RACEprompt - Privacy

Privacy
Policy

Effective: May 31, 2026 · Last updated: May 31, 2026

The 60-second version

Hey, it's Jonesy. I built RACEprompt and I'll be real: the part of a privacy policy that matters most is what's actually happening with your data. So here's the short version up top.

  • Bring your own key from five providers (Anthropic, OpenAI, Google Gemini, Azure OpenAI, OpenRouter). The key lives in your device Keychain or Keystore. It never touches my servers.
  • Your prompts go straight to the provider you picked when you tap Run. If you're using my hosted credit pool instead of BYOK, the worker relays the call and forgets it the second the response streams back to you.
  • Memory is on-device. The app remembers how you write using a small on-phone model. Nothing about your memory leaves your device unless you turn on iCloud sync, which is off by default and uses Apple's end-to-end encryption when on.
  • Exports go where you tell them. Notion, Google Docs, Slack, email, PDF, DOCX, Markdown. Integration tokens live on your device. I am not a middleman.
  • Apple handles every iOS purchase. Stripe handles the web-only Sprint tier. No tracking pixels. No advertising IDs. No resale of your data. Ever.

Full detail below.

1. Who this covers

This policy covers RACEprompt on iOS, the macOS Catalyst build, the iPad build, the Android build, the watchOS companion, and the web app at app.drjonesy.com. Operated by Jonesies Solutions LLC (Dr. Renaldo "Jonesy" Jones, sole owner, EIN 93-4539934). Questions go to hello@drjonesy.com.

2. What I collect

Account info

  • Email address for login, password reset, and the occasional product email you can opt out of in one click.
  • Display name (optional) if you set one in your profile.
  • Subscription tier (free, Pro, or Sprint) so the app knows what features to unlock.

Prompt content (this is the part that matters)

RACEprompt has three flavors of prompt data and they are treated differently:

  • Prompts you save in the app live on your device by default. If you turned on iCloud sync, they replicate through your iCloud account using Apple's end-to-end encryption. I never see them.
  • Prompts you Run are sent to the AI provider you have configured. If you brought your own key, the request goes straight from your device to the provider. If you are using my hosted credit pool, the request goes through a Cloudflare Worker that streams the response back to you and keeps no copy.
  • Smart Clarify questions and your answers are sent to the same AI provider as a single request right before the prompt runs. Same retention rules apply.

Memory

Build 54 ships on-device memory using SwiftData and Apple's on-device sentence embeddings. The app builds a small private index of your past prompts so it can recall how you write and what projects you keep coming back to. This index lives on your device. If you enable iCloud sync from Settings, it replicates through your iCloud account under Apple's end-to-end encryption. You can clear the memory or change the disk budget at any time from Settings.

On iOS 26 and newer, the app can also use Apple's on-device Foundation Models to generate short conversation digests. Those generations happen on your phone and never leave it.

Integrations and Export

Build 54 ships an Export menu with eight destinations: PDF, DOCX, plain text, Markdown copy, Notion, Google Docs, Slack, and email. Notion and Google Docs use paste-tokens you generate yourself. Slack uses an incoming webhook URL you generate from your Slack workspace. I never see those tokens. They live in your device Keychain or Keystore. When you tap Export, the data is sent from your device directly to the destination service.

Purchase info

  • Apple In-App Purchase. Apple handles the transaction and gives the app a signed receipt to validate. I see the tier you bought and the receipt status. I never see your card number, billing address, or Apple ID password.
  • Google Play billing. Same idea on Android.
  • Stripe (Sprint web tier only). If you buy the AI Agent Sprint at drjonesy.com/sprint, Stripe handles the checkout. I see your name, email, and what tier you bought. Stripe processes and stores the card data, not me.

Diagnostic data

  • Crash reports and error logs. Anonymous. No prompt content. Used to fix bugs.
  • Aggregate usage counts like "X prompts run today" so I can size capacity and not get rate-limited.

3. What I don't collect

  • No advertising identifiers (no IDFA, no GAID).
  • No third-party tracking pixels. No Meta Pixel, no TikTok pixel, no Google Ads tag inside the app.
  • No selling or renting your data. Ever. Not to data brokers, not to AI training pools, not to anyone.
  • No reading your saved prompts. If I had to debug your account I would ask you first.
  • No copies of your BYOK keys. They never reach my infrastructure.
  • No copies of your integration tokens for Notion, Google Docs, or Slack.

4. Where prompts go when you tap Run

If you brought your own key

Your prompt goes from your device straight to the provider whose key you added. Nothing transits my workers. The provider's privacy policy governs the data on their side.

If you're using the hosted credit pool (default for free and Pro tiers)

RACEprompt uses a three-tier worker failover so you almost never see a recovery error. Execute requests try Anthropic first, then Azure OpenAI, then OpenRouter. Iterate requests try Azure OpenAI first, then OpenRouter. The model picked is silent in the UI because the goal is a working answer, not a model label.

