Privacy Policy
Effective Date: June 9, 2026
PromptCacheAI ("we," "our," or "us") provides an API-based prompt and response caching service designed to help developers reduce duplicate large language model (LLM) calls and improve application performance. This Privacy Policy explains how we collect, use, and protect information when you use PromptCacheAI.
Data Controller
For cached prompt content submitted by customers, PromptCacheAI generally acts as a data processor, while the customer remains the controller of any end-user data included in prompts. If you have questions, you may contact us at support@prompt-cache.ai.
Information We Collect
- Account Information: Email address and basic profile details you provide when creating an account.
- Billing Information: Subscription and payment status are handled through Stripe. We do not store your full payment card details.
- Cached Prompt Data: Prompts and responses submitted to the Service are stored encrypted at rest. We additionally use deterministic hashes (such as
prompt_hash) to identify cached entries without storing plaintext prompts in searchable form. - Semantic Processing Data: Some features of the Service may send Customer Content, including prompts, cached prompts, cached responses, and related metadata, to third-party AI service providers to generate embeddings, compare semantic similarity, validate cached response reuse, support safety or abuse prevention, and operate the Service. Those providers process data under their own terms, privacy policies, retention practices, and security practices.
- Usage Metadata: Request counts, cache hit rates, cache evaluation records, semantic similarity scores, validator outcomes, prompt variant relationships and review status, namespaces, timestamps, and model/provider identifiers used for analytics, plan enforcement, dashboard features, cache review, and service reliability.
How We Use Data
- Provide caching, retrieval, and similarity-matching features.
- Generate embeddings, compare semantic similarity, and validate whether a cached response may be appropriate for reuse.
- Enforce subscription plan limits and rate limits.
- Maintain service reliability, analytics, and abuse prevention.
- Provide dashboard features such as cache hit metrics, cache evaluation summaries, prompt variant review, and aggregated usage reporting.
- Respond to support inquiries and account-related requests.
- We may retain limited server logs for security and abuse prevention.
- We do not sell or rent your personal information.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following lawful bases:
- • Contract necessity: To provide the Service you request.
- • Legitimate interests: To secure, improve, and operate our platform responsibly.
- • Legal obligations: To comply with applicable laws and billing requirements.
Data Security
PromptCacheAI stores cached prompts and responses encrypted at rest, but are decrypted temporarily when returned through the API in order to provide service functionality. API keys are hashed, and namespaces are isolated per user to support multi-tenant safety. While we take strong measures to protect data, no system can be guaranteed 100% secure.
User Responsibilities and Sensitive Data
You should avoid submitting sensitive personal data (such as medical, financial, or government identifiers) unless necessary. You are responsible for ensuring your application complies with applicable privacy laws when caching user-generated content. Because certain Service features may send Customer Content to third-party AI service providers, you should not submit regulated, sensitive, or confidential data unless you have determined that the Service is appropriate for your use case.
Third-Party Service Providers
We rely on trusted third-party providers to operate the Service, such as:
- • Stripe (billing and subscription management)
- • Cloud hosting and database infrastructure providers
- • Third-party AI service providers used for embeddings, semantic matching, cache validation, safety, abuse prevention, and related operational features
These providers process data as necessary to deliver their services to us and may process data under their own terms, privacy policies, retention practices, and security practices.
International Data Transfers
If you access the Service from outside the United States, your data may be processed or stored in the United States or other jurisdictions where our infrastructure providers operate. We take steps to ensure appropriate safeguards are in place where required.
Data Retention
We retain information only for as long as reasonably necessary to provide and operate the Service, comply with legal obligations, resolve disputes, enforce our agreements, and protect PromptCacheAI and our users.
- • Cached content and cache controls: Cached entries, cached responses, embeddings, and prompt variant relationships or review decisions are retained in accordance with your namespace TTL, cache configuration, account settings, and product controls. TTL controls cache freshness and reuse eligibility. Cached entries may remain stored for a limited period after expiration before they are evicted, overwritten, or deleted from active systems.
- • Account data: We retain account-related data for as long as your account remains active, and thereafter as needed for legitimate business purposes and legal compliance.
- • Detailed request and cache evaluation records: Detailed request logs and cache evaluation records are generally retained for up to 90 days for dashboard visibility, debugging, reliability, plan enforcement, cache review, and abuse prevention, unless a longer period is reasonably necessary for security, compliance, dispute resolution, or legal obligations.
- • Aggregated metrics: We may retain aggregated and/or de-identified metrics, such as daily request totals, cache hit rates, validator call counts, latency, and estimated savings, for longer periods for analytics, service improvement, billing analysis, and business operations.
- • Security records: We may retain limited security/audit records (for example, anti-abuse signals and operational diagnostics) for a period of time to maintain reliability, prevent fraud, and investigate abuse.
- • Backups: Copies of certain data may persist in encrypted backups and disaster-recovery systems for a limited period and will be deleted or overwritten according to our backup rotation schedules, unless retention is required by law or for security.
We may also retain and use aggregated and/or de-identified information (that does not reasonably identify you) for analytics, service improvement, and business operations.
Account Deletion
You may request deletion of your PromptCacheAI account from your Settings dashboard (if available) or by contacting support@prompt-cache.ai. Account deletion is intended to be permanent.
When you delete your account, we will initiate deletion of your account information and associated Service data, which may include:
- • Cached prompts and responses associated with your account
- • Prompt variant relationships and cache review metadata
- • Namespaces, API keys, and configuration data
- • Certain request logs, cache evaluation records, and metrics associated with your account
- • Your authentication identity with our identity provider (e.g., Supabase), where applicable
Important: Deletion may not be immediate in all cases. Some information may be retained where reasonably necessary for security, fraud prevention, system integrity, backup rotation, compliance with legal obligations (including tax/accounting), or to exercise or defend legal claims.
Subscription cancellation through Stripe stops future billing and may limit access to paid features, but does not automatically delete stored data unless you complete full account deletion.
European Union (GDPR) Privacy Rights
If you are located in the EEA, UK, or Switzerland, you may have rights under GDPR, including:
- • The right to access the personal data we hold about you
- • The right to request correction of inaccurate data
- • The right to request deletion of your personal data
- • The right to object to or restrict processing
- • The right to data portability in certain circumstances
- • The right to withdraw consent where applicable
Children’s Privacy
PromptCacheAI is not intended for use by children under the age of 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children.
Updates to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.
Contact Us
For privacy-related questions or requests, please contact support@prompt-cache.ai.