Privacy Policy
PromptWake is local-first by design. On the free tier, your captured data never leaves your machine. This policy explains what we collect only when you opt into Pro cloud sync, what we never collect, how secret redaction works, and the rights you have over your data.
01The short version
- Free = 100% local. All captured data is stored only in a local SQLite database on your device (~/.promptwake). Nothing is transmitted to us, and no account is required.
- Secrets are never stored. Before any interaction is written — local or cloud — PromptWake automatically redacts detected API keys, tokens, passwords, private keys, and .env-style values.
- Pro is opt-in. Cloud sync only happens for Pro subscribers who sign in and choose to sync. You control what leaves your machine.
02What data we collect
We only collect personal data in connection with the Pro cloud service. If you never sign in, we collect nothing about your captured work.
- Account data. When you create an account, we collect your email address and authentication details. If you sign in with Google or GitHub OAuth, we receive basic profile information (name, email) from that provider.
- Captured interactions you choose to sync. For Pro subscribers, the prompts, AI responses, and file diffs you sync are mirrored to your cloud workspace — after secret redaction.
- Subscription & billing metadata. Plan, status, and billing records are processed through Dodo Payments. We receive subscription metadata; we do not store your full card number.
- Operational data. Minimal logs and diagnostics needed to run and secure the cloud service.
03What we do NOT collect
If you use the free, local tier, your captured content never leaves your device. We do not receive, see, or store your prompts, responses, or code. We do not sell your data, we do not use your captured code to train models, and we do not run advertising trackers.
04Secret redaction
Redaction is a core privacy guarantee, not an add-on. Before any interaction is persisted — in your local database or in a synced cloud workspace — PromptWake scans the content and strips or masks detected secrets, including API keys, access tokens, passwords, private keys, and .env-style values. Redacted values are replaced so the original secret is never written to disk or transmitted.
Redaction is best-effort and pattern-based; it may not catch every possible secret format, so we still recommend keeping secrets out of prompts where you can.
05How we use your data
For Pro accounts, we use the data above to:
- provide cloud sync so your history is available across your devices;
- authenticate you and secure your workspace;
- process subscriptions, trials, and billing through Dodo Payments; and
- operate, maintain, and improve the reliability and security of the Service.
Where required, our legal bases include performance of our contract with you, your consent (for optional sync), and our legitimate interest in operating a secure service.
06Sub-processors
We rely on a small set of trusted providers to run the cloud service. Free/local users are not affected by any of these.
- MongoDB Atlas — hosting and storage for Pro cloud workspaces.
- Dodo Payments — subscription and billing processing.
- Google & GitHub — OAuth sign-in, when you choose those methods.
07Data retention & deletion
Local users control retention entirely: your data lives in ~/.promptwake, and deleting that local database removes it. Pro users can delete workspace data or their entire account at any time from account settings; when you delete a workspace, we remove the associated synced interactions from active systems within a reasonable period, subject to short-lived backups and any legal retention obligations.
08Your rights
Depending on where you live, you may have rights under the GDPR, UK GDPR, CCPA/CPRA, and similar laws, including the rights to:
- Access the personal data we hold about you;
- Delete your account and synced workspace data;
- Export your data in a portable format;
- correct inaccurate data and object to or restrict certain processing.
To exercise any of these, email privacy@promptwake.com. We do not sell personal information.
09Security
We protect data with encryption in transit, secret redaction before storage, and access controls on our cloud infrastructure. No system is perfectly secure, but the local-first architecture means the most sensitive material — your actual code and prompts on the free tier — never leaves your machine in the first place.
10International transfers
Where Pro data is transferred across borders, we rely on appropriate safeguards, including the EU Standard Contractual Clauses, as described in our Data Processing Addendum.
11Children
PromptWake is a developer tool intended for professional use and is not directed to children. It is not intended for anyone under 16, and we do not knowingly collect personal data from them.
12Changes to this policy
We may update this Privacy Policy over time. Material changes will be reflected in the “Last updated” date above, and we will notify Pro account holders where appropriate.
For privacy questions, data requests, or to exercise your rights, contact our privacy team.
