LogoPrompt Sloth
Back

Security

Last Updated: May 15, 2026

At Prompt Sloth, security is a core part of how we build and operate our product. We take the protection of your data seriously and have implemented multiple layers of security to keep your information safe.

1. Prompt Encryption & Privacy

  • All prompts you write or improve are processed in real time and never stored on our servers
  • Your prompts are sent directly to the AI provider (OpenAI) over encrypted connections and discarded after processing
  • We have zero access to your prompt content — we cannot read, log, or analyze what you write
  • Per OpenAI's API data usage policy, API inputs are not used to train models and are not retained

2. Template Encryption

  • All custom templates you create are encrypted at rest before being stored on our servers
  • Only you can access and decrypt your templates through your authenticated session
  • Templates are transmitted over TLS-encrypted connections at all times

3. Data Encryption in Transit

  • All data exchanged between your browser, our servers, and third-party services is protected with TLS 1.2+ encryption
  • We enforce HTTPS across all endpoints — no unencrypted connections are accepted
  • API keys and secrets are stored securely and never exposed to the client

4. Authentication & Access Control

  • We use Google OAuth 2.0 for authentication — we never handle or store your password
  • Session tokens are securely managed and expire automatically
  • Each user can only access their own data — there is no shared access between accounts

5. Infrastructure Security

  • Our application is hosted on Vercel, which provides enterprise-grade infrastructure security, DDoS protection, and automatic scaling
  • Our database is hosted on Turso with encrypted storage and access controls
  • We follow the principle of least privilege for all internal access

6. Payment Security

  • All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor
  • We never store, process, or have access to your credit card numbers or payment details
  • Stripe handles all sensitive payment data in their secure environment

7. Extension Permissions

  • The Prompt Sloth Chrome extension requests only the minimum permissions necessary to function
  • The extension does not track your browsing history, read your emails, or access data outside of text input fields where you activate it
  • You can review our extension permissions in the Chrome Web Store at any time

8. Data Minimization

We follow a strict data minimization approach — we only collect what we need:

  • Account info (email, profile) for authentication
  • Credit balance for service delivery
  • Basic usage analytics for product improvement
  • Custom templates (encrypted) that you choose to save

We do not collect or store:

  • Your prompts or improved text
  • Browsing history or habits
  • Content from websites you visit
  • Personal data beyond what is needed for authentication

9. Incident Response

  • We monitor our systems for security anomalies and unauthorized access
  • In the event of a security incident, we will notify affected users promptly
  • We are committed to transparency and will communicate clearly about any issues

10. Responsible Disclosure

If you discover a security vulnerability, we appreciate your help in disclosing it responsibly. Please contact us at:

We will acknowledge your report, investigate promptly, and keep you informed of our progress.

11. Continuous Improvement

We regularly review and update our security practices to stay aligned with industry standards and emerging threats. Security is not a one-time effort — it is an ongoing commitment.

Your trust is important to us. If you have any questions about our security practices, please reach out to [email protected].

Security | AI Prompt Helper for ChatGPT & Claude | Chrome Extension Prompt Sloth