Privacy Policy
Effective Date: January 24, 2026
Version: 1.0
Service: TrustPrompt.io (the “Service”)
Company: Pulse Insights LLC (“Pulse,” “we,” “us,” or “our”)
Our Privacy Promise
TrustPrompt is built on a privacy-first architecture:
- Your sensitive data stays in your browser. Entity detection, OCR, tokenization, and response restoration all run client-side.
- We never see your original content. In Managed Mode, only the tokenized version (e.g., “[PERSON_A]” instead of “John Smith”) passes through our servers.
- Saved patterns are encrypted. Your custom detection patterns are encrypted client-side with a key only you control. We cannot read them.
- We collect minimal data. We store usage metadata (counts, timestamps, credits) but never your prompts, responses, or the actual entities detected.
This Privacy Policy explains how Pulse Insights LLC handles personal information that we collect through our website at trustprompt.io (the “Site”), through the TrustPrompt service (the “Service”), in connection with our marketing activities, and in other settings where we post this Privacy Policy.
If you have any questions or concerns about your personal information or this Privacy Policy, email us at [email protected].
1. How TrustPrompt Handles Your Data
TrustPrompt is a privacy tool that helps you sanitize sensitive information before sending prompts to AI services. Our architecture is designed so that your sensitive data never needs to leave your browser.
Processing That Stays in Your Browser
The following operations run entirely in your browser using local JavaScript and WebAssembly. We never receive this data:
| Process | Technology | What We See |
|---|---|---|
| Entity detection (regex patterns) | JavaScript | Nothing |
| Entity detection (ML/NER model) | ONNX + WebAssembly | Nothing |
| Document OCR (text extraction) | Tesseract.js / pdf.js | Nothing |
| Token replacement | JavaScript | Nothing |
| Image redaction rendering | Canvas API | Nothing |
| Response restoration (tokens to real values) | JavaScript | Nothing |
Processing That Involves Our Servers
The following operations may send data through our infrastructure:
Managed Mode (AI Chat via TrustPrompt)
When you use our built-in AI chat feature, your Sanitized Prompt (the tokenized version, not your original text) passes through our servers to reach the AI provider.
- Prompts contain only tokens (e.g., “[PERSON_A] works at [COMPANY_B]”), never the original values
- We do not store, log, or retain prompt content or AI responses—they are proxied in real-time and discarded
- We log usage metadata only (timestamps, token counts, model used, credits consumed)
Deep Analysis (Optional Enhanced Detection)
If you enable Deep Analysis, your original text (before tokenization) is sent to a third-party AI service (currently Together.ai) for additional entity detection. This happens before sanitization.
- This feature is opt-in only and disabled by default
- We use providers with “zero data retention” policies where available
- You can disable Deep Analysis at any time in the interface
- If you cannot accept third-party data exposure, do not enable Deep Analysis
BYOK Mode (Your Own API Keys)
If you provide your own API keys, your browser communicates directly with the AI provider. Your prompts and responses never touch our servers.
Saved Patterns (Zero-Knowledge Encryption)
You can save custom detection patterns for use across sessions. These patterns are stored using zero-knowledge encryption:
- Your patterns are encrypted in your browser using a key derived from a password only you know
- We store only the encrypted blob—we cannot read your patterns
- A recovery key is generated so you can regain access if you forget your password
- If you lose both your password and recovery key, your saved patterns are unrecoverable (by design)
2. Personal Information We Collect
Information You Provide
- Account Information: Email address, name (optional), password (hashed)
- Payment Information: Processed by Stripe; we receive only payment status, not card numbers
- Communications: Support emails, feedback you submit
- Marketing Preferences: Email signup for beta waitlist, newsletter preferences
Information Collected Automatically
- Usage Metadata: Counts of sanitizations, entities detected (counts only, not values), credits consumed, feature flags used
- Device Data: Browser type, operating system, screen resolution, general location (city/region from IP)
- Analytics Data: Pages visited, features used, session duration (via Google Analytics with IP anonymization enabled)
Information We Do NOT Collect
We do not collect, store, or log:
- The content of your prompts or AI responses
- The actual sensitive data detected (names, account numbers, etc.)
- Your images or documents (processed in-browser, discarded after session)
- The token-to-value mapping that would let us reverse tokenization
3. How We Use Your Information
We use personal information for service delivery, communication, research and development, and compliance. Full details are available in the app at trustprompt.io/privacy.
4. How We Share Your Information
We do not sell your personal information. We may share data with service providers (Cloudflare, Supabase, Stripe, SendGrid, Google Analytics) and AI providers in Managed Mode (OpenAI, Anthropic, Together.ai).
5. Your Privacy Choices & Rights
- Deep Analysis: Disable to keep all detection browser-only
- BYOK Mode: Use your own API keys to avoid data passing through our servers
- Account Controls: Access, update, delete, or export your data
- Marketing: Opt out of marketing emails at any time
6. Data Security
We implement industry-standard security measures including encryption in transit (HTTPS/TLS), encryption at rest, PBKDF2 password hashing with 100,000 iterations, client-side encryption for saved patterns, and role-based access controls.
7. Data Retention
- Account Data: Until you delete your account
- Usage Logs: 90 days for operational purposes
- Transaction History: 7 years for legal/tax compliance
- Support Communications: 2 years after resolution
8. Children's Privacy
TrustPrompt is not intended for users under 16 years of age.
9. International Data Transfers
TrustPrompt is operated from the United States. Pulse Insights LLC complies with the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. DPF. Visit dataprivacyframework.gov for details.
10. Information for California Residents
California residents have rights under CCPA including the right to know, delete, portability, and non-discrimination. We do not sell personal information. To exercise your rights, email [email protected].
11. Information for European Users
Pulse Insights LLC is the data controller. We process data based on contract, legitimate interests, consent, and legal obligation. EU representative: Osano International Compliance Services Limited, 28 North Wall Quay, Dublin 1 D01 H104, Ireland.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email.
13. Contact Us
Email: [email protected]
Mail:
Pulse Insights LLC
716 Beacon Street, #590578
Newton Center, MA 02459
Attention: Data Protection Officer
14. Relationship to Pulse Insights
TrustPrompt is a product of Pulse Insights LLC. For information about Pulse Insights' other products and services, see the Pulse Insights Privacy Policy.