Privacy Policy

Effective: April 3, 2026

The short version: We don't store your conversations. We don't store your provider API keys. We collect the minimum data needed to operate the service (your email, usage metrics, and billing info via Stripe). Your message content passes through our system transiently and is never written to disk.

1. Scope

This Privacy Policy covers data collected by Prompt Crunch ("we", "us") through our website, API proxy service, and dashboard (collectively, the "Service"). It applies to data we collect as a data controller (your account and usage data).

For data that passes through our proxy on your behalf (conversation content, API requests/responses), we act as a data processor under your instructions. That data is processed transiently and not stored.

2. Data We Collect

Data type	Stored?	Retention	Purpose
Conversation content (prompts, messages, responses)	NO	Transient only (in-memory)	Processed for optimization, then discarded
Provider API keys (your Anthropic/OpenAI key)	NO	Not stored	Passed through to provider per-request
Email address, name	YES	Account lifetime + 30 days	Account management, verification, communication
Prompt Crunch API key	YES (hashed)	Account lifetime	Authentication (stored as SHA-256 hash, not plaintext)
Usage metrics (token counts, model, timestamps, savings)	YES	12 months rolling	Billing calculation, dashboard, service improvement
Payment information	NO (via Stripe)	Per Stripe's policy	Processed by Stripe; we never see or store card numbers
IP address	TRANSIENT	Request duration only	Rate limiting, abuse prevention

3. How We Use Your Data

Providing the Service: Processing API requests, optimizing token usage, forwarding to providers
Account management: Registration, email verification, authentication
Billing: Calculating savings, tracking credit usage, processing payments via Stripe
Dashboard: Displaying your usage statistics and savings
Service improvement: Aggregate, anonymized usage patterns to improve optimization
Security: Rate limiting, abuse prevention, fraud detection

We do not use your data for advertising, profiling, or selling to third parties.

4. Optimization Processing

To optimize your API requests, conversation messages may be processed through Anthropic's API as part of our optimization pipeline. This is a core part of how the Service works. During this process:

Your messages may be sent to Anthropic's API for optimization processing
Per Anthropic's API data policy, API inputs and outputs are not used for model training
Messages are processed in memory and not persisted to disk by Prompt Crunch
The optimized result is forwarded to your chosen provider, then discarded from our systems

5. Sub-processors

We use the following third-party services to operate Prompt Crunch:

Provider	Purpose	Data shared
Anthropic	Optimization processing	Conversation content (transient, per-request)
Your AI provider (Anthropic, OpenAI, etc.)	Forwarding optimized requests	Optimized messages + your provider API key
Stripe	Payment processing	Email, payment method details
Resend	Transactional email	Email address

We do not sell, rent, or share your personal data with any other third parties.

6. Data Security

Encryption in transit: All connections use TLS encryption
API key hashing: Your Prompt Crunch API key is stored as a SHA-256 hash, not in plaintext
No content storage: Conversation data is never written to disk
No provider key storage: Your AI provider API key is never stored
Payment security: All payment processing handled by PCI-compliant Stripe
Rate limiting: Built-in protections against abuse and brute-force attacks

7. Data Retention

Account data (email, name): Retained while your account is active. Deleted within 30 days of account closure.
Usage metrics (token counts, savings): Retained for 12 months on a rolling basis. Older data is automatically purged.
Conversation content: Not retained. Processed in memory per-request and immediately discarded.
Provider API keys: Not retained. Passed through per-request only.

8. Your Rights

All users

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Export your usage data via our API

EU/EEA residents (GDPR)

If you are in the European Economic Area, you additionally have the right to:

Restrict processing of your personal data
Object to processing based on legitimate interest
Data portability
Withdraw consent at any time
Lodge a complaint with your local data protection authority

Lawful basis: We process account data under contract performance (necessary to provide the Service). We process usage analytics under legitimate interest (improving the Service and calculating billing).

Data transfers: Our servers are located in the United States. By using the Service, data may be transferred to and processed in the US. We rely on Standard Contractual Clauses where required for EU-US data transfers.

California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect and how it's used
Request deletion of your personal information
Opt out of the sale of personal information (we do not sell your data)
Non-discrimination for exercising your rights

To exercise any of these rights, contact us at privacy@promptcrunch.dev.

9. Cookies

Prompt Crunch uses minimal cookies:

Authentication: Your API key is stored in your browser's localStorage (not a cookie) for dashboard access. This is local to your device and not sent to third parties.
No tracking cookies: We do not use advertising, analytics, or third-party tracking cookies.

10. Children's Privacy

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it.

11. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by GDPR. We will also notify relevant supervisory authorities where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the Service. The "Effective" date at the top indicates when the current version took effect.

13. Contact

For privacy-related questions or to exercise your data rights:

Email: privacy@promptcrunch.dev