Privacy Policy

1. Who We Are

FixMyPrompt is a Chrome browser extension that helps users improve their AI prompts on ChatGPT and Claude. This Privacy Policy describes how FixMyPrompt ("we", "us", or "the extension") handles information when you use the extension.

2. What Data We Collect

Prompt text

When you trigger the improvement flow, your prompt text is transmitted to our backend API over an encrypted HTTPS connection solely to generate an improved version. This is the only data that leaves your device. It is processed in real-time and immediately discarded — it is never written to a database, log file, or any persistent storage.

Domain classification

Your prompt is classified into one of 8 categories (e.g. "technical", "creative_writing") to generate contextually relevant questions. This classification is performed entirely on your device and is never transmitted to our servers.

Browser local storage (on-device only)

The extension writes a small amount of state to your browser's local storage — specifically, whether the improvement balloon has already been shown in the current conversation, and the current conversation ID. This data never leaves your device and is automatically cleared when you start a new conversation.

3. How Data Is Handled

When you click "Improve" or answer questions in the FixMyPrompt flow, the following steps occur:

1. Your prompt text is sent to our backend API server via an encrypted HTTPS request.
2. The server forwards the prompt to the OpenAI API (GPT-4) to generate an improved version or clarifying questions.
3. The improved prompt is returned to your browser and displayed in the extension UI.
4. Your original prompt is immediately discarded from our server's memory — it is never written anywhere.

Our server is entirely stateless. It holds no user accounts, assigns no user IDs, and has no mechanism to associate any request with a specific person.

4. Data Storage

Our backend server

Retention period: zero. Prompt text is held in server memory only for the duration of a single API request (typically under 5 seconds) and is discarded immediately after the response is sent. No prompt data is written to disk, a database, or any external storage system.

Browser local storage

Retention period: session-scoped. The extension stores only a conversation state flag and conversation ID in your browser's local storage. This data remains on your device, is never transmitted, and is cleared automatically when you begin a new conversation.

Server infrastructure logs (Railway)

Our hosting provider (Railway) retains standard infrastructure logs — IP addresses, request timestamps, and HTTP response codes — for operational and security purposes. These logs do not contain prompt content and are retained according to Railway's privacy policy.

5. Data Security

We take the following measures to protect any data that passes through our systems:

• Encryption in transit: All communication between the extension and our backend API uses HTTPS (TLS encryption). Data is never transmitted over unencrypted connections.
• No persistent storage: Prompt text is never written to disk or a database, eliminating the risk of data breach from stored records.
• Stateless architecture: Our server does not maintain session state or user profiles, meaning there is no accumulated user data that could be exposed.
• No authentication tokens: The extension requires no login and stores no credentials, so there are no authentication secrets to compromise.

6. Data Sharing

We do not sell, rent, or trade your data. The only third parties that receive any data are:

OpenAI (prompt processing)

Your prompt text is shared with the OpenAI API for the sole purpose of generating an improved prompt — this is the core function of the extension. It is not shared for advertising, profiling, or any purpose unrelated to generating your improvement. OpenAI's handling of API data is governed by their API data usage policies. OpenAI does not use API inputs to train models by default.

Railway (infrastructure)

Our API is hosted on Railway's infrastructure. Railway receives standard server request metadata (IP address, timestamp, request size) as part of normal hosting operations. Railway does not receive prompt content. See Railway's privacy policy.

No other third parties receive any data from FixMyPrompt.

7. What We Do NOT Collect

• We do not collect your name, email address, or any account information
• We do not store your prompts or AI conversation history
• We do not track which websites you visit (beyond detecting chatgpt.com and claude.ai to activate the extension)
• We do not use cookies for tracking or analytics
• We do not collect IP addresses in a personally identifiable way
• We do not sell or transfer data to third parties for any purpose other than core functionality
• We do not use your data for advertising or user profiling
• We do not use third-party analytics services that track individual users
• We do not collect financial, health, or communications data of any kind

8. Children's Privacy

FixMyPrompt is not directed at children under 13 years of age. We do not knowingly collect any information from children under 13. If you believe a child under 13 has used the extension, please contact us and we will take appropriate action.

9. Your Rights

Because we do not collect or store personal data, there is no personal data to access, correct, or delete. If you have questions about this, please contact us at pvmstack@gmail.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the extension after changes constitutes your acceptance of the updated policy.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: pvmstack@gmail.com

Support page: fixmyprompt support