prompt1

Legal

Privacy Policy

Last updated: March 12, 2026

Overview

prompt1 is a coaching tool, not a surveillance tool. This Privacy Policy explains what data we collect, why we collect it, and how we protect it. We are committed to collecting the minimum data necessary to provide personalized coaching.

What We Collect

Account Data

When you register, we collect your name, email address, and organization name (for team accounts). Passwords are hashed using bcrypt and never stored in plaintext.

Practice Metrics (via Plugin)

The locally installed plugin collects aggregated best practice signals, including:

  • Prompt quality indicators (clarity score, whether file references were included)
  • Workflow signals (test execution frequency, build/lint usage)
  • Security practice indicators (permission mode, CLAUDE.md presence)
  • Session metadata (duration, tool count, prompt count)

What We Do NOT Collect

  • We do not collect your source code
  • We do not collect your prompt content or Claude's responses
  • We do not collect file contents, file paths, or repository names
  • We do not log keystrokes, screenshots, or screen recordings

Payment Data

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank details, or other payment credentials on our servers. See Stripe's Privacy Policy for details.

How We Use Your Data

  • Calculate your proficiency score and generate coaching recommendations
  • Display trends and category breakdowns on your dashboard
  • Provide team-level aggregated analytics (for team accounts)
  • Send transactional emails (account confirmation, billing)

We do not sell your data to third parties. We do not use your data for advertising.

Data Storage & Security

Account data is stored in a PostgreSQL database hosted on Supabase. Practice metrics are stored in Prometheus and Loki instances on dedicated infrastructure. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). For more details, see our Security page.

Data Retention

  • Individual plan: 7-day metric history
  • Team plan: 30-day metric history
  • Enterprise plan: 90-day metric history (configurable)
  • Post-cancellation: Data retained 30 days, then permanently deleted

Your Rights

You have the right to:

  • Access all data we hold about you
  • Export your data in a machine-readable format
  • Request deletion of your account and all associated data
  • Opt out of non-essential communications

To exercise any of these rights, email contact@spectatr.ai.

Cookies

We use only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics that track individual users across sites.

Third-Party Services

  • Stripe — payment processing
  • Supabase — database hosting
  • Vercel — application hosting

Each service has its own privacy policy. We select providers with strong security and privacy practices.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions about privacy? Contact us at contact@spectatr.ai.