Privacy Policy
Last updated: April 2026
CleanMyPrompt ("we", "us", "the Service") is committed to protecting your privacy. This policy explains what data we process, how, and your rights.
1. Data Controller
CleanMyPrompt is operated by its maintainers. For data-related inquiries, contact us at privacy@cleanmyprompt.io.
2. Client-Side Processing (Web App)
The CleanMyPrompt web application processes your text, PDFs, and images entirely within your browser using JavaScript. Your content is never uploaded to our servers, stored in our databases, or seen by our team.
PDF text extraction uses pdf.js (loaded from cdnjs.cloudflare.com). Image OCR uses Tesseract.js (loaded from cdn.jsdelivr.net). Both libraries execute locally in your browser — your files are not sent to these CDN providers.
3. Chrome Browser Extension
The CleanMyPrompt Chrome extension operates under the same privacy-first principles as the web app. This section explicitly covers all data practices for the extension, as required by the Chrome Web Store Developer Program Policies.
3a. Data Collected
The extension does not collect, transmit, or store any personal data about you. Specifically:
- Text you clean: When you use the extension to clean text on a webpage (via the inline button, right-click menu, or popup), that text is sent to the CleanMyPrompt API (
https://cleanmyprompt.io/api/v1/clean) for processing. The text is processed in memory and immediately discarded — it is never logged, stored, or retained on our servers. - No browsing history: The extension does not read, record, or transmit your browsing history or the content of pages you visit.
- No personal identifiers: We do not collect your name, email address, IP address, or any identifier that could be used to track you across sessions or sites.
- No financial data: The extension does not access payment information.
- No authentication credentials: The extension does not access usernames, passwords, or authentication tokens.
3b. Extension Storage (chrome.storage)
The extension uses chrome.storage.sync to save your preferences (e.g., default cleaning mode). This data:
- Contains only non-personal configuration values (e.g.,
{ mode: "standard" }). - Is synced by Chrome to your Google account if you are signed into Chrome — this is governed by Google's Privacy Policy, not ours.
- Is never read or transmitted to our servers.
3c. Host Permissions
The extension requests access to the following sites to inject its cleanup button:
- chatgpt.com, chat.openai.com
- claude.ai
- gemini.google.com
- copilot.microsoft.com
- poe.com
The extension only activates when you explicitly click the clean button or right-click menu item. It does not read page content passively or automatically.
3d. Data Sharing
We do not sell, rent, share, or disclose extension user data to any third party. The only outbound network request the extension makes is to https://cleanmyprompt.io/api/v1/clean — our own API — when you explicitly trigger a clean action.
3e. Data Retention
No extension user data is retained. Text submitted for cleaning is discarded immediately after the API response. There is no database record of your usage.
4. Server-Side API
We provide optional REST API endpoints (/api/v1/clean, /api/v1/analyze) for programmatic access. When you use the API:
- Your text is processed in-memory on our server and immediately discarded after the response is returned.
- We do not log, store, or retain any submitted text content.
- We record only the requester IP address (hashed) for rate limiting (30 requests/minute). Rate-limit counters are held in volatile memory and reset every 60 seconds.
- Maximum input size: 100,000 characters per request.
5. Data We Collect
4a. Analytics (opt-in only)
If you explicitly opt in via the consent banner, we collect anonymous page-view analytics through Vercel Analytics. This data includes pages visited, referrer, and anonymous session identifiers. No personal identifiers, IP addresses, or content are collected. You can opt out at any time by clearing the cmp_analytics_consent key in your browser's localStorage.
4b. Browser Local Storage
We store the following keys in your browser's localStorage. This data never leaves your device:
| Key | Purpose | Contains Personal Data? |
|---|---|---|
cmp_sessions_consent | Your consent choice for local session storage | No |
cmp_analytics_consent | Your consent choice for analytics | No |
cmp_audit_log | EU AI Act compliance audit log (up to 500 entries) | No — stores operation metadata only |
cmp_onboarding_done | Whether first-visit onboarding has been completed | No |
cmp_show_history | History panel visibility preference | No |
cmp_history_autoprune | Whether automatic session pruning is enabled | No |
cmp_history_prune_max | Maximum sessions before auto-pruning | No |
cmp_pii_rules_overrides | Custom PII detection rule configuration | No |
cmp:cumulative_tokens | Lifetime token savings counter | No |
cmp:cumulative_cost | Lifetime estimated cost savings | No |
You can clear all localStorage data at any time via your browser settings or by pressing F12 → Application → Local Storage → Clear.
6. Cookies
CleanMyPrompt does not set any first-party or third-party cookies. We use localStorage exclusively. See our Cookie Policy for full details.
7. Third-Party Services
When you use CleanMyPrompt, your browser may make network requests to the following third-party services to load required libraries:
- cdnjs.cloudflare.com — Serves pdf.js for PDF text extraction. Cloudflare's privacy policy applies to CDN request logs.
- cdn.jsdelivr.net — Serves Tesseract.js for image OCR. jsDelivr's privacy policy applies.
- Vercel Analytics (opt-in only) — Anonymous page-view analytics. Vercel Analytics privacy policy.
We do not use advertising networks, social media trackers, or data brokers.
8. Children's Privacy
CleanMyPrompt is not directed at children under 16. We do not knowingly collect personal data from children.
9. Your Rights — Global Privacy Laws
Under GDPR (EEA/UK), LGPD (Brazil), PDPA (Singapore/Thailand), PIPEDA (Canada), Australia Privacy Act, and equivalent laws, you have the right to:
- Access — Request a copy of any personal data we hold about you.
- Rectification — Correct inaccurate personal data.
- Erasure — Request deletion of your personal data ("right to be forgotten").
- Restriction — Request we limit processing of your data.
- Portability — Receive your data in a structured, machine-readable format.
- Object — Object to data processing based on legitimate interests.
- Withdraw Consent — Withdraw analytics consent at any time via your browser's localStorage.
In practice, because we do not store personal data server-side, most of these rights are satisfied by design. For any requests, email privacy@cleanmyprompt.io.
Legal basis for processing: Legitimate interest (providing the Service) and consent (analytics).
Data Protection Authority: You have the right to lodge a complaint with your local data protection authority.
10. Your Rights Under CCPA / US State Laws (US Residents)
Under the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), Virginia CDPA, and other US state privacy laws, you have the right to:
- Know — Request disclosure of what personal information we collect and why.
- Delete — Request deletion of personal information.
- Opt-Out of Sale — We do not sell personal information to third parties.
- Non-Discrimination — We will not discriminate against you for exercising your rights.
To exercise these rights, email privacy@cleanmyprompt.io.
11. Data Processing Agreement (DPA)
For organizations requiring a Data Processing Agreement, please contact privacy@cleanmyprompt.io. We can provide a standard DPA that covers:
- Scope of processing (text cleaning, PII redaction)
- Data retention period (zero — no server-side retention)
- Sub-processor list (Vercel for hosting, Cloudflare/jsDelivr for CDN)
- Security measures and breach notification procedures
12. Security
We implement industry-standard security measures:
- Content Security Policy headers restricting script and resource origins
- CORS headers on API endpoints restricting cross-origin access
- Rate limiting to prevent abuse (30 requests/minute per IP)
- Input validation and size limits on all API endpoints
- No server-side data persistence — nothing to breach
To report a security vulnerability, please see our security.txt or email security@cleanmyprompt.io.
13. Changes to This Policy
We may update this policy from time to time. Material changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance.
14. Contact
For privacy-related questions or to exercise your data rights:
- Email: privacy@cleanmyprompt.io
- Security issues: security@cleanmyprompt.io