Privacy Policy
Last Updated: July 1, 2026
1. Local-First Architecture
PromptLock Pro is architected to run entirely "local-first" as a sandboxed Chrome Extension. Your conversation data, settings, and credentials remain entirely on your local machine. No databases or remote cloud services are utilized to log your workspace behavior.
2. Local Credentials Encryption
All API credentials (keys for OpenAI, Anthropic, DeepSeek, and Google AI Studio) are encrypted client-side using authenticated **AES-256-GCM** encryption before being committed to your local sandboxed `chrome.storage.local` store.
The decryption keys are derived inside isolated extension contexts from your Master Password using **PBKDF2** key derivation (100,000 iterations). Plaintext keys are processed dynamically and exist only inside short-lived execution variables.
3. No Telemetry or Diagnostics
We do not inject diagnostic trackings, analytics tools, or error reporting scripts. We do not collect clickstream analytics or usage metadata. Your interactions are 100% auditable and isolated.
4. Third-Party API Routing
When querying AI endpoints, requests originate directly from your browser sandbox (or routed via your designated Cloudflare AI Gateway proxy). These requests are governed by the privacy guidelines and parameters of the selected AI providers.