Privacy Policy

Privacy is our product, not a byproduct.

Last Updated: April 24, 2026

CleanPrompt is built so document content stays on your device during the redaction workflow. This policy explains what information we collect, what stays local, what limited metadata leaves the browser, and how we use and retain that information.
HomeSecurityTerms of Service

The Local-First Standard

Unlike traditional SaaS, CleanPrompt processes your documents locally in your browser. We do not transmit, store, or process the following on our servers:

  • Source document text
  • Imported document files
  • Extracted entities and spans
  • Redacted output text

What We Collect

The product is designed to avoid collecting document body content during redaction, but some account, billing, analytics, support, and admin metadata is processed to operate the service.

Account & workspace data

When you sign in or use account-backed features, we process your email address, Supabase user ID, workspace membership, role, and entitlement state needed to provide access.

Billing & subscription data

Stripe processes payment details. CleanPrompt stores Stripe-issued customer or subscription identifiers plus billing tier, billing interval, billing status, and seat counts needed to manage entitlements.

Operational product telemetry

Account flows can record limited operational metadata in Supabase-backed tables, including sign-in, checkout, billing portal, and account deletion events with fields such as provider, tier, billing interval, result, reason, and next or return path.

Sanitized redaction diagnostics

Supported local redaction failure states can record sanitized runtime diagnostics in Supabase-backed tables, such as browser family, OS family, source kind, pipeline stage, and coarse size buckets. These diagnostics exclude document text, spans, aliases, filenames, and exports.

Admin audit metadata

Supported admin flows can record metadata such as export type, file name, source file name, artifact hash, session ID, actor role, target email, or purchased seats. This is metadata, not document body content.

Contact submissions

When you use the homepage contact form, we collect your name, email address, optional company name, and message so we can respond.

Aggregate web analytics

We use Vercel Web Analytics for page-level usage and performance trends. Analytics events are sanitized to strip query strings and URL fragments before send, and the auth callback route is excluded.

How We Use Information

  • Provide sign-in, workspace access, team administration, and entitlement checks.
  • Process billing changes, Stripe checkout, billing portal access, and subscription state.
  • Respond to contact requests and deliver transactional email such as invitations or account notices.
  • Monitor service reliability, investigate failures, prevent abuse, and preserve admin auditability for supported account features.

Cookies & Browser Storage

Authentication cookies

Supabase uses cookies to keep signed-in sessions active.

Billing and checkout cookies

Stripe may use cookies during checkout and billing portal flows for fraud prevention and payment security.

Local browser storage

CleanPrompt currently stores a local post-edit rollout key in browser localStorage to keep client-side behavior stable across sessions.

The redaction workflow keeps document content in working memory rather than persisting it to application-managed localStorage or IndexedDB as part of document processing.

Third-Party Services

We rely on a small number of specialized providers to operate the product. Their role is limited to hosting, identity, billing, email, analytics, and spam prevention.

Supabase

Authentication, session state, account-backed product data, operational telemetry, and admin audit metadata.

Stripe

Payment processing, billing portal access, subscription records, invoices, and receipts.

Resend

Transactional email delivery for invitations, account notices, and homepage contact-form delivery.

Vercel

Application hosting and aggregate web analytics.

Cloudflare Turnstile

Spam protection on the marketing contact form. Verification requests can include the Turnstile token and client IP.

Retention & Deletion

Document content

By design, source document text, extracted spans, alias maps, and preview output are processed locally in the browser and are not sent to or processed on CleanPrompt servers as part of the redaction workflow.

Account and subscription metadata

Retained while needed to provide account access, billing state, and team administration.

Operational telemetry and diagnostics

User-linked operational events and sanitized redaction diagnostics are anonymized after successful self-service account deletion.

Exports and shared files

Once you download or share exported artifacts, their retention depends on your own device, storage provider, and sharing tools.

Billing records

Stripe retains billing records as required for payment operations, tax, and financial reporting.

Your Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, or receive a copy of your account data, or to object to or restrict certain processing. To exercise a request, email privacy@cleanprompt.app. We may need to verify your identity before acting on a request.

Children's Privacy

CleanPrompt is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.