Prompt Cage

Privacy Policy

The Privacy Policy for Prompt Cage.

This Privacy Policy describes how Prompt Cage ("we," "us," or "our") collects, uses, and protects your information when you use our AI security service that protects against prompt injection attacks.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name and contact information
  • Payment information (processed securely through Stripe)
  • Account preferences and settings

1.2 Service Usage Data

We collect information about how you use our Service:

  • API requests and responses
  • Usage patterns and frequency
  • Performance metrics
  • Error logs and debugging information

1.3 Technical Information

We automatically collect:

  • IP addresses and location data
  • Browser type and version
  • Device information
  • Cookies and similar technologies
  • Log files and analytics data

1.4 Security Data

For security purposes, we may collect:

  • Threat detection patterns
  • Attack attempt information
  • Security event logs
  • System performance data

2. How We Use Your Information

2.1 Providing Our Service

We use your information to:

  • Process and analyze your AI prompts for security threats
  • Provide real-time protection against prompt injection attacks
  • Generate risk scores and threat assessments
  • Improve our detection algorithms
  • Maintain and optimize service performance

2.2 Account Management

We use your information to:

  • Create and manage your account
  • Process payments and subscriptions
  • Provide customer support
  • Send important service notifications

2.3 Service Improvement

We use aggregated, anonymized data to:

  • Improve our security algorithms
  • Enhance service performance
  • Develop new features
  • Conduct research and analysis

2.4 Legal Compliance

We may use your information to:

  • Comply with legal obligations
  • Respond to law enforcement requests
  • Protect our rights and property
  • Prevent fraud and abuse

3. Data Processing and Security

3.1 Real-Time Processing

Your AI prompts are processed in real-time for security analysis. We do not:

  • Store your actual prompt content
  • Log sensitive user data
  • Retain processed data after analysis

3.2 Data Security

We implement industry-standard security measures:

  • Encryption in transit and at rest
  • Secure data centers and infrastructure
  • Regular security audits and updates
  • Access controls and authentication
  • Network security and monitoring

3.3 Data Retention

  • Account Data: Retained while your account is active
  • Usage Analytics: Aggregated and anonymized data may be retained for service improvement
  • Security Logs: Retained for security monitoring and compliance
  • Payment Data: Processed by Stripe, subject to their privacy policy

4. Information Sharing

4.1 Service Providers

We may share information with trusted service providers who help us operate our Service:

  • Payment processors (Stripe)
  • Cloud infrastructure providers
  • Analytics and monitoring services
  • Customer support tools

4.2 Legal Requirements

We may disclose your information when required by law, such as:

  • Court orders or subpoenas
  • Government investigations
  • Regulatory compliance
  • Protection of rights and safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

4.4 With Your Consent

We will share your information with third parties only with your explicit consent.

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

  • Access your personal information
  • Update or correct your information
  • Delete your account and data
  • Export your data
  • Opt out of marketing communications

5.2 Data Portability

You can request a copy of your data in a portable format.

5.3 Account Deletion

You can delete your account at any time through your account dashboard. Upon deletion:

  • Your account will be permanently removed
  • Your data will be deleted from our systems
  • Some information may be retained for legal compliance

5.4 Marketing Communications

You can opt out of marketing emails by:

  • Using the unsubscribe link in our emails
  • Updating your preferences in your account
  • Contacting us directly

6. Cookies and Tracking

6.1 Types of Cookies

We use cookies and similar technologies for:

  • Essential service functionality
  • Performance monitoring
  • Analytics and improvement
  • Security and fraud prevention

6.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect service functionality.

6.3 Third-Party Analytics

We use analytics services to understand service usage and improve performance. These services may collect information about your use of our Service.

7. International Data Transfers

7.1 Data Location

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers.

7.2 Compliance

We comply with applicable data protection laws, including GDPR for European users and CCPA for California residents.

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Data Breach Response

9.1 Notification

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of discovery
  • Provide details about the breach and affected data
  • Outline steps we're taking to address the issue
  • Offer guidance on protecting your information

9.2 Response Plan

We have established procedures for:

  • Detecting and containing breaches
  • Assessing the scope and impact
  • Notifying affected users and authorities
  • Implementing corrective measures

10. Third-Party Services

10.1 External Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.

10.2 Third-Party Integrations

When you integrate our Service with third-party applications, those applications may collect and process your data according to their own privacy policies.

11. Changes to This Policy

11.1 Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications
  • Displaying in-app notifications

11.2 Continued Use

Your continued use of our Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

12.1 Data Protection Officer

For privacy-related inquiries, you can also contact our Data Protection Officer at the email address above.

13. Legal Basis for Processing (GDPR)

If you are in the European Union, our legal basis for processing your personal data includes:

  • Contract: Processing necessary to provide our Service
  • Legitimate Interest: Improving our Service and security
  • Consent: For marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt out of the sale of personal information
  • Right to non-discrimination for exercising your rights

Last updated: July 2025