Privacy Policy

Last updated: March 2026

        Summary: PromptGnome runs entirely on your device. We do not collect, transmit, store, or have access to any of your data. Period.
      

1. What data does the extension process?

PromptGnome scans the text of messages you type into supported AI chatbot websites (ChatGPT, Claude, Gemini, and others) to detect personally identifiable information (PII) such as email addresses, phone numbers, Social Security numbers, credit card numbers, and API keys.

All processing happens locally on your device. Your message text is analyzed in-browser using pattern matching (regex) and is never transmitted to any external server.

2. What data is stored?

User preferences (chrome.storage.sync): Your settings such as which PII types to detect and which providers to monitor. These sync across your Chrome instances via your Google account, as is standard for Chrome extension settings.
Aggregate statistics (chrome.storage.local): Counts of messages scanned and PII items detected, grouped by date. These are numbers only — no message content is ever stored.
Audit log (chrome.storage.local): Records of detection events including timestamp, provider name, PII type detected, and action taken. The audit log never contains the actual PII values — only the type (e.g., "EMAIL") and action (e.g., "warned").

3. What data is NOT collected?

We do not collect or transmit your messages, conversations, or any text you type.
We do not collect or transmit detected PII values.
We do not use analytics, telemetry, tracking pixels, or any third-party data collection.
We do not make any network requests except for: (a) license verification via ExtensionPay for Pro subscribers, and (b) NER model download from Hugging Face CDN for Pro users (one-time download, cached locally).
We do not access your browsing history, bookmarks, or any data outside the supported AI chatbot websites.

4. Host permissions

The extension requests permission to access specific AI chatbot websites (chatgpt.com, claude.ai, gemini.google.com, etc.) solely to inject the content script that detects PII in your messages. We do not request broad permissions like "all URLs" and we do not read or modify any data on these sites beyond the PII detection function.

5. Encryption

For Pro users who use the auto-anonymization feature, the mapping between original PII values and placeholder replacements is encrypted using AES-256-GCM with keys derived via PBKDF2. Encryption keys are stored in session-only storage and are automatically cleared when you close your browser. Encrypted mappings expire after 24 hours.

6. Software license

PromptGnome is closed-source private software that is free to use. All PII detection and processing happens locally in your browser.

7. Children's privacy

This extension is not directed at children under 13. We do not knowingly collect any data from children.

8. Changes to this policy

We will update this page if our privacy practices change. The "last updated" date at the top reflects the most recent revision.

9. Contact

Questions about this privacy policy? Contact us at privacy@promptgnome.com or visit our contact page.