Privacy Policy

Effective: 2026-05-11 · Last updated: 2026-05-11 · Operator: [OPERATOR LEGAL ENTITY NAME — fill in before launch].

The short version

• Open-source Prompty (OSS) processes everything locally on your machine.
• If you opt into Cloud tier, audio + transcripts pass through api.prompty.khalo.org on their way to Anthropic + OpenAI. We do NOT store them.
• We store: your email, your plan, your hashed API key, and metadata-only audit log entries (provider, model, token counts, latency, timestamp).
• No third-party trackers. No advertising. No data sale.
• You can delete your account + audit log at any time by emailing hello@prompty.khalo.org.

What we collect

OSS side (your machine)

Nothing leaves your machine unless you've configured a non-host LLM driver (Anthropic, OpenAI, Cloud) — in which case the request goes to that provider directly, with no copy retained by us. The OSS CLI honors:

• PROMPTY_TELEMETRY=true — off by default. When on, sends anonymous event metadata only.
• PROMPTY_TRANSCRIPT_LOG=true — off by default. When on, transcripts written to ~/.config/prompty/transcripts.jsonl, never sent over the network.
• PROMPTY_AUDIO_DISK_BUFFER=true — off by default. When on, the audio buffer is AES-256-GCM encrypted with a per-session key and auto-deleted within 60s of transcription.

Cloud tier (server side)

When you use a pck_ Cloud API key, our backend at api.prompty.khalo.org sees:

• Your audio + transcript — for the brief moment between your daemon sending it and our backend forwarding it to Anthropic / OpenAI. We do NOT log either.
• The rewrite text — returned to your daemon. We do NOT log it.
• Audit-log metadata — provider name, model name, input/output token counts, audio-seconds count, latency, timestamp, your user_id. No content. Stored in Cloudflare D1, retained as long as your account is active.
• Account info — email (provided at signup), plan name, cycle start, your hashed API key (we never see the raw key; only its SHA-256 hash).

Who sees what

• Anthropic sees the transcript + rewrite for LLM calls (their privacy policy). We use the API tier, which Anthropic says doesn't train on inputs by default.
• OpenAI sees the audio buffer for STT calls (their privacy policy). API-tier same caveat.
• Cloudflare hosts the proxy + DB + dashboard (their privacy policy). They see request metadata (IP, headers) per their standard logs.
• Stripe (when billing turns on) sees your payment information (their privacy policy). We never see your card.

Cookies

See the Cookie Policy. Short version: dashboard sets one localStorage entry holding your API key. Marketing site uses zero cookies.

Data retention + deletion

• Audio: never persisted server-side.
• Transcripts: never persisted server-side.
• Rewrites: never persisted server-side.
• Audit log (metadata only): retained while your account is active + 90 days after account deletion (for billing reconciliation), then permanently deleted.
• Account row: deleted within 30 days of an emailed deletion request.

GDPR + CCPA rights

If you're in the EU/UK or California, you have the right to access, correct, port, and delete your data. Send a request to hello@prompty.khalo.org and we'll respond within 30 days. We don't sell data, so there's no "do not sell" toggle to flip.

International transfers

Cloudflare D1 stores your data in the region closest to your traffic (typically EU for EU users). Anthropic + OpenAI process API calls in the US. By using Cloud tier you consent to this transfer.

Contact

Privacy questions: hello@prompty.khalo.org.

Template — replace operator name + jurisdiction-specific clauses before public launch.