Last updated: March 31, 2026
Prompt Lab stores prompts, API keys, settings, and experiment results locally on your device. Those artifacts do not leave your browser unless you explicitly send a request to an AI provider.
Provider API keys you configure (Anthropic, OpenAI, Google, OpenRouter, Ollama) are stored in your browser's local storage or Chrome extension storage. In the extension and desktop shells, requests go directly to the provider you selected. In the hosted web app, requests are forwarded through Prompt Lab's domain-allowlisted Vercel Edge proxy at /api/proxy to satisfy browser CORS requirements. Prompt Lab does not persist your keys server-side.
When you run a prompt, Prompt Lab sends your input to the provider API you selected. In extension and desktop environments, that traffic is direct. In the hosted web app, traffic passes through a narrow proxy that validates the target domain and forwards the request. Each provider has its own privacy policy and data handling practices. Prompt Lab does not store your prompts or responses in a developer-controlled backend.
Prompt Lab uses Stripe for checkout, subscription management, and customer portal flows. If you start a Pro upgrade, Prompt Lab and Stripe process billing metadata such as your billing email, Stripe customer ID, subscription status, and configured Prompt Lab price IDs. Prompt Lab uses that metadata to sync Pro access locally on your device.
Prompt Lab can send lightweight usage events to developer-controlled endpoints. These events include event names, app surface, anonymous device/session identifiers, plan state, and an optional contact email if you choose to provide one in Settings. Prompt text, model responses, and provider API keys are not included in usage insights payloads.
You can export your library, experiments, and settings as a local JSON file at any time. Imported data is processed entirely in the browser. No data is uploaded to external services during import or export.
Prompt Lab is open source. You can inspect the full codebase on GitHub to verify these claims.
Questions about this policy can be directed to the project's GitHub Issues page.