Privacy Policy

Last updated: 7 May 2026

PromptPaste is designed to be private by default. Your prompts live on your device and in your personal iCloud. We don't run accounts, we don't track you across apps or websites, and we never see your prompt contents. We do measure anonymous product usage (which features get used, not who used them) - details below.

What we collect

No personal account data. PromptPaste stores all prompts, folders, and variables locally on your device using Apple's SwiftData framework. There is no PromptPaste account and no server-side user database.

iCloud sync

If you're signed in to iCloud, your prompts sync across your Apple devices through your private CloudKit container. This data is handled entirely by Apple - PromptPaste servers never see it. You can disable iCloud sync for PromptPaste at any time in your device's system Settings: on iOS, Settings → [your name] → iCloud → Saved to iCloud → PromptPaste; on macOS, System Settings → [your name] → iCloud → Saved to iCloud → PromptPaste.

Shared collections

When you create a share link for a collection, the prompt titles, bodies, and folder structure you chose to share are uploaded to our Cloudflare Worker and stored in Cloudflare KV to serve the link.

Shares are tied to an anonymous owner token stored in your device Keychain - no email, name, or account required.
You control expiry (7 days, 30 days, 90 days, or never) and can revoke a link at any time.
Revoked or expired shares are deleted from storage.
We log the request IP address temporarily for rate limiting (10 share create or revoke requests per minute). These logs are not linked to any identity, are not stored or exported by us, and are discarded automatically by Cloudflare per its standard retention policies.

Only share what you mean to share. Content inside a share link is readable by anyone who has the URL until you revoke it. Don't put secrets, credentials, or personal information into a shared collection.

AI prompt generation

On supported devices (iOS 26 / macOS 26+ with Apple Intelligence), PromptPaste can generate prompts from a short topic you type. When you use this feature, you are interacting with an AI system - specifically, Apple's on-device Foundation Models framework. This runs entirely on-device: your topic and the generated output never leave your device, are not sent to PromptPaste servers, and are not sent to any third-party AI provider. We do not log topic text or generated content in analytics - only whether a generation succeeded or failed, and a short failure reason code when it fails.

Analytics and advertising

We use TelemetryDeck for privacy-focused usage analytics. TelemetryDeck is a third-party processor that helps us see whether features are working - it does not build advertising profiles and does not share your data with anyone.

What's sent: event names (for example, "Prompt.copied", "Paywall.purchaseStarted", "Onboarding.completed") and a small set of bounded, non-identifying parameters that describe the event itself - such as whether a prompt had variables, which plan identifier was tapped on the paywall, an error-reason code drawn from a fixed vocabulary, or an item count. No parameter is free-form text you entered.

What's never sent: prompt titles, prompt bodies, variable values, generated AI output, folder names, search queries, your name, your email, or advertising identifiers.

How you're identified: The TelemetryDeck SDK uses Apple's identifierForVendor - a per-vendor device identifier issued by iOS that is not linked to your Apple ID and is reset when you remove all of our apps - and hashes it on your device before any signal leaves. On the server, TelemetryDeck applies a second layer of hashing (their "double-hashing" mechanism). TelemetryDeck has publicly committed that IP addresses are never stored on their servers. The final double-hashed identifier lets duplicate events be deduplicated but is not linkable back to you. See TelemetryDeck's privacy policy and anonymization documentation for details.

Advertising and measurement (marketing site only)

Our public marketing pages (getpromptpaste.com and getpromptpaste.com/support/) load Google Tag Manager (GTM) from Google LLC. GTM is a tag orchestrator - it lets us configure advertising and analytics tags without redeploying the site. The tags currently configured in our GTM container are:

Meta Pixel (Meta Platforms, Inc.) - measures ad effectiveness and builds custom audiences for Meta ads (Facebook, Instagram). Sets the _fbp cookie (and _fbc if you arrived from a Meta ad).
Google Analytics 4 (Google LLC) - aggregate site analytics. Sets the _ga cookie.
Google Ads conversion tracking (Google LLC) - measures which ads lead to app installs or subscriptions.

When any of these tags fire, they send the third party your IP address, user agent, and the URL you are viewing. Meta and Google govern their own handling of that data under their respective privacy policies (Meta, Google).

Where these web tags run: only on the marketing homepage and the public support page. They do not run on the privacy or terms pages, or on any shared-collection page (/share/...). Your prompts, folders, and share content are never exposed to Meta or Google through these web tags. The PromptPaste iOS app uses a separate, more limited Meta integration described in the In-app advertising attribution (iOS) section below.

EEA and UK visitors: these tags are blocked automatically based on your location (detected by Cloudflare at the network edge). No tag code is sent to your browser and no request to Meta or Google is made.

US residents - Do Not Sell or Share / opt out of targeted advertising: Under the California CCPA/CPRA, Colorado CPA, Connecticut CTDPA, Virginia VCDPA, Texas TDPSA, Oregon OCPA, and similar state laws, loading these tags counts as "sharing personal information for cross-context behavioral advertising" or "targeted advertising." To opt out:

Enable Global Privacy Control in your browser. We detect and honor it on every page load automatically - no cookie required.
Or click this link: Do Not Sell or Share My Personal Information. This sets a pp_optout cookie on this device that blocks all tags on future visits.

We implement Google Consent Mode v2: when you enable Global Privacy Control or click the opt-out link above, all configured tags (Meta Pixel, GA4, Google Ads) receive a "denied" consent signal and do not set cookies or send personal data.

You can also adjust ad preferences directly in your Meta Accounts Center and Google My Ad Center.

In-app advertising attribution (iOS)

Starting with PromptPaste iOS version 1.1.0, our iOS app links the Meta SDK for iOS (FacebookCore v18.0.3) for the limited purpose of measuring which Meta ad campaigns lead to App Store installs and subsequent in-app conversions (free-trial start, paid subscription, lifetime purchase, onboarding completion). This helps us decide which advertising creatives are working without us learning anything about you personally.

What the Meta SDK can collect, in principle. The Meta SDK's bundled privacy manifest declares the capability to collect a Device ID (specifically Apple's IDFA, the Identifier for Advertisers), which can be linked to a user's identity and used for cross-app advertising tracking. Apple aggregates this declaration into our app's overall privacy report, so the App Store listing for PromptPaste shows a "Data Used to Track You" entry covering Device ID. We are required to declare the SDK's stated capability honestly, even though our runtime configuration prevents that capability from being exercised.

What the Meta SDK actually collects in PromptPaste. Nothing identifying. The SDK is configured in "SKAdNetwork-only" mode:

We have set FacebookAdvertiserIDCollectionEnabled = NO and FacebookAutoLogAppEventsEnabled = NO in the app's Info.plist. Both flags instruct the SDK at bootstrap not to read or transmit IDFA and not to auto-log any events.
The PromptPaste app never calls Apple's App Tracking Transparency (ATT) API to request tracking permission. As a result, your iOS device's tracking-authorization status for PromptPaste stays at not determined, and the Meta SDK's own runtime gating (which inspects ATTrackingManager.trackingAuthorizationStatus) prevents IDFA collection regardless of any other flag.
iOS 17 and later additionally block all network requests from PromptPaste to Meta's tracking domain (ep1.facebook.com), as required by Apple's Privacy Manifest framework, because we have never asked you to authorize tracking. This is enforced by the operating system, not by us.

How attribution actually works. Apple's SKAdNetwork is a privacy-preserving alternative to identifier-based tracking. When you install PromptPaste from a Meta ad, Apple's servers send Meta a postback: an aggregated, anonymous signal indicating that an install occurred and a conversion-value bucket (such as "user reached onboarding completion" or "user started a free trial"). The postback is generated by Apple and delivered server-to-server between Apple and Meta - it does not pass through your device's app or contain any device or user identifier. Postback windows are limited (zero to thirty-five days post-install) and the conversion value is intentionally low-resolution (a small number of buckets, not a unique value per user). We never see your IDFA, advertising ID, IP address, or any cross-app identifier through this channel.

What we send to the Meta SDK from the app. When you complete onboarding, start a free trial, subscribe, or make the lifetime purchase, our code calls the SDK with the corresponding event name (CompletedTutorial, StartTrial, Subscribe, or Purchase) and, for paid events, the StoreKit-reported amount and ISO currency code (such as USD, EUR). The SDK uses these events to update the SKAdNetwork conversion value on your device. We do not pass any user identifier, account name, email, prompt content, folder name, or other personal data to the SDK.

Why the App Store says we track you. Apple's App Privacy framework requires that an app's privacy declaration match the aggregated capability of its app bundle, including any third-party SDK. Because the Meta SDK declares Device ID + tracking capability in its own manifest, our App Privacy questionnaire on App Store Connect must reflect that declaration. We have answered honestly: data collected by the SDK is linked to user identity, in principle, and would be used for tracking, in principle. In practice, our configuration blocks the linking and the tracking from occurring on your device. The App Store badge reflects the SDK's capability; the runtime behavior reflects our configuration.

How to opt out. Because we never request ATT and the SDK is in SKAdNetwork-only mode, there is nothing to opt out of in the traditional sense - we are not collecting identifiers we could stop collecting. If you want to ensure that no third-party SDK in any iOS app on your device can request ATT permission, you can disable it system-wide: open Settings → Privacy & Security → Tracking and turn off Allow Apps to Request to Track. To remove the Meta SDK entirely from your device, uninstall PromptPaste; we maintain no server-side identifier tied to you that would persist after uninstall.

