Skip to main content
← Back

Privacy Policy

Last updated 9 May 2026

Prompt Refinery is a learning tool. It helps you refine the prompts you write for large language models. It is not built for, and is not configured for, the higher-assurance data handling that real client work would require.

This policy explains what personal data we collect when you use the service, how we use it, and the choices and rights you have over it. We have tried to write it in plain language. Where a term is technical, we explain it.

If you have any privacy question, or want to access, correct, delete, or export your data, write to us at privacy@davidkemp.ai. We respond within 30 days.

Who is responsible

Prompt Refinery (referred to here as “we,” “us,” or “the service”) is the data controller for the personal data described below.

What we collect, and why

We collect only what we need to run the service.

Your email address (identifier)Identifies your account and lets us send the magic-link sign-in email.
Profile fields you write — role, expertise, style preferences (professional information)Tailors each refinement to your professional context and writing voice.
Drafts you submit and the refined outputs we produce (internet or other electronic network activity information)The product of using the service. We store these so you can review your history.
Optional context you add to a refinement (internet or other electronic network activity information)Same as above.
Custom domain definitions you create (internet or other electronic network activity information)Saved profiles of domain context that you can reuse.
Profile snapshots, taken automatically at each refinement (professional information)Keeps your history coherent if you later edit your profile.
One strictly necessary authentication session cookie (internet or other electronic network activity information)Keeps you signed in. The service does not work without it.
Browser local storage entries (current draft, UI preferences, dismissed tips)Saves your work-in-progress so you do not lose it on refresh. This data stays on your device; we never receive it.

The parenthetical labels above map each item to the personal information categories used by the California Consumer Privacy Act.

We collect this data from two sources: directly from you (when you sign in, fill out your profile, or submit a draft) and automatically from your device (your session cookie and standard server request logs).

We do not collect location data beyond what standard request logs include for security and rate-limiting purposes. Those logs are purged within 30 days.

We do not collect sensitive personal information as defined by the CPRA in the ordinary course of using the service. Drafts you submit could contain sensitive personal information if you choose to paste it; we ask you not to (see “What this tool is for, and what not to paste” below).

Why we are allowed to process this data

Under the GDPR and similar laws, we rely on three legal bases:

  • Contract for everything we need to deliver the service you signed up for: authenticating you, refining your prompts, and keeping your history.
  • Legitimate interest for security, abuse prevention, and basic service reliability. We weigh this against your rights and apply data minimization.
  • Consent for any processing that requires it. We do not currently run any consent-based processing because we do not operate analytics, advertising, or third-party tracking.

Who else handles your data (sub-processors)

To deliver the service we share specific data with the following processors. Each one has a Data Processing Agreement with us that incorporates the EU Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable.

Sub-processorWhat they receiveTheir locationHow long they retain it
Anthropic, PBCYour draft, the system prompt, your profile context, and any optional context you add — on every refinement.United StatesUp to 30 days for trust-and-safety review, per Anthropic's standard data handling policy. Anthropic does not train models on customer API data. We have not enabled Zero Data Retention because this service is designed for learning, not for confidential workloads.
Resend, Inc.Recipient email addresses and magic-link sign-in URLs.United StatesPer Resend's email delivery policy.
Our database hostAccount record, profiles, custom domains, and history — everything we store.United StatesFor the duration of the service relationship.

We add or change sub-processors only when necessary. If we add one, we update this list before the change takes effect.

In the preceding 12 months, we have disclosed the following categories of personal information for business purposes: identifiers (email addresses sent to Resend for sign-in delivery) and user-generated content (drafts and profile context sent to Anthropic for refinement). We have not sold or shared any personal information, as those terms are defined by the California Consumer Privacy Act.

What we do not do

We have not sold or shared any personal information in the preceding 12 months, and we have no plans to do so.

  • We do not sell your personal data. We do not “share” it for cross-context behavioral advertising as defined by California law.
  • We do not use your prompts, refined outputs, or any other content to train machine learning models — ours or any third party’s.
  • We do not run analytics tools, advertising pixels, or cross-site tracking.
  • We do not place advertising cookies.
  • The sample refinement on the public landing page is a hand-written fixture, not real user content. No customer profile, draft, or output is ever surfaced to other visitors.

What this tool is for, and what not to paste

Prompt Refinery is built for educational use. The expected workload is teaching materials, exam questions, research-prompt drafting, assignment design, training scenarios, and the kinds of writing law students and educators do. It is not a secure platform for real client matters.

