Back to Home

Privacy Policy

Last Updated: July 1, 2026

1. Local-First Architecture

PromptLock Pro is architected to run entirely "local-first" as a sandboxed Chrome Extension. Your conversation data, settings, and credentials remain entirely on your local machine. No databases or remote cloud services are utilized to log your workspace behavior.

2. Local Credentials Encryption

All API credentials (keys for OpenAI, Anthropic, DeepSeek, and Google AI Studio) are encrypted client-side using authenticated **AES-256-GCM** encryption before being committed to your local sandboxed `chrome.storage.local` store.

The decryption keys are derived inside isolated extension contexts from your Master Password using **PBKDF2** key derivation (100,000 iterations). Plaintext keys are processed dynamically and exist only inside short-lived execution variables.

3. No Telemetry or Diagnostics

We do not inject diagnostic trackings, analytics tools, or error reporting scripts. We do not collect clickstream analytics or usage metadata. Your interactions are 100% auditable and isolated.

4. Third-Party API Routing

When querying AI endpoints, requests originate directly from your browser sandbox (or routed via your designated Cloudflare AI Gateway proxy). These requests are governed by the privacy guidelines and parameters of the selected AI providers.