At a glance
01
Who we are
Live Marketing Data MCP is a Model Context Protocol server that allows users of Claude (Anthropic's AI assistant) to connect their advertising and analytics platforms and retrieve marketing data through natural language queries. It is operated by PromptFlow, available at promptflow.digital.
The MCP server runs locally on your machine or in your own environment. For privacy questions, contact us at support@promptflow.digital.
02
What this service does
Live Marketing Data MCP acts as a secure bridge between Claude and your marketing platforms. When you ask Claude a question about your marketing performance, the MCP server:
- Receives the query from Claude
- Calls the relevant API (Google Analytics 4, Google Search Console, or Meta Ads) using your pre-authorized credentials
- Returns the data to Claude for analysis and display
Query results are never stored by us. The MCP server processes data entirely within your session.
03
What data we collect
| Data | Why we collect it | Where it lives |
|---|---|---|
| OAuth tokens (Google & Meta) | When you connect Google or Meta accounts via OAuth 2.0, the resulting access and refresh tokens are encrypted with AES-256-GCM and held temporarily in our secure backend (less than 5 minutes) solely to transfer them from your browser OAuth flow to your locally running MCP process. They are permanently deleted immediately after your MCP client picks them up. | Encrypted on our servers for <5 min · then your device only |
| Configuration data | Google Analytics 4 property IDs, Search Console site URLs, Meta Ads account IDs, and your license key — stored only on your local machine in an encrypted configuration file. This data never leaves your machine except to authenticate API calls on your behalf. | Your device only (encrypted) |
| API query results | Data retrieved from Google Analytics, Search Console, or Meta Ads is passed directly to Claude within your session. We do not log, store, or retain any query results. | Not stored — session only |
- Names, email addresses, or personal identifiers (other than what is contained in your license key)
- End-user data from your analytics or advertising audiences
- Cookies or browsing behavior
- Usage analytics or telemetry from the MCP server
04
Google API Services — Limited Use
Live Marketing Data MCP's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
| Google API Scope | Permission | Purpose |
|---|---|---|
| analytics.readonly | Read-only access to Google Analytics 4 data | Retrieve website traffic and conversion metrics in response to user queries in Claude. Data is displayed to the user and not stored. |
| webmasters.readonly | Read-only access to Search Console data | Retrieve search performance metrics in response to user queries in Claude. Data is displayed to the user and not stored. |
- Use Google user data to develop, improve, or train AI or machine learning models
- Sell Google user data to third parties
- Transfer Google user data to third parties except as necessary to provide the service
- Use Google user data for advertising
- Allow humans to read your Google user data without your express permission, legal requirement, or security necessity
05
Meta Ads API — Data use
| Meta Permission | Purpose |
|---|---|
| ads_read | Read-only access to your Meta ad account performance data (campaigns, ad sets, ads, spend, impressions, clicks). Used solely to answer your queries in Claude. Data is displayed to you and not stored. |
We do not request permissions to manage, create, or modify your Meta ads. We do not share Meta Ads data with third parties.
06
How we store and protect your data
All communication between the MCP server, our backend, and third-party APIs (Google, Meta) uses HTTPS/TLS encryption.
OAuth tokens are encrypted with AES-256-GCM using a key derived via HKDF before being stored in our backend. They are automatically deleted within 5 minutes. Local configuration files are encrypted with a machine-specific key.
Encrypted tokens reside in our backend only during the brief handoff between your browser completing OAuth and your local MCP process collecting the token. Tokens older than 5 minutes are treated as expired and rejected. Row-level security policies prevent any access without a valid pickup credential.
Credentials stored on your machine are accessible only to your user account and protected by machine-specific encryption. We have no ability to access locally stored credentials.
07
Third-party services
08
Your rights and choices
- Revoke Google access at any time via Google Account Permissions
- Revoke Meta access via Facebook App Settings
- Delete local data by removing the encrypted configuration file from your user data directory — this requires re-authorizing all connected accounts
- Request erasure confirmation by contacting us at support@promptflow.digital
Because we do not retain your marketing data after it is delivered to Claude, there is no stored query data to export or erase. Any tokens in temporary backend storage are automatically purged within 5 minutes.
09
Children's privacy
This service is intended for business users managing advertising and analytics accounts. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.
10
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify users via a notice on our website. Continued use of the service after changes are posted constitutes acceptance of the updated policy.
At a glance
01
Who we are
PromptFlow Pro is a Chrome extension that adds a searchable prompt library sidebar inside ChatGPT, Claude, and Gemini. It is operated by PromptFlow, available at promptflow.digital.
02
What we collect
| Data | Why we collect it | Where it lives |
|---|---|---|
| License & activation data | License key and status, activation count and seat usage, short-lived session tokens issued on each activation, trial counters, a randomly generated installId and your Chrome extension ID — used to identify a device without identifying you personally. | Our secure servers |
| Purchaser email hash | When you purchase via LemonSqueezy, a webhook delivers your purchaser email to our server. We store it as a non-reversible SHA-256 hash for license verification purposes only. We do not store your email in plain text and we do not use it for marketing without your consent. | Our secure servers (hash only) |
| License snapshot & UI preferences | Cached license status and your prompt library preferences for offline access and faster load times. | Your device only (chrome.storage.local) |
- Your prompts, AI replies, or model outputs
- Your browsing history or visited URLs
- Any content from your ChatGPT, Claude, or Gemini sessions
- Personal documents or clipboard contents
03
Data retention
| Data | Retention |
|---|---|
| License records, activations, trials | While license is active plus a reasonable fraud-prevention period |
| Hashed purchaser email | Same as above |
| Session tokens | Auto-expire after 72 hours |
| License snapshot & UI preferences | Until extension is uninstalled |
04
How we use your data
- To verify and activate your license
- To run and enforce trial limits
- To issue short-lived session tokens for authenticated requests
- To enforce seat limits and prevent license abuse
- To provide customer support
05
Third-party services
We do not sell personal data to any third party. Legal disclosure may occur if required by law.
06
Security
- All communication between the extension and our licensing server uses HTTPS
- Purchaser email stored only as a SHA-256 hash — never in plain text
- Session tokens are signed and short-lived (72-hour expiry)
- Least-privilege access applied across all infrastructure
07
Your rights
You have the right to access, correct, or request deletion of personal data we hold about you. To exercise these rights, contact us at support@promptflow.digital.
You may uninstall the extension at any time, which removes all locally stored data from your device.
08
Children's privacy
PromptFlow Pro is not intended for children under 13. We do not knowingly collect data from minors.
09
Changes to this policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page for any material changes. Continued use of the extension constitutes acceptance of the updated policy.
At a glance
01
Who we are
PromptFlow Voice is a Windows desktop application that provides context-aware voice dictation with AI-powered text enhancement and direct injection into the active Windows application. It is operated by PromptFlow, available at promptflow.digital.
For privacy questions, contact us at support@promptflow.digital.
02
What data we collect
The data we collect depends on your plan. We collect only what is necessary to deliver the service.
| Data | Why we collect it | Where it lives |
|---|---|---|
| Email address |
Stored as a one-way SHA-256 hash across all plans — we can verify uniqueness but cannot read your actual email: — Trial: hashed email used as the one-trial-per-email gate. Readable email passed to Resend only to deliver OTP and expiry reminder, and for marketing if opted in. — Voice Pro: hashed email associated with your subscription for license validation on every launch. — Power User: hashed email associated with your one-time license for validation on every launch. |
Our servers (hash only) · Resend (readable, delivery only) |
| License key | Voice Pro subscription key and Power User one-time license key validated against our servers on every app launch to confirm entitlement status. | Encrypted on your device · Validated on our servers |
| Device identifier hash | One-way SHA-256 hash of your Windows Machine GUID, used exclusively to enforce the one-trial-per-device limit. The raw GUID is hashed on your device before transmission and never stored. | Our secure servers (hash only) |
| Trial token hash | Cryptographic hash of your trial token used to validate your active trial on every launch. The raw token is stored encrypted on your device only. | Hash: our servers · Raw token: your device only |
| Voice audio | In Voice Pro mode, audio is transmitted to our hosted infrastructure for real-time transcription and AI enhancement. Processed immediately and discarded — never stored, logged, or used for any other purpose. | Not stored — processed in transit only |
| Usage statistics | Words dictated, runs, and estimated time saved displayed on your personal dashboard. Computed and stored locally — never transmitted to our servers. | Your device only |
| API keys (Power User) | Your Deepgram, OpenAI, Gemini, Anthropic, or DeepSeek API keys stored exclusively on your device using Electron encrypted storage and sent directly to your chosen provider. We never receive or handle them. | Your device only (encrypted) |
03
How we use your data
Your email is hashed and stored as the one-trial-per-email gate — we cannot read it. Your readable email is passed to Resend only to send your OTP code and trial expiry reminder. If you opted in to marketing emails, your readable email is also held by Resend for that purpose. Your device hash and trial token hash are checked on every launch to confirm your trial is valid and within its 7-day window.
Your hashed email and license key are used on every app launch to validate your active subscription. Your audio is transmitted to our hosted infrastructure for real-time transcription and AI enhancement, then immediately discarded. We do not use your audio for training, analytics, or any other purpose.
Your hashed email and license key are used on every app launch to validate your one-time license. All voice processing happens directly between your device and your chosen API provider — we are not involved in that data flow in any way.
04
Trial activation and consent
Before activating your free trial, you are required to agree to our Terms of Service and this Privacy Policy. Proceeding with activation constitutes your acceptance of these terms.
Transactional emails — your OTP verification code and trial expiry reminder — are always sent regardless of your marketing preference, as they are necessary to operate the service.
05
Trial limits and abuse controls
- 7-day duration calculated server-side from the moment of activation
- Maximum 15 hosted API calls per day
- One trial per device, enforced via pseudonymous device identifier hash
- One trial per email address, enforced via normalized email hash uniqueness
- Activation requests are rate-limited to prevent automated abuse
- Error responses for duplicate activations are intentionally generic
06
Data retention
| Data | How long we keep it |
|---|---|
| Email hash (trial) | Retained after trial expiry to prevent re-activation. One-way hash — we cannot reconstruct your email from it. |
| Email hash (Pro / Power User) | Retained for the duration of your active license. One-way hash. Reviewed periodically after expiry or cancellation. |
| Email (Resend) | Your readable email held by Resend for delivery of transactional emails and, if opted in, marketing emails. Removable by unsubscribing or contacting us. |
| License key (Pro / Power User) | Retained for the duration of your active license. Pro keys invalidated upon cancellation via LemonSqueezy. |
| Device identifier hash | Retained to prevent duplicate trial activations. One-way hash — we cannot reconstruct your Machine GUID from it. |
| Trial token hash | Expires 7 days from activation. Retained thereafter to prevent re-use. |
| Voice audio | Not retained. Discarded immediately after transcription and enhancement are returned to your device. |
| Local app data | Stored on your device until you uninstall the application. |
07
Email retention and deletion requests
What you can do:
- Unsubscribe from marketing emails at any time via the unsubscribe link in any email
- Request transactional email removal from Resend by contacting support@promptflow.digital once your trial or license is no longer active
- Remove all local data by uninstalling the application from your device
08
Third-party services
09
Security
- API keys and license tokens stored locally using Electron's encrypted storage
- Email addresses stored on our servers only as SHA-256 hashes — we cannot read your actual email from our database
- Device identifiers and trial tokens stored only as SHA-256 hashes — raw values never transmitted to or stored on our servers
- All communication between the app and our servers uses TLS encryption
- Cloudflare infrastructure provides edge-level DDoS protection for all API endpoints
No internet transmission method is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of data in transit or at rest.
10
Children's privacy
PromptFlow Voice is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child under 13, contact us at support@promptflow.digital and we will delete it promptly.
11
Changes to this policy
We may update this Privacy Policy when our data practices change. We will update the "Last updated" date at the top of this page. For material changes, we will notify you via email if you have an active trial or subscription on file. Continued use after changes take effect constitutes acceptance.
At a glance
01
Scope
These Terms of Service apply to all PromptFlow products: Live Marketing Data MCP, PromptFlow Pro (Chrome extension), and PromptFlow Voice (Windows desktop app), operated by PromptFlow / AR2OUR.
02
License and use
We grant you a non-exclusive, non-transferable license to use PromptFlow products subject to the seat limits of your purchased plan. You may not:
- Reverse engineer, decompile, or disassemble any part of our software
- Resell, sublicense, or share license keys beyond purchased seats
- Use the software for any illegal purpose or in violation of applicable laws
03
Payments and refunds
Payments are processed by LemonSqueezy and are subject to their terms and refund policies. Fraudulent chargebacks or disputed transactions may result in immediate license revocation.
- Live Marketing Data MCP — sold as a one-time purchase
- PromptFlow Pro — sold as one-time or subscription depending on the plan
- PromptFlow Voice Pro — sold as a monthly subscription
- PromptFlow Voice Power User — sold as a one-time license
04
Seat management and anti-abuse
Licenses are limited to the number of seats purchased. We may require purchaser email verification to replace devices once seats are full. Excessive device changes or concurrent usage beyond your plan may be rate-limited or suspended.
Free trials are limited to one per device and one per email address. Attempts to circumvent these limits may result in trial termination and account suspension.
05
Third-party services
Our products integrate with third-party platforms including Google Analytics, Google Search Console, Meta Ads, ChatGPT (OpenAI), Claude (Anthropic), Gemini (Google), Deepgram, and DeepSeek. Your use of those platforms is governed by their respective terms. We are not responsible for their availability, behavior, or results.
06
Acceptable use
You agree not to use our products to generate illegal content, infringe intellectual property rights, or conduct activities that harm our services or other users. We reserve the right to suspend or terminate access to protect service integrity.
07
Intellectual property
All PromptFlow software, branding, and content is owned by AR2OUR / PromptFlow. No intellectual property rights are transferred to you under these Terms.
08
Warranty disclaimer
Our products are provided "as is" and "as available" without warranties of any kind, express or implied, including fitness for a particular purpose or uninterrupted availability.
09
Limitation of liability
To the maximum extent permitted by applicable law, PromptFlow shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunities, arising from your use of our products.
10
Termination
You may stop using our products at any time. We may suspend or terminate your access for violations of these Terms, fraudulent activity, or to protect the integrity of our services. Upon termination, your license rights cease immediately.
11
Changes to terms
We may update these Terms from time to time. Continued use of our products after changes are posted constitutes acceptance of the updated Terms. We will update the "Last updated" date at the top of this page for any material changes.
12
Governing law
These Terms are governed by the laws of your country of residence, subject to mandatory local consumer protections that cannot be waived by contract.