  • Anthropic (Claude). Per Anthropic's API policy, traffic is not used to train models by default. Privacy policy: anthropic.com/legal/privacy.
  • Azure OpenAI. Hosted by Microsoft. Azure OpenAI does not use your prompts to train OpenAI's foundation models. Privacy statement: privacy.microsoft.com/privacystatement.
  • OpenRouter. A relay that routes to multiple underlying models. The model behind your request may be operated by another provider. Privacy policy: openrouter.ai/privacy.

What I keep on my side: a request log line with timestamp, provider used, success/failure, and token count. No prompt content. No response content. The log line is for debugging and capacity planning. It is purged after 30 days.

5. Bring Your Own Key (BYOK)

Build 54 supports BYOK across five providers: Anthropic, OpenAI, Google Gemini, Azure OpenAI, and OpenRouter. You can add multiple keys and pick which one runs which kind of request.

  • iOS and macOS: the key is stored in your device Keychain.
  • Android: the key is stored in EncryptedSharedPreferences (Android Keystore-backed).
  • Web: the key is stored in browser localStorage on your machine.

In every case, the key never transits my workers or my database. If you turn on iCloud sync (iOS / macOS), the key is wrapped with a per-account secret and unwrapped only on your other Apple devices.

6. Memory and on-device intelligence

The memory index, the sentence embeddings, the on-device Foundation Models generations on iOS 26+, and the fallback deterministic digests below iOS 26 all run on your device. None of that traffic reaches my servers.

If you enable iCloud sync for memory, the data replicates through your iCloud account under Apple's end-to-end encryption. I cannot see it. Apple cannot see it. That is how CloudKit works when E2E is on, and it is on for memory.

Disk budget for memory defaults conservatively but goes up to your free disk minus a 512 MB reserve. Clear-all is one tap in Settings.

7. Share extension and App Intents

The iOS Share extension lets you send selected text from any app into RACEprompt. The text comes in as a draft prompt for you to review. It is not auto-run. It does not leave your device until you tap Run.

App Intents (Siri / Shortcuts) work the same way. The shortcut creates a draft. You confirm.

8. Apple specifics

  • In-App Purchase receipts are validated against Apple's StoreKit verification API to prevent fraud. The receipt itself contains no personal info beyond the transaction.
  • App Tracking Transparency. RACEprompt does not track you across apps or websites. The ATT prompt does not appear because nothing in the app would warrant it.
  • App Privacy nutrition label. The data types declared in App Store Connect match this policy. If they ever drift, this policy is the source of truth and I will fix the label.
  • Sign in with Apple. If you use it, Apple gives me an opaque user ID and the email you chose to share (real or hide-my-email). I do not get your Apple ID password or device identifiers.

9. Your rights

  • Delete your account. Email hello@drjonesy.com with "delete account" in the subject. I delete within 7 days and confirm by reply. Saved prompts, account metadata, and any server-side traces go with it.
  • Export your data. Same email, "export" in the subject. You get a JSON dump of your account info and saved prompts within 7 days.
  • Opt out of marketing. Every product email has an unsubscribe link. One click, you are out, immediately.
  • Correct your data. Edit it in app settings, or email me.

Under GDPR: you have rights of access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your supervisory authority. Under CCPA / CPRA: you have the right to know, delete, correct, and opt out of sale (though I don't sell data, period). For both, the contact is the same: hello@drjonesy.com.

10. Children's privacy

RACEprompt is rated 4+ on the App Store but is built for general audiences and is not directed at children. I do not knowingly collect personal information from anyone under 13 (or under 16 in the EEA / UK). If a parent or guardian believes their child has provided info, email hello@drjonesy.com and I will delete it within 7 days.

11. Where your data lives

Cloudflare's edge network in the United States is the primary infrastructure for the relay workers and the account database. The AI providers I relay to operate globally. By using RACEprompt outside the US, you consent to your data being processed in the US and wherever the providers' infrastructure runs.

For EU / UK users: I rely on the EU to US Data Privacy Framework and Standard Contractual Clauses where the framework does not apply. Provider-side transfers are governed by each provider's own DPF / SCC posture.

12. Security

  • TLS 1.3 in transit. Encrypted at rest on Cloudflare and the database I use.
  • API keys (yours and mine) stored in platform secure enclaves. Never in plaintext on disk.
  • I am the only person with admin access to production. No third-party support staff. No outsourced ops.
  • If a breach happens that affects you, I notify within 72 hours by email. Not buried in an in-app banner.

13. Changes to this policy

If I change this materially, I email registered users at least 14 days before the change takes effect, and bump the "Last updated" date at the top. Minor wording fixes I just push.

14. Contact

One inbox for everything. hello@drjonesy.com. I read every email myself, usually inside 24 to 48 hours.

If anything in here seems off or you want clarity on a specific data flow, just ask. I would rather be specific than impressive. - Jonesy