RACEprompt — Privacy

Privacy Policy

Effective: April 26, 2026 · Last updated: April 26, 2026

The 60-second version

Hey — it's Jonesy. I built RACEprompt and I'll be real: the part of a privacy policy that matters most is what's actually happening with your data. So here's the short version up top.

Your prompts go to one of three AI providers (Anthropic, OpenRouter, or Azure) when you tap Run. I don't keep them on my servers beyond the few seconds it takes to relay the request and stream the answer back. Your prompts you save in the app live on your device.

Apple handles every iOS purchase. Stripe handles the web-only Sprint tier. No tracking pixels. No advertising IDs. No resale of your data — ever. Full detail below.

1. Who this covers

This policy covers RACEprompt on iOS, the macOS Catalyst build, the Android build, the watchOS companion, and the web app at app.drjonesy.com. Operated by Jonesies Solutions LLC (Dr. Renaldo "Jonesy" Jones, sole owner). Questions go to hello@drjonesy.com.

2. What I collect

Account info

Email address — for login, password reset, and the occasional product email you can opt out of in one click.
Display name (optional) — if you set one in your profile.
Subscription tier — free, Pro, or Sprint — so the app knows what features to unlock.

Prompt content (this is the part that matters)

RACEprompt has two flavors of prompt data and they're treated differently:

Prompts you save in the app — stored locally on your device. They sync to your account if you opted into sync. Encrypted at rest in transit. I don't read them.
Prompts you Run — streamed to one of three AI providers (see below). I relay the request, stream the answer back to you, and don't keep a copy. Provider-side retention is governed by each provider's own policy, not mine.

Purchase info

Apple In-App Purchase — Apple handles the transaction and gives the app a signed receipt to validate. I see the tier you bought and the receipt status. I never see your card number, billing address, or Apple ID password.
Stripe (Sprint web tier only) — if you buy the AI Agent Sprint at drjonesy.com/sprint, Stripe handles the checkout. I see your name, email, and what tier you bought. Stripe processes and stores the card data, not me.

Diagnostic data

Crash reports + error logs — anonymous, no prompt content, used to fix bugs.
Aggregate usage counts — e.g. "X prompts run today" — so I can size capacity and not get rate-limited.

3. What I don't collect

No advertising identifiers (no IDFA, no GAID).
No third-party tracking pixels. No Meta Pixel, no TikTok pixel, no Google Ads tag inside the app.
No selling or renting your data. Ever. Not to data brokers, not to AI training pools, not to anyone.
No reading your saved prompts. If I had to debug your account I'd ask you first.

4. Where prompts go when you tap Run

RACEprompt has a 3-provider fallback architecture. The first provider in the chain handles the request; if it errors or times out, the next one picks up. You can disable any of them in settings.

Anthropic (Claude)Primary provider. Prompts are sent to Anthropic's API. Anthropic's privacy policy applies to that data: anthropic.com/legal/privacy. Per Anthropic's policy, API traffic is not used to train their models by default.

OpenRouterFirst fallback. OpenRouter routes to multiple underlying models depending on availability. Their privacy policy: openrouter.ai/privacy. Note that OpenRouter is itself a relay — the model behind your request may be operated by another provider.

Azure OpenAISecond fallback. Hosted by Microsoft. Microsoft's privacy statement applies: privacy.microsoft.com/privacystatement. Azure OpenAI does not use your prompts to train OpenAI's foundation models.

What I keep on my side: a request log line with timestamp, provider used, success/failure, and token count. No prompt content. No response content. The log line is for debugging and capacity planning. It's purged after 30 days.

5. Bring Your Own Key (BYOK)

If you add your own API key in settings, your prompts go directly to that provider using your key. The key is stored in your device's Keychain (iOS / macOS) or Keystore (Android). It is never transmitted to me. If you sync, the key is encrypted with a per-account secret and unwrapped only on your devices.

6. Apple specifics

In-App Purchase receipts — validated against Apple's StoreKit verification API to prevent fraud. The receipt itself contains no personal info beyond the transaction.
App Tracking Transparency — RACEprompt does not track you across apps or websites. The ATT prompt does not appear because nothing in the app would warrant it.
App Privacy nutrition label — the data types declared in App Store Connect match this policy. If they ever drift, this policy is the source of truth and I'll fix the label.

7. Your rights

Delete your account. Email hello@drjonesy.com with "delete account" in the subject. I delete within 7 days and confirm by reply. Saved prompts and account metadata go with it.
Export your data. Same email, "export" in the subject. You get a JSON dump of your account info and saved prompts within 7 days.
Opt out of marketing. Every product email I send has an unsubscribe link. One click, you're out, immediately.
Correct your data. Edit it in app settings, or email me.

Under GDPR: you have rights of access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your supervisory authority. Under CCPA / CPRA: you have the right to know, delete, correct, and opt out of sale (though I don't sell data, period). For both, the contact is the same: hello@drjonesy.com.

8. Children's privacy

RACEprompt is rated 4+ on the App Store but it's built for general audiences and isn't directed at children. I don't knowingly collect personal information from anyone under 13 (or under 16 in the EEA / UK). If a parent or guardian believes their child has provided info, email hello@drjonesy.com and I'll delete it within 7 days.

9. Where your data lives

Cloudflare's edge network in the United States is the primary infrastructure. The AI providers I relay to operate globally. By using RACEprompt outside the US, you consent to your data being processed in the US and wherever the providers' infrastructure runs.

For EU / UK users: I rely on the EU → US Data Privacy Framework and Standard Contractual Clauses where the framework doesn't apply. Provider-side transfers are governed by each provider's own DPF / SCC posture.

10. Security

TLS 1.3 in transit. Encrypted at rest on Cloudflare and the database I use.
API keys (yours and mine) stored in platform secure enclaves — never in plaintext on disk.
I'm the only person with admin access to production. No third-party support staff. No outsourced ops.
If a breach happens that affects you, I notify within 72 hours by email — not buried in an in-app banner.

11. Changes to this policy

If I change this materially, I'll email registered users at least 14 days before the change takes effect, and bump the "Last updated" date at the top. Minor wording fixes I just push.

12. Contact

One inbox for everything. hello@drjonesy.com. I read every email myself — usually inside 24–48 hours.

If anything in here seems off or you want clarity on a specific data flow, just ask. I'd rather be specific than impressive. — Jonesy