Legal
Privacy Policy
Last updated: June 7, 2026
Single purpose
The HonePrompt Chrome extension has one purpose: when you click Hone It on a supported AI site, it sends the prompt text you typed to our servers and returns an optimized version for that model. It does not modify pages for any other reason.
Information we collect
We collect only what we need to run the service:
- Prompts you submit: When you click “Hone It”, the text in the active input field is sent to our servers to generate an optimized prompt. Prompts are processed for that request and are not stored as a permanent log after the response is returned.
- Email address: If you create a Pro account or subscribe, we store your email to authenticate you and manage your plan.
- Password (hashed): Pro accounts use email + password sign-in. Passwords are hashed with PBKDF2 before storage. We never store plain-text passwords.
- Session data: A login token is stored in your browser (localStorage on the website, Chrome sync storage in the extension) so you stay signed in.
- Plan tier: After sign-in, we store whether your account is Pro, Starter, Team, or Business so the extension can enforce plan features.
- Model preference: Your last selected AI model is stored locally in Chrome storage for convenience.
- IP address: Used on our servers for anonymous demo limits (one hone per month per IP on the website) and general abuse prevention. Rate-limit counters in Redis expire automatically.
- Payment information: Handled entirely by Stripe at checkout. We do not store card numbers.
- Extension health signals: If the extension cannot find a text input on a supported site, it may send the site hostname (e.g.
claude.ai) to our servers — not page content — so we can fix compatibility.
We do not collect: browsing history, full page content, keystrokes before you click Hone It, cookies from third-party sites, or data for advertising profiles.
Chrome extension — permissions
The extension requests these permissions:
- storage — Saves your session token, email, plan tier, and last selected model locally via Chrome sync storage. Required to keep you signed in.
- host_permissions: honeprompt.com — Sends API requests to our servers when you hone or sign in.
- content_scripts on AI sites (ChatGPT, Claude, Gemini, Midjourney, etc.) — Injects the Hone It button near the prompt input. Reads prompt text only when you click the button. Does not run in the background on those pages.
Pro subscription required: The Chrome extension requires an active HonePrompt Pro subscription ($4.99/mo). Free-tier hones on honeprompt.com do not include extension access. You must subscribe, create a Pro account, and sign in through the extension popup.
How we use your information
- To generate and return optimized prompts (core service)
- To authenticate Pro accounts and enforce plan limits
- To process subscriptions through Stripe
- To respond to support requests
- To improve extension compatibility with supported AI sites
We do not use your information for advertising, sell it to third parties, or use it for purposes unrelated to prompt optimization.
How we share your information
We share data only with service providers that help us operate HonePrompt:
- Anthropic — receives the prompt text you submit so Claude can produce optimized output. Anthropic processes prompts under their API terms.
- Stripe — receives payment and billing information when you subscribe. We receive subscription status, not full card numbers.
- Upstash (Redis) — stores session tokens, rate-limit counters, and subscription flags in encrypted cloud storage.
- Cloudflare — hosts honeprompt.com and our API. May process IP addresses and request metadata for delivery and security.
- Resend — sends transactional email (verification codes, account messages) to your email address.
- Google Chrome sync storage — if you are signed into Chrome, extension session data may sync across your Chrome profile per Google’s sync settings.
We do not sell personal information. We may disclose data if required by law or to protect our rights and users.
Data storage and security
- Where data is stored: Server data is stored in the United States via Cloudflare and Upstash. Extension session data is stored locally in your browser.
- Security: Passwords are hashed (PBKDF2, 100,000 iterations). API traffic uses HTTPS. Session tokens are random 64-character hex strings with 30-day expiry.
- Prompts: Processed per request; not kept as a long-term archive.
- Usage counters: Stored in Upstash Redis with time-based expiry.
- Account email: Kept while your account or subscription is active; you may request deletion.
- Stripe: Retention follows Stripe’s policies.
Cookies and tracking
We use essential browser storage (localStorage on the site, Chrome storage in the extension) for login and usage limits. honeprompt.com also uses the Meta (Facebook) Pixel for advertising measurement on the website only — not inside the Chrome extension. We do not sell your data to advertisers.
Your rights and choices
You may:
- Request deletion of your account and associated data
- Cancel a subscription through Stripe or your account page
- Sign out of the extension (clears local session data)
- Uninstall the extension (removes locally stored session data)
- Ask what data we hold about you
Contact privacy@honeprompt.com or support@honeprompt.com. We respond within 30 days.
Children
HonePrompt is not directed at children under 13. We do not knowingly collect personal information from children.
Changes
We may update this policy. The “Last updated” date at the top will change when we do. Continued use after changes means you accept the updated policy.