PromptGuard Privacy Policy

Effective Date: March 14, 2026 · Version 1.5.3

RiteUPAi ("we", "our", or "us") operates PromptGuard, a mobile application designed to analyze AI prompts for security risks. This Privacy Policy explains how we collect, use, and protect your information.

Our Privacy Commitment

PromptGuard is built with privacy as a core principle.

Your prompts are yours. By default, all prompt analysis happens locally on your device using on-device machine learning. We do not read, store, or transmit your prompt content to our servers unless you explicitly choose to connect a cloud AI provider or Margah Gateway and grant consent.

Information We Collect

Information You Provide

Account Information: If you subscribe to Pro features, Apple handles all payment processing. We receive only a transaction identifier and subscription status.
AI Provider Credentials: If you connect cloud AI providers (OpenAI, Anthropic), your API keys are stored securely in your device's Keychain and are never transmitted to our servers.
Feedback & Support: If you contact us for support, we may collect your email and the content of your communication.

Information Collected Automatically

Analytics Data: With your consent, we collect anonymous usage analytics through Firebase Analytics to improve the app. This includes:
- Feature usage patterns (which screens are visited)
- Analysis result types (safe/warning/blocked counts, not content)
- App performance metrics
- Crash reports (via Firebase Crashlytics)
Device Information: General device type and iOS version for compatibility purposes.
Detection Pattern Updates: The app periodically checks our server (api.riteupai.com) for updated security detection patterns. This request contains only a version identifier and does not include any prompt content, personal data, or usage information. No user data is transmitted during this process.

Information We Do NOT Collect (Default On-Device Mode)

When using PromptGuard's default on-device analysis mode:

Prompt Content: Your prompts are analyzed locally on your device using an on-device CoreML model. No prompt text is transmitted anywhere.
Analysis History Content: Your history is stored locally on your device or in your personal iCloud (if sync is enabled).
Biometric Data: Face ID/Touch ID authentication is handled entirely by iOS. We never access or store biometric data.
Personal Identifiers: We do not collect names, email addresses, or phone numbers unless you contact support.

Third-Party AI Service Data Sharing

PromptGuard optionally supports connecting to third-party AI services for additional analysis capabilities. If you choose to use this feature, your personal data — including prompt text — will be shared with a third-party AI service. This feature is entirely opt-in. Before any data is shared with a third-party AI service, the app presents an in-app disclosure that:

Identifies exactly what data will be sent,
Names who will receive it, and
Requires your explicit permission by tapping "I Understand & Agree."

No data is sent to any third-party AI service without this consent.

What Data Is Sent

When you execute a prompt through a connected cloud AI provider, the following data is transmitted directly to that provider:

Prompt text: The full text of the prompt you submit for analysis
Conversation messages: Any prior messages in the conversation context
Model preferences: Parameters such as model name, temperature, and maximum response length

Who Receives Your Data

Data is only sent to the specific AI service you choose to configure. The supported third-party AI services are:

Provider	Data Sent To	Provider Privacy Policy
OpenAI	OpenAI, L.L.C. (api.openai.com)	openai.com/privacy
Anthropic	Anthropic, PBC (api.anthropic.com)	anthropic.com/privacy
Margah Gateway	RiteUPAi (api.riteupai.com)	riteupai.com/privacy
Local servers (Ollama, LM Studio)	Your own device / local network only	No data leaves your network

Each third-party AI provider operates under its own privacy policy and terms of service. We require that any third-party provider with whom your data is shared provides the same or equal protection of your personal data as described in this Privacy Policy and as required by Apple's App Store Review Guidelines. We encourage you to review each provider's privacy policy before connecting.

When Data Is Sent

Data is only sent when you explicitly execute a prompt through a connected cloud provider.
The default on-device analysis never sends prompt data externally.
You must grant consent through an in-app disclosure screen before configuring any cloud provider.
Consent is also verified at the point of each data transmission — the app will not send data to any third-party AI service unless active consent is confirmed.
You can disconnect any provider at any time in Settings > AI Providers.

