Skip to main content

Privacy Policy for PromptMetrics

Last updated: May 9, 2026

1. Introduction

PromptMetrics is an open-source prompt registry and LLM observability platform. We are committed to protecting your privacy and being transparent about how we handle data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. What Data We Collect

Prompt traces and metadata

When you use PromptMetrics to log prompts, we store the prompt text, model configuration, and response metadata you choose to send. You control what data is sent to our API.

Telemetry data

We collect basic usage metrics (request counts, latency, error rates) to help you monitor your LLM applications. This data is tied to your account but not to individual end-users of your application.

Account information

If you create an account on promptmetrics.dev, we store your email address and authentication credentials. We do not collect names, phone numbers, or billing information unless explicitly required for a specific feature.

Self-hosted instances

For self-hosted deployments, all data remains on your infrastructure. We do not have access to it, nor do we collect telemetry from self-hosted instances unless you explicitly configure it. 3. How We Use Your Data

  • To provide the prompt registry, versioning, and observability services

  • To generate performance analytics and dashboards visible to you

  • To improve our open-source software (using anonymized aggregate data only)

  • To send essential service notifications (security alerts, feature updates)

  • We do not sell your data or use it for advertising

4. Data Storage & Security

SaaS (promptmetrics.dev)

Data is stored in an EU-based infrastructure with encryption at rest and in transit. We use industry-standard security practices, including TLS 1.3, strict access controls, and regular security audits.

Self-hosted

You control all data storage, retention, and security policies. PromptMetrics does not access your self-hosted instance.

Security measures

  • All API traffic is encrypted via HTTPS/TLS

  • Database connections use encrypted tunnels

  • Access to production systems is restricted to authorized personnel only

  • We conduct regular vulnerability assessments

5. Data Retention

  • SaaS prompt traces: Retained for the duration of your subscription plus 30 days after account deletion

  • Telemetry metrics: Aggregated and anonymized after 90 days; raw logs deleted

  • Account data: Deleted within 30 days of account deletion request

  • Self-hosted data: Governed entirely by your retention policies

6. Cookies & Analytics

Essential cookies

We use essential cookies for authentication, session management, and CSRF protection. These cannot be disabled without breaking core functionality.

Analytics

We use privacy-respecting analytics (Plausible or similar) that do not track individual users across sites, do not use cookies for tracking, and do not share data with third-party advertisers. You can disable analytics in your browser or via our cookie consent banner.

Third-party cookies

We do not use third-party advertising or tracking cookies.

7. Third-Party Services

We use the following infrastructure providers to host our SaaS offering:

Service

Purpose

Data Shared

Vercel

Frontend hosting

None (static assets only)

Google Cloud Platform

Backend API & database

Encrypted prompt traces and telemetry

MongoDB Atlas

Database hosting

Encrypted application data

We do not share your prompt content or telemetry with AI model providers or data brokers.

8. Your Rights

Access

You can export all data associated with your account at any time from the dashboard.

Deletion

You can delete your account and all associated data at any time from your profile settings. Deletion requests are

processed within 30 days.

Correction

You can update your account information (email, password) from your profile settings.

Portability

You can export your prompt registry and telemetry data in JSON format for transfer to another service.

Objection & restriction

You may object to certain processing activities or request restriction of processing by contacting us at

privacy@promptmetrics.dev.

9. Children's Privacy

PromptMetrics is not intended for use by individuals under the age of 16. We do not knowingly collect personal

information from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a

prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last

revised.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@promptmetrics.dev

Address: PromptMetrics, Data Protection Officer, [Your Business Address]

12. Open Source & Self-Hosted

PromptMetrics is open-source software licensed under the MIT License. You are free to self-host the platform on your

own infrastructure. When self-hosted:

- No data is sent to PromptMetrics servers

- You are responsible for your own privacy policy and compliance

- We provide the software "as is" without warranty

The source code is available at https://github.com/iiizzzyyy/promptmetrics-website.

This privacy policy is designed to be transparent and easy to understand. If you have suggestions for improvement, we 

welcome feedback.