Privacy Policy
1. Our Privacy Commitment
Ultra Prompt was built on a simple belief: your data is yours. We collect only what we need to run the service, we do not sell your information, and we've designed the platform so your most sensitive data — your API keys and the prompts you generate — is not collected or stored by Ultra Prompt LLC. API calls pass through a Cloudflare CORS proxy operated on our behalf, but that proxy is not designed to log or retain your keys or prompt content.
This Privacy Policy explains what information Ultra Prompt LLC ("we," "us," or "our") collects from users of Ultra Prompt, how we use it, who we share it with, and what choices you have. It applies to all users of ultraprompt.co and related services.
By using Ultra Prompt, you agree to the collection and use of information as described in this policy.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (stored as a secure hash — we never see your actual password)
- Display name (if provided)
- Account creation date and last login date
Usage Data
To improve the product and understand how it's being used, we collect:
- Number of prompt generations (to enforce free tier limits and track usage)
- Feature usage patterns (which tools and template categories are used)
- Subscription tier and billing status
- General session activity (login/logout events, session duration)
Communications
If you contact us through the contact form or by email, we retain those communications to respond to your inquiry and improve our support.
If you submit your email address through our email capture form, we store it for the purpose of sending product updates, feature announcements, and marketing communications. You may unsubscribe at any time.
Technical Data
Like most web services, we may collect basic technical data including:
- Browser type and version
- Operating system
- IP address (used for security and analytics — not linked to personal profiles)
- Referring URL and pages visited within the site
3. What We Do NOT Collect
This section is important. Ultra Prompt is architecturally designed so that your most sensitive data never reaches us.
| Data Type | Collected by Us? | Why Not |
|---|---|---|
| API Keys (Anthropic, OpenAI, Grok, Gemini, etc.) |
Not collected | Stored in your browser's local storage only. Not collected or stored by Ultra Prompt LLC. API requests pass through a Cloudflare CORS proxy that is not designed to log or retain key values. |
| Prompt Content (what you type or generate) |
Not collected | Prompts are generated and stored locally in your browser. Ultra Prompt LLC does not collect or store prompt content. AI requests pass through a Cloudflare CORS proxy not designed to log content. |
| Payment Card Details | Not collected | All payment processing is handled by Stripe. We receive only a transaction confirmation — never your card details. |
| AI Model Responses | Not collected | API calls are routed through your browser and a Cloudflare CORS proxy to your AI provider. Ultra Prompt LLC does not store or log AI model responses. |
| Biometric Data | Never | We do not use facial recognition, fingerprinting, or any biometric systems. |
4. How We Use Your Information
We use the information we collect for the following purposes:
To Provide the Service
- Create and manage your account
- Enforce free tier usage limits and subscription access
- Process payments and manage billing
- Respond to support inquiries
To Improve the Product
- Understand which features are most used and most valuable
- Identify performance issues and bugs
- Inform decisions about new features and the product roadmap
To Communicate With You
- Send transactional emails (account creation, password reset, billing receipts)
- Send product update notifications and feature announcements
- Send marketing communications (only with your consent; opt-out available at any time)
For Security & Legal Compliance
- Detect and prevent fraud, abuse, and unauthorized access
- Comply with applicable laws and legal obligations
- Enforce our Terms of Service
5. Analytics & Cookies
Analytics Tools
We use Google Analytics to understand how visitors interact with our website — including which pages are visited, how long users stay, and where traffic comes from. Google Analytics collects anonymized usage data through cookies. You can opt out of Google Analytics by using the Google Analytics Opt-Out Browser Add-on.
Cookies
We use cookies and similar tracking technologies to:
- Maintain your login session
- Remember your preferences
- Collect analytics data as described above
You can control cookies through your browser settings. Disabling cookies may affect your ability to log in and use certain features.
Email Communications
Our marketing emails may include standard tracking pixels that indicate whether an email was opened and whether links were clicked. This helps us understand engagement and send more relevant communications. You can opt out of all marketing emails at any time using the unsubscribe link included in every email. If you wish to opt out of email tracking only (receiving emails without open/click tracking), you may request this by contacting us at support@ultraprompt.co.
