Privacy Policy β€” Promptector

A privacy-by-design Chrome extension that keeps secrets local.

Effective Date: October 1, 2025
Last Updated: October 1, 2025

Our Privacy Commitment

Promptector is built with privacy-by-design principles. We believe your sensitive data should never leave your device, and we've architected our extension to honor that commitment.

🎯 What Data We Process

Data We Process Locally (Never Transmitted)

  • Text content in form fields β€” Analyzed locally for secret patterns
  • Content-editable elements β€” Scanned locally for sensitive information
  • Clipboard content β€” Only when pasted into monitored fields

Data We Store Locally

  • Extension settings: Enable/disable state
  • Domain allowlist: Sites where you've chosen to skip warnings
  • Ignored detection rules: Types of secrets you've chosen to ignore

Data We NEVER Collect or Transmit

  • ❌ Your actual secrets, passwords, or API keys
  • ❌ Form content or submitted data
  • ❌ Browsing history or website visits
  • ❌ User behavior or analytics data
  • ❌ Device information or identifiers
  • ❌ IP addresses or location data

πŸ›‘οΈ How We Protect Your Privacy

1. Local-Only Processing

  • All secret detection occurs locally in your browser's JavaScript engine
  • Zero network requests β€” Our extension never connects to any server
  • No cloud processing β€” Your data never leaves your device
  • Immediate disposal β€” Processed text is discarded after analysis

2. Minimal Data Storage

  • Only essential settings are stored using Chrome's sync storage
  • No logs, analytics, or diagnostic data collection
  • Settings are stored in your Chrome profile only
  • No third-party storage services used

3. Open Source Transparency

  • Full source code available for independent security audits
  • No obfuscated or minified code that could hide malicious behavior
  • Community verification of our privacy claims
  • No binary dependencies or compiled components

πŸ“‘ Network Activity

Promptector makes ZERO network requests. Our extension:

  • ❌ Does not contact any remote servers
  • ❌ Does not send analytics or telemetry
  • ❌ Does not download updates automatically
  • ❌ Does not connect to third-party services

You can verify this by monitoring your browser's network activity while using Promptector.

πŸ” Permissions Explanation

Storage Permission

  • Purpose: Save your preferences locally
  • Scope: Only extension settings (on/off state, allowlist, ignored rules)
  • Data Type: Minimal configuration data only
  • Security: Stored in Chrome's secure storage, not accessible to websites

All URLs Permission

  • Purpose: Monitor form fields for secret detection
  • Scope: Read form input content for local analysis only
  • Limitations: Cannot access other browser data (history, bookmarks, cookies)
  • Security: Content is processed locally and immediately discarded

🌍 International Compliance

GDPR (European Union)

  • Legal Basis: Legitimate interest in protecting user security
  • Data Minimization: We collect only essential settings data
  • Right to Erasure: Uninstall the extension to remove all data
  • Data Portability: Settings can be exported from Chrome's extension management

CCPA (California)

  • No Sale of Data: We don't collect personal information, so none is sold
  • Right to Know: This policy details all data handling
  • Right to Delete: Uninstall removes all extension data

Other Jurisdictions
Promptector's privacy-by-design approach ensures compliance with global privacy laws by minimizing data collection and processing.

πŸ‘¨β€πŸ’» Developer Privacy Practices

  • Minimal data collection: Only what's absolutely necessary
  • Transparent practices: Open source code and clear documentation
  • Security focus: Regular security reviews and updates
  • User control: Settings to customize privacy preferences

πŸ” How to Verify Our Claims

Technical Verification

  1. Source Code Review: Examine all files for network calls or data collection
  2. Network Monitoring: Use browser DevTools to verify zero network activity
  3. Storage Inspection: Check Chrome's storage to see only settings data
  4. Permission Audit: Review exactly what browser permissions we request

Independent Verification

  • Source code is publicly available for security audits
  • Community members can verify our privacy claims
  • Bug bounty program for privacy-related issues
  • Regular third-party security assessments

πŸ“ž Contact & Data Subject Rights

Your Rights

  • Access: View stored settings in Chrome extension management
  • Rectification: Modify settings through the extension options
  • Erasure: Uninstall the extension to remove all data
  • Portability: Export settings from Chrome's sync storage

Contact Information

Email: canefecan@gmail.com
Security Issues: canefecan@gmail.com

Response Time
We respond to privacy inquiries within 72 hours and resolve issues within 30 days.

πŸ”„ Policy Updates

  • Notification: Users will be notified of material privacy policy changes
  • Effective Date: Changes take effect 30 days after notification
  • Archive: Previous versions of this policy are available upon request
  • Consent: Continued use implies acceptance of policy updates

πŸ§ͺ Third-Party Services

Promptector uses NO third-party services. We have eliminated all external dependencies to ensure complete privacy control.

🀝 Trust & Transparency

Our commitment to privacy is not just legal complianceβ€”it's fundamental to our mission. We believe security tools should enhance your privacy, not compromise it.

Audit Trail

  • Regular security reviews by independent experts
  • Community feedback incorporation
  • Transparent vulnerability disclosure
  • Open development process

Privacy by Design

  • Privacy considerations in every feature decision
  • Minimal viable permissions requested
  • Local-first architecture choices
  • User control over all data processing

Questions? We're committed to transparency. If anything in this policy isn't clear, please contact us. We're happy to explain our privacy practices in detail.