How Consent Works

Before you can add a cloud AI provider, the app presents a Data Sharing Disclosure screen that:

Explains exactly what data will be sent (prompt text, conversation messages, model preferences)
Identifies who will receive your data (the specific AI provider you are configuring)
Requires you to tap "I Understand & Agree" before proceeding
Can be revoked at any time in Settings > Privacy > Manage Data Consent

You are never required to use cloud AI services. All core prompt analysis features work entirely on-device without any cloud connection.

How We Use Information

Provide Services: Process subscriptions, sync data across your devices (via your iCloud).
Improve the App: Anonymous analytics help us understand which features are valuable and identify issues.
Customer Support: Respond to your inquiries and provide assistance.
Cloud Analysis (opt-in only): When you choose to use a cloud AI provider, transmit your prompts to that provider for analysis.

Data Storage & Security

Local Storage

Analysis history is stored locally in your app's sandboxed Documents directory.
API keys are stored in iOS Keychain with hardware encryption.
App Lock settings use iOS LocalAuthentication framework.

iCloud Sync (Optional, Pro Feature)

If enabled, your history and settings sync via your personal iCloud account.
Data is encrypted in transit and at rest by Apple.
We cannot access your iCloud data.

Third-Party Services

Service	Purpose	Data Shared
Apple StoreKit	Subscriptions	Transaction IDs only
Apple CloudKit	iCloud Sync	Your data in your iCloud
Firebase Analytics	Usage analytics	Anonymous events
Firebase Crashlytics	Crash reporting	Crash logs, device info
OpenAI (opt-in)	Cloud AI analysis	Prompt text, messages, model preferences
Anthropic (opt-in)	Cloud AI analysis	Prompt text, messages, model preferences
Margah Gateway (opt-in)	Enterprise analysis & audit logging	Prompt text

All cloud AI services require explicit user consent before any data is shared. API keys are stored in the device Keychain and are never transmitted to RiteUPAi servers.

Your Choices

Cloud AI Provider Consent

You can grant or revoke consent for cloud AI data sharing at any time in Settings > Privacy > Manage Data Consent. When you revoke consent, all cloud AI connections are immediately disconnected (including Margah Gateway), and no further data will be transmitted to any third-party AI service. Consent is also verified at the point of each data transmission — the app will not send data to any third-party AI service unless active consent is confirmed. You may re-grant consent at any time by connecting a cloud AI provider, which will re-present the Data Sharing Disclosure screen.

Analytics Opt-Out

You can disable analytics collection in Settings > Privacy > Analytics.

Data Deletion

You can delete all your data at any time:

Local Data: Settings > Account > Delete Account
iCloud Data: Also cleared when you delete your account
Analytics Data: Contact us to request deletion of any analytics data

Export Your Data

Pro users can export their analysis history as PDF or CSV from Settings > Export Data.

Data Retention

Local History: Retained based on your settings (default: 30 days)
iCloud Data: Retained until you delete it or your account
Margah Gateway Data: Prompt text sent to Margah Gateway for analysis or audit logging is retained for 90 days, then automatically deleted. You may request earlier deletion by contacting privacy@riteupai.com.
Analytics: Retained for 14 months, then automatically deleted
Crash Reports: Retained for 90 days

Children's Privacy

PromptGuard is rated 4+ and does not knowingly collect information from children under 13. The app contains no objectionable content and no social features.

International Users

Your data is processed in the United States. By using PromptGuard, you consent to this transfer. For iCloud data, Apple's data processing terms apply.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes through the app or via email if you've provided one.

Contact Us

For privacy questions or data requests:

Email: privacy@riteupai.com
Support: riteupai.com/support
Mail: RiteUPAi, 5540 Centerview Dr. Ste 204 #973474, Raleigh, NC 27606

California Privacy Rights

California residents have additional rights under CCPA:

Right to know what data we collect
Right to delete your data
Right to opt-out of data sales (we do not sell data)
Right to non-discrimination

App Privacy Label Summary

Data Type	Collected	Linked to You	Used for Tracking
Purchases	Yes	No	No
Crash Data	Yes	No	No
Performance Data	Yes	No	No
Product Interaction	Yes	No	No
User Content	Yes (opt-in only)	No	No
Identifiers	No	—	—
Location	No	—	—
Contact Info	No	—	—

PromptGuard is developed by RiteUPAi, the makers of Margah Gateway.
Last updated: March 14, 2026