Privacy Policy

This Privacy Policy describes how Alchemist ("we", "our", "us") collects, uses, and shares information about you when you use our Chrome extension and website at try-alchemist.com. Alchemist is a prompt enhancement tool that helps you write better prompts for AI platforms including ChatGPT, Claude, Gemini, Perplexity, DeepSeek, and Grok.

By installing the extension or creating an account, you acknowledge this policy. If you do not agree with these practices, do not use the service.

We collect the following categories of personal data:

Account information — email address, user ID, password hash (if using email signup; plaintext passwords are never stored), or Google profile information (name, email, profile picture) when using Sign in with Google.

Prompt content — prompt text you submit through the extension is transmitted to our backend server and forwarded to an AI language model provider for processing. Prompts are processed in real time and are not retained on our servers after a response is returned. If you use the Save Prompt feature, the refined or compiled output and a brief summary are stored in our database, linked to your account.

Usage data — feature used (e.g., Quick Polish, Wizard, Coding Mode), input and output token counts per request, credits used and credit balance, and request timestamps.

Subscription and billing data — subscription plan (Free, Pro, or Power) and status, Stripe Customer ID and Stripe Subscription ID, billing period dates. Card number, CVV, and full payment details are handled exclusively by Stripe and are never transmitted to or stored on our servers.

Technical data — IP address, logged by our backend on each authenticated request for rate limiting and abuse prevention.

Locally stored data (on your device only) — authentication tokens stored in Chrome's extension storage API, your email address and user ID cached locally for session management.

Providing the service — processing your prompts through AI models, displaying your saved prompts, and managing your account.

Authentication — verifying your identity on API requests and maintaining your login session.

Billing and usage enforcement — tracking credit consumption to enforce plan limits and process subscription payments.

Transactional communications — sending signup confirmations, password reset emails, and billing receipts. We do not send marketing emails without your explicit consent.

Security and abuse prevention — rate limiting, bot detection, and disposable email filtering to protect the service.

Legal compliance — retaining records as required by applicable law.

We share personal data with third-party services only as necessary to operate Alchemist:

Supabase — receives email, password hash, user profile, and session tokens for user authentication and account management.

Stripe — receives email, subscription plan, and billing details for payment processing and subscription management.

OpenAI / Anthropic — receives prompt text for AI language model processing to refine and enhance your prompts.

Google (OAuth 2.0) — receives email, name, and profile picture when you use Sign in with Google.

hCaptcha — receives bot verification tokens and IP address for bot prevention on login and signup forms.

We do not sell, rent, or trade your personal data. We do not share data with advertising platforms, data brokers, or information resellers.

We implement the following technical and organizational measures to protect your data:

HTTPS/TLS encryption in transit for all data transmitted between the extension, our backend, and third-party services.

Password hashing using industry-standard algorithms; plaintext passwords are never stored or transmitted.

JWT authentication with short-lived tokens with automatic expiration and refresh.

Rate limiting on authentication endpoints to prevent credential stuffing and brute-force attacks.

Content Security Policy to prevent unauthorized code execution in the extension.

Account data — retained for the duration your account is active.

Saved prompts — retained until you delete them or close your account.

Usage logs — retained for up to 12 months for billing reconciliation and abuse prevention, then deleted.

IP address logs — retained for up to 90 days for security purposes, then deleted.

Account closure — upon account deletion, your personal data is removed within 30 days, except where retention is required by law. To close your account, email hello@try-alchemist.com.

Depending on your location, you may have the following rights regarding your personal data:

All users: Access, Correction, Deletion, Portability.

EEA and UK residents (GDPR / UK GDPR): Restriction of processing, Objection, Supervisory authority complaint.

California residents (CCPA / CPRA): Know, Delete, Correct, Opt out of sale or sharing, Non-discrimination.

To exercise any of these rights, email hello@try-alchemist.com. We will respond within 30 days.

Alchemist requests the following Chrome permissions:

activeTab — detects which AI platform you are on and injects the Alchemist toolbar into the active tab.

storage — stores your login session tokens and theme preference locally on your device.

identity — enables Sign in with Google via chrome.identity.launchWebAuthFlow.

The extension injects its toolbar UI on supported AI sites only. It does not read, collect, or transmit any content from these pages other than prompt text you explicitly submit through the Alchemist interface.

For clarity, we do not:

• Sell, rent, or trade your personal data to any third party.

• Use your data for personalized advertising or retargeting.

• Use your prompt content to train AI models.

• Use third-party analytics, advertising SDKs, or behavioral tracking tools.

• Collect or access your browsing history.

• Read content from any website other than the supported AI platforms.

We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and notify affected users by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

For questions, requests, or concerns about this Privacy Policy or our data practices, contact us at:

Email: hello@try-alchemist.com

Website: try-alchemist.com