Privacy Policy

Last updated: April 6, 2026

1. Introduction

PromptShield ("we", "us", "our") is a desktop application for AI-powered document anonymization. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

2.1 Account Data

When you create an account, we collect your email address and, if you subscribe to a paid plan, your payment information is processed by Stripe. We never store credit card numbers on our servers.

2.2 License & Device Data

To enforce license limits, we generate a machine fingerprint (a SHA-256 hash of hardware identifiers). This fingerprint is stored on our licensing server to track device activations. We do not collect your computer name, IP address at rest, or other identifiable hardware details.

2.3 Document Data

Your documents never leave your device. PromptShield processes all files locally using on-device AI models. No document content, PII detections, or anonymized output is ever transmitted to our servers or any third party.

3. How We Use Your Data

  • Authenticate your account and manage your subscription.
  • Issue and validate software license keys.
  • Prevent abuse of free trials (one trial per device).
  • Communicate important product updates (opt-out available).

4. Third-Party Services

We use the following external services:

  • Firebase Authentication — account sign-in (Google OAuth, email/password).
  • Stripe — payment processing for Pro subscriptions.
  • Google Cloud Run — hosting the licensing server.

Each service has its own privacy policy. We do not share your data with any other third parties.

5. Data Retention

Account data is retained for as long as your account is active. Machine fingerprints associated with expired license keys are deleted automatically after 90 days. You may request deletion of your account and all associated data at any time by contacting us.

6. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to access, rectify, delete, or export your personal data. You also have the right to restrict or object to processing and to lodge a complaint with your local data protection authority. To exercise these rights, contact us at the email below.

7. Security

We use industry-standard security measures including TLS encryption in transit, Ed25519 digital signatures for license keys, and bcrypt-hashed passwords. All infrastructure runs on SOC 2-compliant cloud providers.

8. Children's Privacy

PromptShield is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. Continued use of the service after changes constitutes acceptance.

10. Contact

If you have questions about this Privacy Policy, please contact us at privacy@promptshield.ca.