The drafts you submit travel to Anthropic for processing. Anthropic retains them for up to 30 days under its standard data handling policy. We treat every submission as user-generated content, and we cannot retroactively recall data that has already been transmitted.

For these reasons, do not paste:

  • Information subject to attorney-client privilege or any other duty of confidentiality you owe.
  • Identifiable medical, financial, or biometric information about real people.
  • API keys, passwords, access tokens, or other credentials.
  • Anything subject to a non-disclosure agreement whose terms do not allow you to share it with cloud-hosted AI services.

If you are unsure whether a piece of information is appropriate to submit, treat it as sensitive and do not. When you need to work through a real fact pattern, change the names and identifying details first.

How long we keep your data

DataRetention
Refinement history — free tier30 days from creation, then automatically deleted.
Refinement history — paid tier365 days from creation by default, then automatically deleted.
Account record (email, profile, custom domains)Until you delete your account.
Authentication session recordsUntil you sign out, the session expires, or 30 days, whichever comes first.
Sign-in email logs (Resend)Per Resend's standard policy.
API request logs (Anthropic)Up to 30 days, per Anthropic's standard policy.

You can delete your entire account at any time using the Delete account control inside the Profile drawer. Deletion cascades through every record we hold for you.

Your rights

Depending on where you live, you may have rights under the GDPR, the UK GDPR, the California Consumer Privacy Act as amended by the CPRA, the Swiss revised Federal Act on Data Protection, the Brazilian LGPD, or similar laws. These typically include:

  • Access and right to know. Use Download my data in the Profile drawer to get a machine-readable JSON copy of every category and specific piece of personal information we hold about you.
  • Rectification (correction). Edit your profile fields directly. For corrections to other data, write to us.
  • Erasure (right to be forgotten / deletion). Use Delete account in the Profile drawer, or write to us. On a verified deletion request, we delete your data from our records and direct our sub-processors to do the same.
  • Portability. The download is JSON, structured to be importable into another service.
  • Restriction or objection. Write to us to restrict or object to specific processing.
  • Opt out of sale or sharing. We do not sell or share personal information, so there is nothing to opt out of. If that ever changes, we will provide a mechanism before any sale or sharing begins.
  • Limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond delivering the service. If you believe we hold inaccurate sensitive data, write to us.
  • Withdraw consent. Withdraw any consent you have previously given. We do not currently rely on consent for any processing.
  • Non-discrimination. We will not deny you service, charge you a different price, or provide a different level of quality because you exercised any of these rights.
  • Lodge a complaint with your supervisory authority. EU residents can contact their national data protection authority; UK residents can contact the ICO; California residents can contact the California Privacy Protection Agency.

How to submit a request. Write to us at privacy@davidkemp.ai. You may also use the self-service controls in the Profile drawer (Download my data, Delete account). An authorized agent may submit a request on your behalf if they provide written proof of authorization; we may still ask you to verify your identity directly.

Verification. Before fulfilling an access, correction, or deletion request, we verify your identity by confirming the email address associated with your account.

Response timing. We respond to verified rights requests within 30 days where feasible. For requests made under the California Consumer Privacy Act, we respond within 45 days and may extend once by an additional 45 days with notice, as the statute permits. We do not charge a fee.

Cookies and local storage

We use exactly one cookie: a strictly necessary authentication session cookie. It expires when you sign out or after 30 days. We use no other cookies.

We use browser local storage to:

  • Auto-save the draft you are currently editing, so you do not lose work on refresh.
  • Remember your most recent domain selection.
  • Remember whether you have dismissed each one-time tip we show.

Local storage stays on your device; we never read it from our servers. When you sign out or delete your account, we wipe these entries from the browser.

Security

We use TLS for all data in transit. Authentication is passwordless, so there are no passwords for us to store or for an attacker to phish. Database access is restricted to the application service. We log relevant security events.

No system is impenetrable. If we discover a personal-data breach affecting your account, we will notify you and the relevant supervisory authority within 72 hours of discovery, as GDPR Article 33 requires.

International transfers

We process data in the United States via our sub-processors. For users in the European Economic Area, the United Kingdom, or Switzerland, transfers to the US rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms as applicable. Copies of the relevant clauses are available on request.

Children

The service is not designed for children. We do not knowingly collect personal data from anyone under 16. If you believe a child has used the service, write to us and we will delete the relevant account.

Changes to this policy

We review this policy at least once every 12 months. If we update it in a way that meaningfully changes how we treat your data, we will update the “Last updated” date at the top of this page and notify active users by email at least 30 days before the change takes effect, where practicable. Smaller editorial changes may be made without notice.