Privacy Infrastructure

Account Infrastructure:

When you initialize an account, we collect your verified email address, encrypted authentication hashes, and subscription tier preferences. Billing data is managed exclusively via Stripe's secure infrastructure.

Operating Telemetry:

To ensure service reliability, we collect:

• Optimization request frequency and pattern metadata

• API endpoint consumption and resource quotas

• System performance metrics and error diagnostic logs

• Dashboard interaction analytics for UI/UX optimization

Intellectual Property:

Your original prompts and optimized results are stored in our secure relational database. This includes sophistication metrics, confidence scores, and historical timestamps for your audit compliance.

Optimization Services:

We process your input data solely to execute requested optimizations. Results are private to your organization and are never used for base model training or shared across tenants.

Account Governance:

Your account data is used for subscription fulfillment, technical support requests, and mandatory security notifications relating to your infrastructure access.

Secure Analytics:

We may analyze aggregate, anonymized patterns to refine our deterministic rules engine. Individual proprietary prompts are never analyzed by human staff without an explicit support ticket authorization.

Cloud Execution Node:

Our primary processing nodes are hosted on high-security compute clusters. Prompts are processed in isolated memory environments and results are committed to your private tenant database with industry-standard encryption.

Local MCP Integration:

The standard NPM package (mcp-prompt-optimizer) operates as a secure bridge:

• No optimization logic is executed on the local hardware for Cloud Edition

• Local storage is restricted to session authentication tokens

• All high-sensitivity prompt data is tunneled directly to the Cloud Execution Node via TLS 1.3

• No proprietary data remains in local cache post-request completion.

Encryption Standard:

All data in transit is protected by TLS 1.3. Data at rest is encrypted using industry-standard encryption protocols.

Access Management:

We enforce strict Role-Based Access Control (RBAC). Staff access to production databases is technically restricted and audited, requiring hardware-based multi-factor authentication for any emergency maintenance.

Threat Mitigation:

Our infrastructure includes real-time intrusion detection, automated vulnerability scanning, and isolated VPC architecture for database security.

Right to Export:

You maintain full sovereignty over your data. All historical optimizations and templates can be exported in standardized JSON or CSV formats at any time.

Right to Erasure:

You may initiate a 'Permanent Deletion' request. Upon execution, all proprietary prompts, optimization history, and account metadata are cryptographically erased from primary storage.

Transparency:

You have the right to request a comprehensive report of all information stored in your environment. We maintain high transparency regarding where and how your data is processed.