Privacy Policy

How we protect your data and privacy

Last updated: February 13, 2026

1. Introduction

ScrubPrompt ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API services for PII redaction and restoration. By using ScrubPrompt, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Personal Information

  • Account information (email, name) from Clerk authentication
  • Company/organization name (optional)
  • Billing information for paid plans

Technical Data

  • API keys and authentication tokens
  • Usage data (API call counts, timestamps, response times)
  • IP address and browser information
  • Device and platform information

Important: Data You Process

When you use our API, you may submit text containing Personally Identifiable Information (PII). We do not store the original text you submit. We only store encrypted placeholder mappings that allow for data restoration. The original text is processed in memory and never persisted to disk.

3. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services. Specifically:

Service Provision

Provide and maintain our API services

Authentication

Authenticate API requests and manage your account

Payments

Process payments through Creem.io

Communications

Communicate about service updates and support

Security

Detect and prevent fraud and abuse

Legal Compliance

Comply with legal obligations

4. Data Storage and Security

Zero-Knowledge Architecture

Our core principle is that we never see or store your original data. Here's how it works:

  1. 01You submit text containing PII to our API
  2. 02We identify and replace PII with unique placeholders (e.g., [[SP_P_abc123]])
  3. 03We store only the encrypted mapping between placeholders and original values
  4. 04The original text is discarded from memory immediately after processing
  5. 05When you call restore, we swap placeholders back to original values

Security Measures

  • All data transmitted over TLS 1.2+ encryption
  • Placeholder mappings encrypted at rest using AES-256
  • Redis with persistence for mapping storage (AWS US-East)
  • Regular security audits and vulnerability scanning
  • Multi-factor authentication for admin access

5. Data Retention

We retain encrypted placeholder mappings until you explicitly delete them through your account or API. You can delete your data at any time by:

  • Deleting individual mappings via API
  • Requesting complete data deletion through support
  • Cancelling your account (all data is automatically deleted)

Usage data for billing and analytics purposes is retained for a minimum of 12 months. Financial records are retained for 7 years as required by law.

6. Third-Party Services

We work with third-party service providers to operate our service:

Clerk

Authentication & user management

Creem.io

Payment processing

AWS

Infrastructure (US-East)

These providers have their own privacy policies and are SOC 2 Type II compliant. We ensure that any third party we work with meets our privacy and security standards.

7. Your Rights

Under GDPR, CCPA, and other privacy regulations, you have the following rights:

Right to Access

Request a copy of your personal data

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your personal data

Right to Portability

Export your data in a machine-readable format

Right to Object

Object to processing of your data

Right to Withdraw Consent

Withdraw consent at any time

To exercise these rights, contact us at support@scrubprompt.com. We will respond within 30 days.

8. Compliance

ScrubPrompt is designed to help you comply with data protection regulations:

GDPR

General Data Protection Regulation (EU)

CCPA

California Consumer Privacy Act

PCI-DSS

Payment Card Industry Standard

By using our service to redact PII before sending to LLMs, you maintain control over sensitive data throughout your AI workflow. We provide the tools you need to comply, but ultimate compliance responsibility lies with you.

9. Contact Us

If you have any questions about this Privacy Policy or want to exercise your rights, please contact us: