Metaprompt

Privacy Policy

Last updated: November 16, 2025

Introduction

Ponder ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Chrome extension and website.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (for authentication and account management)
  • Account tier (Free or Pro)
  • Usage statistics (number of prompts graded per day)

Usage Data

We collect minimal usage data:

  • Daily prompt count (for rate limiting purposes only)
  • Authentication tokens (stored locally in your browser)
  • API request logs (for debugging and service improvement)

What We Don't Collect

We are committed to privacy:

  • We do NOT store your prompts - All prompts are analyzed in real-time and immediately discarded after grading
  • We do NOT track your browsing history
  • We do NOT collect personal identifiable information beyond your email
  • We do NOT sell or share your data with third parties

How We Use Your Information

We use the collected information to:

  • Provide and maintain our service
  • Authenticate your account and manage subscriptions
  • Enforce usage limits (10 prompts/day for free tier, unlimited for Pro)
  • Improve our AI grading algorithm
  • Send service-related notifications (account updates, usage alerts)
  • Provide customer support

Data Storage and Security

We use industry-standard security measures to protect your data:

  • All data is encrypted in transit using HTTPS/TLS
  • Authentication tokens are stored securely using browser storage
  • Database access is restricted and monitored
  • We use Supabase for secure database hosting

Chrome Extension Permissions

Our extension requires the following permissions:

  • Storage: To securely store your authentication token locally
  • Host permissions (chat.openai.com, chatgpt.com): To inject the grading interface into ChatGPT
  • Host permissions (ponder.chat): To communicate with our authentication and API services

We do NOT access, read, or store your ChatGPT conversations. We only analyze prompts you explicitly choose to grade by clicking the plug icon.

Cookies and Tracking

We use essential cookies for authentication and session management.

Analytics

We use PostHog for product analytics to understand how users interact with our extension and improve the service. We have configured PostHog with strict privacy protections:

  • No session recording: We do NOT record your screen or keystrokes
  • No autocapture: We only track specific events we explicitly define
  • Input masking: All text inputs are automatically masked and never captured
  • No prompt content: Your actual prompts are NEVER sent to analytics - only metadata like prompt length
  • Anonymous by default: Analytics are tied to your account email (if signed in) but no other personal data is collected

We track events such as: button clicks, successful gradings, errors, feature usage, and upgrade clicks. This helps us understand which features are valuable and where users encounter issues.

You can block PostHog by using browser privacy extensions - our extension will continue to work normally.

Third-Party Services

We use the following third-party services:

  • Supabase: For authentication and database hosting
  • Stripe: For payment processing (Pro subscriptions)
  • OpenRouter (Gemini API): For AI-powered prompt analysis (prompts are not retained)
  • PostHog: For privacy-focused product analytics (session recording and autocapture disabled, all inputs masked)

These services have their own privacy policies and we encourage you to review them.

Data Retention

  • Account information: Retained until you delete your account
  • Usage statistics: Retained for 90 days
  • Prompts: Never stored - analyzed in real-time and immediately discarded

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of your data
  • Request deletion of your account
  • Opt-out of marketing communications
  • Export your data

To exercise these rights, contact us at privacy@metaprompt.pro

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us:

GDPR Compliance

For users in the European Economic Area (EEA), we comply with GDPR requirements:

  • Legal basis for processing: Consent and legitimate interest
  • Data controller: Ponder
  • Right to lodge a complaint with supervisory authority

California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to delete personal information. Contact privacy@metaprompt.pro to exercise these rights.