Pillar
Privacy prompts
Privacy prompts make data flows visible at the moment of use. In GenAI products, that means showing what is sent to providers, what remains local, which optional features exist, and how the user can stay in control.
Why in-product transparency matters
A long privacy policy is necessary, but it is not enough when users are about to send sensitive content into an AI system. They need a just-in-time explanation that matches the actual product state.
Privacy prompts help bridge that gap by turning abstract policy statements into operational product signals: provider, purpose, scope, and control path.
What a privacy prompt should reveal
At minimum, the product should make it easy to understand which provider receives the request, what category of content is being sent, and whether any optional storage or measurement is active.
The point is not to overload the user with legal language, but to surface the exact facts needed to make an informed choice at the moment of action.
- • Provider and purpose of processing
- • Prompt and context scope
- • Local storage and optional telemetry footprint
How this connects to consent
Privacy prompts do not replace consent collection for non-essential tracking. They complement it by making provider sharing and local-state behavior legible where it matters most.
That is especially important in GenAI, where a user may accept necessary service processing while still rejecting optional analytics, experiments, or persistence.
Why this is also a product discipline
A strong privacy prompt requires the product team to know its own data flows precisely. If UI text, provider behavior, and policy documents disagree, users notice — and so do regulators or partners.
In practice, privacy prompts work best when they are backed by inspectable settings, accurate privacy disclosures, and architecture boundaries that are already explicit in the product design.
FAQ
Is this a replacement for the privacy policy?
No. The privacy policy remains the formal disclosure document. Privacy prompts are the in-product layer that explains concrete data flows and controls at the time of use.
Does this replace consent banners?
No. Consent is still needed for non-essential tracking or experiments where required. Privacy prompts complement that by explaining provider sharing, storage behavior, and control paths more directly.
Can I opt out of optional features?
Yes. Optional categories should be toggleable and revocable through settings. A good implementation also explains what changes when those categories are off.
What about model providers?
Providers receive the content needed to generate answers. Privacy prompts should state who the provider is, what is sent, and why that transfer is necessary for the requested feature.
Where can I verify storage and settings?
Use the available settings and data inspection views to see local storage, optional telemetry states, and other user-facing controls. The privacy policy should then back that up formally.