Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

Account information. When you create an account, we collect your email address. We use passwordless authentication (magic links), so we never collect or store a password.

Prompts and captures. When you save, create, or edit prompts and captures through the Service, we store the text content you provide. This includes prompt titles, tags, and the body text of each prompt or capture.

Payment information. If you upgrade to a paid plan, payment is processed entirely by a third-party payment service provider. We receive confirmation of your subscription status, but we never receive, process, or store your credit card number, expiration date, or CVC.

Team information. If you create or join a team, we store the team name, member email addresses, and each member's role (admin, editor, or viewer).

Support communications. If you contact us for support, we may retain the content of that communication.

1.2 Information Collected Automatically

Prompts and captures. You can save content to Pythia in two ways: by clicking the Save button that the extension places on supported AI platforms, or by creating a prompt manually inside the extension popup. In both cases, we store only the text you explicitly choose to save. The extension does not read, collect, or transmit any other content from the pages it operates on, including your conversations, responses from AI models, or any other browsing data.

Local storage. The extension stores a local cache of your prompts in your browser's storage for offline access and performance. This data stays on your device and is not transmitted unless you are syncing with our cloud service.

Basic usage metadata. We record timestamps when prompts and captures are created, updated, or deleted. We do not use third-party analytics trackers, pixel tags, or advertising SDKs in the extension.

1.3 Information We Do Not Collect

We want to be explicit about what we do not collect:

• Browsing history or URLs you visit (beyond detecting whether you are on claude.ai or chatgpt.com to activate the Save button)
• Content of your AI conversations (we only capture the specific text you choose to save)
• Keystrokes, mouse movements, or screen recordings
• Device identifiers, advertising IDs, or fingerprinting data
• Location data
• Contacts, calendar, or any data from other extensions

2. How We Use Your Information

We use the information we collect for the following purposes:

To provide the Service. Storing, syncing, and displaying your prompts, captures, and libraries across devices. Authenticating your account via magic link. Processing subscription payments through a third-party payment service provider.

To operate team features. Sharing prompts within team libraries according to the permissions you and your team administrator have configured.

To enforce plan limits. Checking your current subscription plan to apply the appropriate usage limits.

To maintain and improve the Service. Diagnosing technical issues, monitoring service health, and developing new features.

To communicate with you. Sending transactional emails such as magic link sign-in emails, and notifying you of material changes to the Service or this policy. We do not send marketing emails unless you have explicitly opted in, and you can unsubscribe at any time.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service providers. We use third-party services to operate Pythia. Each provider receives only the minimum data necessary to perform its function.

Team members. If you are part of a team, prompts saved to a shared team library are visible to other members of that team according to their assigned role. Your email address and name are visible to other members of teams you join.

Legal requirements. We may disclose your information if required to do so by law, or if we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights or safety, prevent fraud, or respond to a government request.

Business transfers. If Pythia is acquired, merges with another entity, or undergoes a restructuring, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

4. Data Retention

Prompts. Prompts are stored for as long as your account is active. Deleted prompts are soft-deleted and then permanently removed.

Captures. Captures are automatically deleted after 30 days. You can also delete captures manually at any time, which removes them immediately.

Version history. Version snapshots of your prompts are retained for as long as the associated prompt exists. When a prompt is permanently deleted, all its version history is also permanently deleted.

Account data. Your account information is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it.

Local cache. The local cache stored in Chrome's storage is cleared when you sign out of the extension or uninstall it.

5. Data Security

We implement the following security measures to protect your data:

• All data transmitted between the extension, the website, and our servers is encrypted using TLS (HTTPS).
• Data stored in our database is encrypted at rest.
• Access to your data is controlled by row-level security (RLS) policies in our database. These policies ensure that database queries can only return data belonging to the authenticated user (or their team, where applicable).
• Authentication uses magic links; there are no passwords to be compromised, leaked, or guessed.
• Payment information is handled entirely by a third-party payment service provider and never passes through our servers.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access. You can request a copy of the personal data we hold about you.

Correction. You can update your account information and edit your prompts and captures at any time through the extension.

Deletion. You can delete individual prompts, captures, and your entire account. Account deletion removes all associated data within 30 days.

Data portability. You can request a copy of your prompts and account data in a structured, machine-readable format.

Restriction and objection. You can request that we restrict or stop processing your personal data in certain circumstances.

Withdraw consent. Where we process data based on your consent (such as the AI suggestion feature), you can withdraw consent at any time by disabling the feature in the extension settings.

To exercise any of these rights, contact us at privacy@pythialibrary.com. We will respond within 30 days.

7. European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

Legal basis for processing. We process your personal data on the following legal bases:

• Performance of a contract: To provide you with the Service you have signed up for, including storing your prompts, syncing across devices, and processing payments.
• Legitimate interest: To maintain and improve the Service, ensure security, and prevent abuse.

Data transfers. Your data may be transferred to and processed in countries outside the EEA. These transfers are protected by Standard Contractual Clauses or equivalent safeguards provided by our service providers.

Supervisory authority. You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.

8. Age Requirement

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete that data promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@pythialibrary.com.

9. Extension Permissions

The Pythia extension requests the following browser permissions, each used solely for the purposes described:

• storage: To cache your prompts locally for offline access and to store your authentication session.
• activeTab: To read the text you select on claude.ai or chatgpt.com when you click the Save button. This permission does not grant access to any other tabs or websites.
• scripting: To inject the Save button and toast notification elements into claude.ai and chatgpt.com pages.

The extension also requests host permissions for our database provider to sync your data and for supported AI platforms to inject the Save button. The extension does not access any other websites.

10. Cookies and Tracking

The Pythia extension does not use cookies. Session management in the extension uses Chrome's storage API.

The pythialibrary.com website may use essential cookies for session management during the magic link authentication callback. We do not use advertising cookies, tracking pixels, or third-party analytics cookies on our website.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (using the address associated with your account) or through a notice in the extension at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

The date at the top of this policy indicates when it was last updated. Previous versions are available upon request.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Email: privacy@pythialibrary.com Website: pythialibrary.com

If you are in the EEA and have concerns about our data processing practices, you also have the right to contact your local data protection authority.