AI Prompt Dock Install

Security

Privacy and security are a marketing wedge for us, not bolt-on compliance. The architecture is simple because we deliberately chose not to build the parts that would require trusting us.

1. We don't run servers

There is no AI Prompt Dock backend. No account system, no sync infrastructure, no database on our side. Your folders, chat index, and prompt library live in IndexedDB inside your own browser. Uninstall the extension and the data goes with it.

Practical implication: there's no breach we could suffer that would expose your AI usage, because we don't have your AI usage.

2. Minimum permissions

  • The extension only requests host access for chatgpt.com, chat.openai.com, and claude.ai.
  • No <all_urls>. No tabs permission. No identity.
  • The chat lists are fetched from each provider's own API in your browser, using your existing session cookie. We never see your session token.

3. Pro is enforced locally

Pro entitlement is gated by a Lemon Squeezy license key. The extension contacts Lemon Squeezy directly (not us) to activate and weekly revalidate the key. Lemon Squeezy sees only the license key string and an instance identifier — never your folders, prompts, or chats.

If you go offline, Pro keeps working: revalidation failures don't downgrade you. If Lemon Squeezy ever says the key is invalid (refund, revocation), a 7-day grace period gives you time to renew before features lock.

What we don't do

  • We don't sell or share data. There's no data on our side to sell.
  • We don't store the content of your AI chats. Even locally, we index titles and IDs only — the chat content stays with the AI provider.
  • We don't use third-party analytics inside the extension. The marketing site uses cookieless aggregate analytics — see Privacy.
  • We don't track which prompts you use or how often. useCount stays in your local IndexedDB.

For the full legal text, see Privacy. Found a vulnerability? Email hello@ai-prompt-dock.com — we respond within 48 hours.