Privacy Policy

Account Information: When you create an account, we collect your email address, name, and authentication details.

Organization Information: We collect organization name, team structures, and member relationships for governance purposes.

AI Interaction Data: Our Chrome extension captures prompts sent to AI platforms (ChatGPT, Claude, Gemini, etc.) and responses received. This data is captured to provide governance visibility to your organization.

PII Detection Results: We process captured content to detect personal identifiable information (PII) such as emails, phone numbers, SSNs, and credit card numbers. Detection results are stored for compliance reporting.

Usage Metadata: We collect metadata about AI usage including timestamps, platform identifiers, and session information.

Our Chrome extension captures AI interactions to provide governance capabilities:

• • What We Capture: Prompts sent to supported AI platforms and responses received
• • What We Don't Capture: General browsing activity, passwords, or content from non-AI websites
• • Supported Platforms: ChatGPT, Claude, Gemini, Perplexity, Copilot, and other AI tools
• • Local Processing: PII detection runs locally before data transmission where possible

PromptRail retains audit data according to your organization's configured retention policy:

• • Free Tier: 30 days retention
• • Professional: Up to 90 days retention
• • Enterprise: Up to 365 days or custom retention

After the retention period, audit logs are automatically purged. Enterprise customers may request extended retention or early deletion.

AI interaction data captured by PromptRail is accessible to authorized members of your organization based on role permissions:

• • Owners/Admins: Full access to all audit logs and user data
• • Editors: Access to team-level dashboards and reports
• • Viewers: Read-only access to assigned reports

Important: If your employer uses PromptRail to monitor AI usage, your AI interactions may be visible to organization administrators. Please consult your employer's acceptable use policy.

We use the following third-party sub-processors to provide our Service:

• • Supabase: Database hosting and authentication (US/EU regions)
• • Vercel: Frontend hosting and edge functions
• • Render: Backend API hosting

We do not share captured AI interactions with third parties except as required to provide the Service or as required by law. We do not sell your data.

We implement industry-standard security measures to protect your data:

• • AES-256 encryption for data at rest
• • TLS 1.2/1.3 encryption for data in transit
• • Role-based access controls
• • Architecture designed for SOC2 compliance

Depending on your location, you may have the following rights:

• • Access: Request a copy of your personal data
• • Correction: Request correction of inaccurate data
• • Deletion: Request deletion of your personal data
• • Portability: Request export of your data in a standard format
• • Objection: Object to certain processing of your data

For organizational data requests, contact your organization's PromptRail administrator. For personal account requests, contact privacy@promptrail.io.

For users in the European Economic Area, we process data under the following legal bases:

• • Contract: Processing necessary to provide the Service
• • Legitimate Interest: Service improvement and security
• • Consent: Where specifically obtained (e.g., marketing)

Data Processing Agreements (DPAs) are available for Enterprise customers upon request.