Does PrivacyPromptAI use cookies?

Privacy Policy — PrivacyPromptAI PII Redaction Tool

🔒 TL;DR: We don't collect, store, or transmit your data. Everything happens in your browser. We can't see your documents because they never reach our servers.

Our Commitment to Privacy

PrivacyPromptAI is built on a foundational principle: your data is yours, and yours alone. We don't collect it, we don't store it, and we don't transmit it. This isn't just a policy — it's our technical architecture.

Data Controller: PrivacyPromptAI, Str. Voronet, Bucharest, Romania — askandhelp@yahoo.com

Legal Basis for Processing (contact form only): Article 6(1)(b) GDPR — processing is necessary to respond to your request. No other personal data is processed by us.

Last updated: June 9, 2026

1. Data Processing

What We Process

All document processing happens locally in your web browser using JavaScript. When you paste text or upload a document:

The data never leaves your device
No network requests are made containing your content
Processing happens using your computer's resources
Results are displayed only to you

What We DON'T Process

We have zero access to:

Your documents or text content
Detected PII
Redacted versions of your documents
Custom keywords or settings you configure

2. Data We Collect

Contact Form

If you use the contact form, the information you submit (name, email address, message) is sent directly to our email inbox and is not stored in any database. It is used solely to respond to your enquiry.

Contact form submissions are processed by FormSubmit (formsubmit.co), a third-party email delivery service based in the United States. When you submit the form, your name, email address, message, and IP address are transmitted to FormSubmit's servers in order to deliver your message to us. FormSubmit does not store your data beyond what is necessary for delivery. By submitting the contact form, you acknowledge that your data will be processed by FormSubmit as described. See Section 4 for further details.

Web Server Logs

Our hosting provider (Namecheap) may log standard web server data — such as IP addresses and user agents — for security and performance purposes. This data is not linked to individuals, is not accessible to us in aggregate form, and is automatically purged after 30 days. We do not use it for any tracking or profiling.

We do NOT use Google Analytics, tracking pixels, advertising networks, or any third-party analytics service. We have no visibility into who visits our website or how they use it.

Google Fonts (Consent Required)

With your consent, we load Google Fonts from Google's servers for better typography. This connection to Google may transmit your IP address to Google. You can decline this in the cookie consent banner — typography will fall back to system fonts.

3. Cookies and Local Storage

Local Storage (No Cookies)

We use minimal localStorage (stored only on your own device, never transmitted to us) for essential functionality:

Consent Preference: Remembers whether you accepted or declined Google Fonts
Theme & Language: Stores your dark mode, compact mode, and language preferences
Pro Licence: If you validate a Pro licence, the key is saved locally so you don't have to re-enter it
Detection Settings: Your PII detection toggles (entity recognition, credit card patterns, custom keywords)

No tracking cookies. No third-party advertising cookies. No social media pixels. No data is ever transmitted from your localStorage to our servers.

4. Third-Party Services

Gumroad (Payment Processing)

If you purchase the Pro version, payment is handled by Gumroad. Their privacy policy applies: https://gumroad.com/privacy

FormSubmit (Contact Form Delivery)

Contact form submissions are routed through FormSubmit (formsubmit.co), a US-based email delivery service. When you submit the contact form, your name, email address, message, and IP address are transmitted to FormSubmit's servers solely for the purpose of delivering your message to us. FormSubmit does not use this data for advertising or profiling. As a US-based service, this constitutes a transfer of personal data outside the EEA. This transfer is necessary to fulfil your request to contact us (Article 6(1)(b) GDPR). For further information, see FormSubmit's privacy policy.

5. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), EU/EEA residents have the following rights regarding their personal data. Because PrivacyPromptAI processes no personal data from documents (all processing is local to your browser), most of these rights are not applicable in practice — but we document them fully for transparency and legal completeness.

Right to Access (Article 15): You may request a copy of the personal data we hold about you. In practice, the only data we may hold is a contact form message you submitted voluntarily.
Right to Rectification (Article 16): You may ask us to correct inaccurate personal data. Contact us at askandhelp@yahoo.com.
Right to Erasure / Right to be Forgotten (Article 17): You may request deletion of your personal data. If you submitted a contact form, we will delete that email from our inbox within 30 days of your request. No document data exists on our servers.
Right to Restriction of Processing (Article 18): You may ask us to restrict processing of your data while a dispute is being resolved.
Right to Data Portability (Article 20): Your document data never leaves your device, so there is nothing to port. Contact form data can be provided to you in a structured format on request.
Right to Object (Article 21): You may object to processing based on legitimate interests. You can disable Google Fonts and analytics via Settings.
Right to Withdraw Consent: Where processing is based on consent (e.g. Google Fonts), you may withdraw consent at any time via the Settings page without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection supervisory authority. In Romania, this is the ANSPDCP (National Supervisory Authority for Personal Data Processing). In the EU generally, you may contact your local Data Protection Authority (DPA).

Data Retention

We do not retain personal data from document processing — none is ever transmitted to our servers. Contact form submissions are retained in our email inbox for as long as necessary to respond and resolve the inquiry, and are deleted upon request or after 12 months, whichever is sooner. Server access logs (held by Namecheap) are automatically purged after 30 days.

International Data Transfers

Document processing occurs entirely within your browser. No document data is transferred internationally or to any third party. Where third-party services are used (Google Fonts, contact form email), these may involve transfers to servers outside the EU/EEA. Google operates under Standard Contractual Clauses (SCCs) approved by the European Commission. Namecheap is subject to applicable data protection frameworks for hosting providers.

To exercise any of your rights, contact us at: askandhelp@yahoo.com. We will respond within 30 days as required by GDPR Article 12.

6. Children's Privacy

PrivacyPromptAI does not knowingly collect data from children under 13 (or 16 in the EU). Our service is not directed at children, and no age verification is required because we don't collect personal data.

7. Changes to This Policy

We may update this policy to reflect changes in our practices or for legal reasons. Updates will be posted here with a new "Last updated" date. Continued use after changes constitutes acceptance.

8. Contact Us

For privacy questions or concerns:

Email: askandhelp@yahoo.com
Contact Form: Contact page
EU Online Dispute Resolution: ec.europa.eu/consumers/odr
Supervisory Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) — dataprotection.ro

Questions About Privacy?

We're committed to transparency and your data protection

Frequently Asked Questions — Privacy Policy

Almost none. The only personal data we receive is what you voluntarily submit via the contact form (name, email, message), which is sent to our inbox and not stored in any database. Your documents are never processed by us — all redaction happens locally in your browser. We use no analytics, no tracking pixels, and no advertising networks. See our compliance page → for the technical detail.

No cookies are set. We use browser localStorage — which stays entirely on your device and is never transmitted to us — to remember your preferences (theme, language, consent choice) and your Pro licence key. localStorage is not a cookie and is not covered by cookie consent regulations, though we disclose it transparently in our privacy banner and this policy.

Yes, though in practice there is very little to delete. If you have submitted a contact form message, you can request deletion of that email by contacting us at askandhelp@yahoo.com. We will delete it from our inbox within 30 days. No other personal data about you exists in our systems, because document processing never reaches our servers.