Last updated: June 4, 2026

Privacy Policy

How Promptslive handles your data — built on zero-retention edge processing by Cloudflare Workers.

1. Overview

Promptslive ("PromptsLive," "we," "us," or "our") operates the AI security gateway service at promptslive.dev. This Privacy Policy explains how we handle information when you use our service.

The core principle: Promptslive is architected as a zero-retention stateless proxy. We do not store, log, or persist your prompts, LLM responses, API keys, or any content that passes through our gateway. Your data exists only in volatile RAM during the milliseconds it takes to process a single request.

2. What We Collect (and What We Don't)

2.1 Information You Provide

  • Account Information: If you create an account in the future, we may collect your email address and payment details via Stripe.
  • Support Requests: Any information you voluntarily provide when contacting us for support.

2.2 What We Never Collect

  • API Keys: Your OpenRouter, OpenAI, DeepSeek, or other provider API keys are never transmitted to or stored on our servers. Under our BYOK architecture, keys stay in your browser's localStorage and are sent directly with each request — we never see them.
  • Prompt Content: Your prompts are processed in-memory by Cloudflare Workers and discarded immediately after the upstream response is returned. Zero retention.
  • LLM Responses: Completions are streamed back to you and never stored.
  • PII / Sensitive Data: We actively redact PII (emails, SSNs, credit cards, credentials) from prompts before they reach the LLM. The original values are never logged or retained.
  • Usage Logs: We do not maintain server-side logs of your prompts, responses, or API calls.

3. Bring Your Own Key (BYOK) Architecture

Promptslive is a Bring Your Own Key service. You provide your own API keys for OpenRouter, OpenAI, DeepSeek, or any compatible provider. These keys:

  • Are stored exclusively in your browser's localStorage — never on our infrastructure.
  • Are sent directly from your browser to our Cloudflare Worker for each request.
  • Are forwarded to your chosen upstream LLM provider and then immediately discarded from Worker memory.
  • Are never persisted to disk, database, or any external logging system.

For production gateway users, pl_live_ tokens are generated client-side and stored in your browser — we cannot reconstruct them and have no access to the underlying session hash.

4. Cloudflare Workers Edge Processing

All Promptslive traffic is processed by Cloudflare Workers — ephemeral JavaScript isolates that run at Cloudflare's global edge network. Workers:

  • Have no persistent storage — no filesystem, no database connection.
  • Execute in isolated V8 contexts that are destroyed after each request completes.
  • Run entirely in volatile RAM with no disk access.
  • Are subject to Cloudflare's privacy policy for any infrastructure-level data they may collect.

5. Browser Storage & Cookies

Promptslive uses your browser's localStorage to persist your preferences and session data locally. This data never leaves your device:

  • API key (OpenRouter / provider key)
  • Model preferences and endpoint configuration
  • Custom RegEx rules and enabled guardrails
  • Compliance profile selections
  • Prompt history and analytics counters
  • Theme preference (dark/light)
  • Production gateway pl_live_ tokens

We do not use tracking cookies, analytics cookies, or third-party cookies. The only data stored is what you explicitly configure through the dashboard interface, and it remains entirely within your browser.

6. Third-Party Services

Promptslive integrates with the following third-party services. Each has its own privacy policy:

  • OpenRouter — Routes LLM requests to your chosen model provider. Privacy Policy
  • Cloudflare — Provides edge compute infrastructure (Workers, Pages). Privacy Policy
  • jsDelivr CDN — Delivers the Tailwind CSS framework for dashboard styling. Privacy Policy
  • Stripe — Payment processing (when you subscribe). Privacy Policy

When you use the production gateway, your prompts are forwarded to your chosen LLM provider (e.g., OpenAI, Anthropic, Google). Those providers' privacy policies govern how they handle your data.

7. Compliance Framework Support

7.1 GDPR (General Data Protection Regulation)

Promptslive's zero-retention architecture aligns with GDPR principles of data minimization and storage limitation. Because we never store prompt content or personal data, there is no persistent personal data to access, rectify, or delete. For any account data (email, payment info), you may request access or deletion by contacting us.

7.2 HIPAA

While Promptslive provides HIPAA-aligned guardrails (PII redaction, data minimization), we are not a covered entity or business associate under HIPAA. Organizations handling Protected Health Information (PHI) should conduct their own compliance assessment before using Promptslive with PHI.

7.3 PCI-DSS

Promptslive's credit card number redaction helps prevent accidental PAN exposure in LLM prompts. However, Promptslive is not a PCI-DSS validated service provider and should not be used to process, store, or transmit cardholder data for payment purposes.

7.4 SOC 2

Promptslive's security controls (zero-retention, BYOK, edge isolation) align with SOC 2 Trust Services Criteria for security, availability, and confidentiality. A formal SOC 2 report is not currently available.

8. Your Data Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of any personal data we hold about you.
  • Rectification: Correct inaccurate personal data.
  • Erasure: Request deletion of your personal data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data.

Important note: Because Promptslive does not store prompt content, API keys, or LLM responses on our servers, the scope of personal data we can provide or delete is limited to account information (email, payment records) if you've created an account. All prompt and session data is stored exclusively in your browser and is under your control at all times — you can clear it anytime by clearing your browser's localStorage or using the dashboard's Reset button.

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

Promptslive is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Material changes will be communicated via the dashboard or email if you've provided one.

11. Contact Us

For privacy-related inquiries: