Privacy Policy

Last updated: April 12, 2026

What we collect

When you sign in via GitHub, we receive your public profile (username, avatar URL) and email address. We do not request access to your repositories, organizations, or any private data on GitHub.

What stays on your machine

Your local agent session data (~/.claude/, ~/.codex/, ~/.cursor/) is read by the promptarc CLI locally and never transmitted anywhere unless you explicitly click Share or enable Sync to cloud.

What we store in the cloud

When you share or sync a session, we store:

• The redacted session artifact (secrets, API keys, home-directory paths, and thinking blocks are stripped before upload)
• Metadata: title, project name, message/tool/file counts, timestamps
• Your user ID (to attribute ownership)
• Visibility setting (public, unlisted, or private)

Artifacts are stored in a private Supabase Storage bucket. Public and unlisted shares are served through the application; private shares are only accessible to the owning account.

Authentication tokens

The CLI stores a bearer token at ~/.promptarc/auth.json (file permissions 0600). This token is sent only to promptarc.dev and is never shared with third parties.

Analytics

We use Vercel Analytics on the hosted site for anonymous page-view counts. No cookies are set for analytics. No personal data is collected beyond standard HTTP request metadata (IP address, user agent).

Data deletion

You can delete any shared session from the My shares page at any time. Deleting a share removes both the metadata row and the storage artifact permanently. To delete your account entirely, contact us via the feedback page.

Third parties

• Supabase — database and storage hosting
• Vercel — web application hosting
• GitHub — OAuth authentication provider

We do not sell, rent, or share your data with any other third parties.

Contact

Questions about this policy? Submit them on the feedback page.