Privacy Policy

Effective date: April 2026  ·  Last updated: April 2026

What we collect

Free tier

Nothing is stored on our servers. All data — your daily rewrite count, saved prompts, and preferences — lives exclusively in Chrome local storage on your device. It never leaves your machine.

Chiseled tier

  • Email address, used to create and manage your Supabase account
  • Supabase auth token, stored locally in Chrome storage on your device
  • Prompt count and saved prompts, synced to Supabase and encrypted at rest
  • Subscription status, stored in Supabase to verify your active plan

What we never collect

  • The content of your prompts is never stored on our servers
  • We never read your prompts for advertising, analytics, or model training
  • We do not collect browsing history, page content, or any data outside the AI input field

How we use your data

  • Email: to manage your Chiseled subscription, send receipts, and notify you of billing changes
  • Supabase data: to sync your prompt library across devices and verify your subscription status on each session
  • Prompt count: to enforce the free tier daily limit and reset it at midnight

We do not sell, rent, or share your personal data with any third party for their marketing purposes, ever.

Payment data

All payments are processed by Stripe. We never see, store, or transmit your card number, CVV, expiry date, or billing address. That data goes directly from your browser to Stripe's servers.

What we receive from Stripe: a subscription status (active, trialing, cancelled) and a customer ID used to manage your plan. Nothing else.

Stripe's privacy policy governs all financial data: stripe.com/privacy

Third party services

  • Supabase — authentication and database. Your email and prompt library are stored here. supabase.com/privacy
  • Stripe — payment processing. Governs all card and billing data. stripe.com/privacy
  • Anthropic — AI prompt generation for Chiseled users. Your prompt text is sent to Anthropic's API to produce the improved version. Anthropic's usage policies apply. Prompts are not stored on our servers before or after the API call. anthropic.com/legal/privacy
  • Vercel — hosting and serverless functions. vercel.com/legal/privacy-policy

Chrome extension permissions

  • storage — saves your daily rewrite count, prompt library, and preferences in Chrome local storage on your device only
  • activeTab — reads only the AI input field you are currently typing in. Chisel does not read any other content on the page
  • scripting — injects the Chip icon and your improved prompt into the AI input field. No other scripts are injected
  • Host permissions — Chisel operates only on claude.ai and chatgpt.com. No other websites are accessed

Your rights

  • You can delete your account and all associated server-side data at any time by emailing hello@usechisel.co
  • Free tier users have no server-side data to delete — everything is in your browser's local storage, which you can clear at any time via Chrome settings
  • We will respond to data deletion requests within 5 business days
  • If you are in the EU or UK, you have additional rights under GDPR and UK GDPR — including the right to access, rectify, or port your data. Contact us at the address below

Contact

Questions about this policy or your data? Email us at hello@usechisel.co and we will respond within 2 business days.