Overview
Mentro ("we", "our", "us") operates the Mentro — Live Prompt Analyzer Chrome extension
(the "Extension"). This policy explains what data the Extension collects, how it is used,
and with which third parties it is shared.
We collect only what is necessary to provide real-time prompt scoring and to maintain your
account. We do not sell your data.
Data We Collect
Account information
-
Email address — collected when you sign up or sign in with email/password, Google, or
GitHub OAuth.
-
Authentication tokens (access token, refresh token) — stored locally in
chrome.storage.local on your device to keep you signed in.
Prompt text — real-time scoring
-
The text you type into ChatGPT, Gemini, Perplexity, or Claude is read by the Extension
in order to compute a real-time quality score.
-
The primary (heuristic) scoring layer runs entirely on your device — your prompt text
never leaves your browser for this step.
-
For AI-powered scoring (the secondary layer, fired ~1.5 seconds after you stop typing),
your prompt text is sent to our backend server hosted on Fly.dev, which forwards it to
the Groq API to generate quality scores and improvement suggestions. Neither we nor Groq
retain prompt text beyond the duration of the request.
-
Prompt text is never stored in our database. Only the metadata
described below is persisted.
Prompt metadata (stored, opt-out available)
-
When you submit a prompt (hit send), the following metadata is stored in your account
history: word count, quality scores (overall, ownership, depth, critical, clarity),
detected intent category, the AI platform used, and a timestamp.
-
This metadata is used to populate your personal dashboard (average score, prompt
length distribution, intent breakdown, platform stats).
-
You can disable this collection at any time. Open the Extension popup,
go to Settings, and turn off "Collect prompt stats". When this is off, no metadata is
stored when you submit a prompt.
Settings
-
Your Extension settings (badge enabled/disabled, pills enabled/disabled, stat collection
on/off) are stored in
chrome.storage.sync, which syncs across your Chrome
profile.
How We Use Your Data
- To authenticate you and maintain your session.
- To compute real-time prompt quality scores as you type.
-
To store prompt metadata (when stat collection is enabled) so you can review your
prompting habits in the dashboard.
- To sync your settings across devices via your Chrome profile.
We do not use your data for advertising, profiling, or any purpose beyond the above.
Third-Party Services
The Extension relies on the following third-party services. Each has its own privacy
policy.
Supabase — database and authentication
- Stores your account (email, hashed password), session tokens, and prompt metadata.
-
Email/password auth and OAuth token exchange are handled directly by Supabase Auth.
-
Privacy policy:
supabase.com/privacy
Groq — AI scoring (via our Fly.dev backend)
-
Prompt text is forwarded to Groq's API to generate AI-powered quality scores and
suggestions. This only occurs when AI scoring is active (approximately 1.5 seconds after
you stop typing, while you are signed in).
-
Requests are proxied through our backend and authenticated with your Supabase JWT.
Prompt text is not retained by our backend or by Groq beyond the duration of the
request.
-
Privacy policy:
groq.com/privacy-policy
Google OAuth / GitHub OAuth — sign-in
-
If you choose to sign in with Google or GitHub, the OAuth flow is handled by those
providers via Supabase Auth.
- We only receive your email address from the OAuth provider.
-
Google privacy policy:
policies.google.com/privacy
-
GitHub privacy policy:
GitHub Privacy Statement
Data Storage and Retention
-
Auth tokens are stored locally on your device in
chrome.storage.local and
are cleared when you sign out.
-
Account data and prompt metadata are stored in Supabase and are retained until you
delete them or delete your account.
-
Self-service deletion: You can permanently delete all your stored
prompt stats at any time from the Extension popup — go to the Settings tab and tap
"Delete my data". This removes all prompt metadata associated with your account from
our database immediately.
-
To delete your account entirely, contact us at the email address below.
Permissions
The Extension requests the following Chrome permissions:
-
storage — to save your session and settings locally
(
chrome.storage.local) and synced across devices
(chrome.storage.sync).
-
activeTab — to read the prompt you are typing in the active AI
platform tab.
-
identity — to launch the Google/GitHub OAuth sign-in flow via
chrome.identity.launchWebAuthFlow.
-
tabs — to broadcast settings changes (badge on/off, pills on/off,
stat collection on/off) to all open AI platform tabs immediately when you change a
setting in the popup.
-
host permissions for
chatgpt.com,
chat.openai.com, gemini.google.com,
perplexity.ai, www.perplexity.ai, and
claude.ai — to inject the content script that observes the prompt input
on those pages.
-
host permission for
mentro-lucid-dust-3580.fly.dev — to allow the background service worker
to send AI scoring requests to our backend.
No other permissions are requested or used.
Children's Privacy
The Extension is not directed at children under 13. We do not knowingly collect personal
information from children under 13. If you believe a child has provided us with personal
information, please contact us and we will delete it.
Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top of this
page will reflect any changes. Continued use of the Extension after a change constitutes
acceptance of the updated policy.