHA-256 and are never stored in plain text. For more details, visit our Security page.

Your Rights

  • Access — Request a copy of the personal data we hold about you.
  • Deletion — Request deletion of your account and associated data.
  • Export — Export your prompts, blocks, and project data at any time.
  • Correction — Update or correct inaccurate personal information.

To exercise any of these rights, contact us at privacy@promptot.com.

Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. API usage logs are retained for 90 days.

Children's Privacy

PromptOT is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. Your continued use of PromptOT after changes are posted constitutes your acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy, please contact us at privacy@promptot.com.