PromptVault — Privacy Policy

Last updated: 7 June 2026

PromptVault is a prompt manager available as a website and a browser extension. It is built to be private by design and to run without any backend server. This policy explains exactly what data PromptVault touches and where it goes.

The short version

• We operate no servers and no database. There is nothing for us to see, store, or sell.
• Your prompts and any media you attach are stored in your own Google Drive and in your browser's local storage — never on infrastructure we control.
• We collect no analytics, no telemetry, and no advertising data.
• The only network requests PromptVault makes are directly between your browser and Google (for sign-in and Drive), after you choose to connect.

What data PromptVault handles

• Your prompts and metadata (titles, categories, tags, timestamps): stored in a vault.json file inside a PromptVault folder in your Google Drive, and cached locally in your browser (chrome.storage.local in the extension; IndexedDB on the web).
• Media you attach (e.g. images): uploaded as files to that same Google Drive folder.
• Your Google account email: shown in the UI so you know which account is connected. It is read from Google and kept only in your browser's local storage.
• An OAuth access token: held only in your browser to call the Google Drive API on your behalf. It is cleared when you disconnect/sign out.

Google account access (limited scope)

PromptVault requests the least-privilege scopes drive.file and userinfo.email. The drive.file scope means PromptVault can only access files it creates (your PromptVault folder) — it cannot see or touch any of your other Drive files. PromptVault's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we do NOT do

• We do not transmit your prompts or files to any server we operate (we have none).
• We do not sell, rent, or share your data with third parties.
• We do not use your data for advertising or to train models.
• We do not track your browsing. The browser extension's content script only inserts a prompt's text into the field you choose; it does not read or send page contents anywhere.

Browser extension permissions

• storage — cache your prompt library locally.
• identity — sign in to Google to connect your Drive.
• contextMenus — the right-click "Inject prompt" / "Save selection" menu.
• clipboardWrite — copy a prompt to the clipboard as a fallback when no text field is focused.
• alarms — periodically sync your library with your Drive.
• Host access to all sites — required so you can insert a saved prompt into a text field on any website. Page content is never read or collected.

Deleting your data

Your data lives in your Google Drive and your browser. To remove it: delete the PromptVault folder from your Google Drive, and remove the extension / clear the site's browser storage. You can revoke PromptVault's access at any time at myaccount.google.com/permissions.

Contact

Questions about this policy: sumit@sumitagrawal.dev.

← Back to PromptVault