Notifications

If you grant notification permission, PromptPaste uses it to schedule local reminders about your free-trial status (for example, the day before it expires). These are scheduled on-device - no push servers are involved and no notification data leaves your device.

Payments

Subscriptions and the lifetime purchase are processed entirely by Apple through the App Store. PromptPaste never sees or stores your payment details. Your entitlement status is verified on-device using StoreKit 2.

Children

PromptPaste is not directed at children under 13 (or under 16 in the EEA, where applicable) and does not knowingly collect data from them.

Data controller

The data controller for any limited processing described above is Ivan Terechin, an independent developer registered as an osek murshe in Israel (the "Developer"). Our website and supporting infrastructure are operated by Toolshare.ai LLC, a Delaware limited liability company owned by the Developer. You can reach us c/o Toolshare.ai LLC, 1007 N Orange St, 4th Floor, Suite 4749, Wilmington, DE 19801, United States, or by email at support@getpromptpaste.com.

Legal basis (EEA / UK users)

We rely on the following lawful bases under the GDPR and UK GDPR:

Performance of a contract - to provide the app's core features and process your App Store subscription.
Legitimate interests - to serve shared collection links you create, to prevent abuse of our share infrastructure (rate limiting), and to measure aggregate product usage via TelemetryDeck in a privacy-preserving way. We believe these interests don't override your rights because the processing is minimal, non-identifying, and transparent.
Consent - where required, for example for notification permissions, which you grant via the operating system and can withdraw at any time in system Settings.

Your rights

Because PromptPaste is designed to not collect personal data, there's usually nothing for us to access or delete on our servers. Where applicable law (including the EU GDPR, UK GDPR, California CCPA/CPRA, and similar state laws) gives you the following rights, you can exercise them by emailing support@getpromptpaste.com:

Access - ask whether we hold any data about you and get a copy.
Deletion - ask us to delete anything we do hold (for example, an active share-link payload).
Correction - correct inaccurate data.
Portability - receive your data in a machine-readable format. For prompts, the in-app Export feature already produces a JSON file.
Objection and restriction - object to or restrict the limited processing described above.
Opt out of "sale" or "sharing" (California and other US states) - we do not sell personal information as defined under the CCPA/CPRA or similar state laws. We do share personal information for cross-context behavioral advertising (also referred to as "targeted advertising" under the Colorado CPA, Connecticut CTDPA, Virginia VCDPA, Texas TDPSA, Oregon OCPA, and similar laws) through (a) the Meta Pixel, Google Analytics 4, and Google Ads tags loaded via Google Tag Manager on our marketing pages, and (b) the Meta SDK linked into the iOS app (in SKAdNetwork-only mode, as described in the In-app advertising attribution (iOS) section), to the extent the SDK's declared capability is treated as "sharing" under applicable state law even though our runtime configuration prevents identifier-based tracking. Residents of these states can opt out using the mechanisms described in the Advertising and measurement section (for the marketing site) and by disabling app-level tracking system-wide on iOS (Settings → Privacy & Security → Tracking → Allow Apps to Request to Track → off) and uninstalling the app (for the iOS integration).
Non-discrimination - we will not deny service, charge different prices, or reduce quality because you exercised a privacy right.

If you have an active share link and want it removed, you can also revoke it directly in the app without contacting us.

Complaints

If you're in the EEA or UK, you have the right to lodge a complaint with your local supervisory authority - a list is maintained by the European Data Protection Board, and UK residents can contact the Information Commissioner's Office. California residents may contact the California Privacy Protection Agency. We'd also appreciate the chance to resolve the issue directly first - email us at support@getpromptpaste.com.

International transfers

The Developer is based in Israel. Our supporting infrastructure (website and share links) runs on Cloudflare's global edge network, which may include servers in the United States. If you use our share links feature from outside those locations, the limited data needed to serve the link (prompt content you chose to share and your anonymous owner token) may be processed across borders. Cloudflare is certified under the EU-US Data Privacy Framework and offers Standard Contractual Clauses for transfers where the Framework does not apply. Israel is recognized by the European Commission as providing an adequate level of data protection.

Changes to this policy

If we materially change how PromptPaste handles data, we'll update this page and bump the "last updated" date above.

Contact

Questions or concerns? The fastest way to reach us is by email at support@getpromptpaste.com. You can also reach us by postal mail or SMS:

Ivan Terechin
c/o Toolshare.ai LLC
1007 N Orange St, 4th Floor, Suite 4749
Wilmington, DE 19801, United States
SMS only: (667) 327-5197 (no voice calls)