6. Third-Party Services
Ultra Prompt integrates with the following third-party services, each with their own privacy practices:
Supabase
We use Supabase for user authentication and database storage. Your account information (email, password hash, usage data) is stored in Supabase's infrastructure. Supabase is SOC 2 compliant and stores data on AWS infrastructure. Supabase Privacy Policy →
Stripe
Payments are processed by Stripe. When you subscribe to a paid plan, your payment information is entered directly into Stripe's secure form — we never receive or store your card details. Stripe is PCI DSS Level 1 compliant. Stripe Privacy Policy →
Cloudflare
We use a Cloudflare Worker as a transparent CORS proxy to enable Claude (Anthropic) API calls from the browser. This proxy forwards requests to Anthropic's servers without logging or storing your API keys or prompt content. Cloudflare may collect standard network traffic data. Cloudflare Privacy Policy →
Google Analytics
As described in Section 5, we use Google Analytics to understand site usage. Data is anonymized and used only for analytics purposes. Google Privacy Policy →
AI Providers (User-Connected)
When you connect your own API keys to Ultra Prompt, your prompts are sent directly from your browser to those providers (Anthropic, OpenAI, xAI, Google, Perplexity, or local Ollama instances). We are not party to those data transfers. Each provider's own privacy policy governs how they handle your prompt data.
7. Data Sharing & Selling
We do not sell, rent, or trade your personal information to any third party. This is a founding principle of how Ultra Prompt operates. In the event of a business transfer or acquisition, we will notify you before your information becomes subject to a different privacy policy, and you will have the opportunity to delete your account.
We may share your information only in the following limited circumstances:
- Service Providers: With trusted third-party vendors (Supabase, Stripe, Cloudflare, Google Analytics) solely to the extent necessary to provide the service, as described in Section 6.
- Legal Requirements: If required by law, court order, or government authority, we may disclose information as legally obligated.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
- With Your Consent: For any other purpose, only with your explicit prior consent.
8. Data Security
We take reasonable technical and organizational measures to protect your information from unauthorized access, loss, or disclosure. These measures include:
- HTTPS encryption for all data in transit
- Passwords stored using industry-standard hashing (handled by Supabase)
- API keys stored only in your browser's local storage — never on our servers
- Regular review of access controls and security practices
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
9. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the service. Specifically:
- Account data is retained while your account is active and for up to 12 months after deletion to comply with legal obligations, unless a longer period is required by applicable law
- Usage data is retained for up to 24 months for analytics and product improvement purposes
- Email communications are retained for up to 36 months to manage your preferences and support history, or until you request deletion
- Billing records are retained for the period required by tax and accounting laws
When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
10. Your Rights
You have the following rights regarding your personal information. To exercise any of these rights, contact us at support@ultraprompt.co.
Access
You may request a copy of the personal information we hold about you.
Correction
You may request that we correct inaccurate or incomplete information.
Deletion
You may request deletion of your account and associated personal data. We will process deletion requests within 30 days.
Opt-Out of Marketing
You may opt out of marketing emails at any time using the unsubscribe link in any email, or by contacting us directly. Note: you cannot opt out of transactional emails (billing receipts, security alerts) while your account is active.
Data Portability
You may request a machine-readable export of your account data.
California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, and the right to opt out of its sale or sharing. As stated in Section 7, we do not sell or share personal information. You also have the right not to receive discriminatory treatment for exercising any of these rights — we will not deny service, charge different prices, or provide a lower quality of service based on your exercise of CCPA rights.
European Users (GDPR)
If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to object to processing, restrict processing, and lodge a complaint with your local supervisory authority. Our legal bases for processing your personal data are as follows: account information and billing data are processed on the basis of contract performance; usage data and analytics are processed on the basis of legitimate interest in improving and operating the service; marketing communications are processed on the basis of consent, which you may withdraw at any time. Ultra Prompt LLC does not currently maintain an EU/UK representative or Data Protection Officer, as we do not systematically offer services to EU residents or engage in large-scale processing of EU personal data. If this changes, we will update this policy accordingly. Businesses requiring a Data Processing Agreement (DPA) for GDPR compliance may request one at support@ultraprompt.co.
11. Minors
Ultra Prompt is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@ultraprompt.co and we will delete that information promptly.
If a minor under the age of 16 accesses Ultra Prompt by misrepresenting their age, any personal information collected as a result of that misrepresentation was obtained without our knowledge or consent. Upon discovery, we will delete any such information. Ultra Prompt LLC bears no liability for the collection of a minor's information where access was obtained through age misrepresentation. Parents and legal guardians are responsible for supervising minors' use of online services. Please refer to Section 2 of our Terms of Service for the full age misrepresentation clause.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page.
For significant changes, we will notify registered users by email at least 30 days before the changes take effect. Your continued use of Ultra Prompt after the effective date of any changes constitutes your acceptance of the revised policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:
- Email: support@ultraprompt.co
- Company: Ultra Prompt LLC
- Website: ultraprompt.co
We aim to respond to all privacy inquiries within 5 business days. For data deletion requests, we will confirm receipt within 2 business days and complete the request within 30 days.