Privacy Policy

Power Up Prompts — Chrome Extension
Last updated: April 5, 2026

1. What We Collect

We collect only what is necessary to provide the service:

• Email address — used for account creation and login.
• Password — stored as a secure bcrypt hash. We never store or see your plain-text password.
• Recovery PIN — stored as a secure bcrypt hash, used only for password reset.
• Prompts you submit — sent to our server for AI enhancement, then immediately discarded. We do not store or log your prompts.
• Usage counts — we track how many powerups you have used to enforce free-tier and subscription limits.

2. What We Do NOT Collect

• Browsing history or website content
• Personal or financial information beyond your email
• Cookies or tracking data
• Data from other tabs, pages, or extensions

3. How We Use Your Data

• Authentication — your email and password hash are used solely to sign you in.
• Prompt enhancement — your prompt text is sent to a third-party AI service (Groq) for processing. Groq's privacy policy applies to that processing. Prompts are not stored on our servers.
• Subscription management — we track whether you have an active subscription and your usage within rate limits.

4. Data Storage

• Account data is stored in a secure database hosted on Supabase (cloud PostgreSQL).
• Your login session token is stored locally in your browser using Chrome's chrome.storage.local API.
• No data is stored in cookies.

5. Third-Party Services

• Groq — processes your prompts for AI enhancement. Groq Privacy Policy
• Supabase — hosts our database. Supabase Privacy Policy
• Render — hosts our backend server. Render Privacy Policy

6. Data Sharing

We do not sell, trade, or share your personal information with any third parties for marketing or advertising purposes. Data is only shared with the third-party services listed above as required to operate the extension.

7. Data Retention

Your account data is retained as long as your account is active. You may request account deletion by contacting us at the email below. Upon deletion, all associated data will be permanently removed from our database.

8. Security

We use industry-standard security measures including encrypted connections (HTTPS), bcrypt password hashing, JWT authentication tokens, and rate limiting to protect against unauthorized access.

9. Your Rights

You may:

• Request a copy of the data we hold about you
• Request deletion of your account and all associated data
• Change your password or recovery PIN at any time

10. Changes to This Policy

We may update this policy from time to time. Changes will be reflected on this page with an updated date. Continued use of the extension after changes constitutes acceptance of the updated policy.

11. Contact

For questions or requests regarding your data, contact us at:
patvisto@gmail.com