Legal

Privacy Policy

Last updated: 7 July 2026

Who we are

Prompt Porter is operated by Maeve Media ("we", "us", "our"), an Australian sole-trader business based in Australia. You can contact us at info@prompt-porter.com. For the purposes of the EU and UK General Data Protection Regulation (GDPR), Maeve Media is the data controller for the personal information described here.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and where it applies to you, by the EU GDPR and the UK GDPR. This policy explains what personal information we collect, why, who we share it with, how long we keep it, and the rights you have over it.

What we collect

We collect only the information needed to run the service:

  • Account info — email address, password (hashed by our authentication provider, never seen by us in plain text), display name, and how you signed in (email, Apple or Google).
  • Onboarding answers — the industry you pick and any pain points you select, so we can tailor which prompts you see.
  • Content you create — prompts you submit, ratings you give, prompts you save.
  • Usage data — which prompts you view or copy (used to power your personal time-saved counter and to improve the library), broad device and browser type, and approximate region derived from your IP address (not your precise location).
  • Subscription data — if you subscribe, your subscription tier and status. Card details are never stored on our servers — they go directly to Apple's App Store (iOS in-app purchase) or Stripe (web, if offered).
  • Newsletter — if you opt in, your email address and the fact that you subscribed, so we can send you the newsletter until you unsubscribe.

Legal bases for processing (EEA and UK users)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

  • Performance of a contract — to create and run your account, deliver the service, and process your subscription.
  • Legitimate interests — to keep the service secure, understand which prompts are useful, and improve the product. We balance these against your rights.
  • Consent — for the newsletter, and any optional feature you choose to switch on. You can withdraw consent at any time.
  • Legal obligation — to keep billing and tax records as required by law.

How we use it

  • To run your account, save your preferences, and show you the right prompts.
  • To power your time-saved counter and improve the product (which prompts work, which categories grow, where the app feels slow).
  • To email you transactional messages (account confirmations, password resets, billing receipts).
  • To send you the newsletter, if you opted in (unsubscribe any time).
  • To enforce our terms (e.g. moderating reported prompts).

We do not sell your personal information. We do not use your data to train AI models. We do not show you ads or use advertising trackers.

Cookies

We use only strictly necessary cookies — the kind that are exempt from consent requirements because the service cannot work without them:

  • Authentication cookies — set by our authentication provider to keep you signed in.
  • Free-view counter — a single cookie (pp_anon_views) on the website that counts how many prompts a signed-out visitor has viewed that day, so we can apply the free daily limit. It holds a number and a date, nothing that identifies you.

We do not use advertising, analytics or cross-site tracking cookies, so there is no cookie consent banner to click through.

Who we share it with

We share data only with the sub-processors that make Prompt Porter work. Each is bound by data-processing terms consistent with the APPs and, where relevant, the GDPR:

  • Supabase — database, authentication and storage (hosted in Sydney, Australia).
  • Vercel (US) — website hosting and content delivery.
  • Apple (US) — in-app purchases on iOS. Apple handles all payment data; we receive only an opaque purchase token.
  • RevenueCat (US) — links your Apple/Google purchase to your account so your subscription works across devices.
  • Stripe (US/AU) — card payments on the web, if and when web checkout is offered. Stripe is PCI-DSS Level 1 certified; we never see your card number.

We do not otherwise disclose your personal information, except where required by law or to protect our rights, users or the public.

Where it is stored and international transfers

Your core account and content data is stored in Supabase's Sydney, Australia region. Some sub-processors listed above (Vercel, Apple, RevenueCat, Stripe) operate in the United States, so some data is transferred and processed overseas in the normal course of running the service.

For transfers of EEA or UK personal data outside those regions, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK Addendum) incorporated into our agreements with those providers. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

How long we keep it

  • Account data — for as long as your account exists. When you delete your account it is removed immediately; short-lived backups roll off within 30 days.
  • Public content (prompts you submit) — kept while approved, attributed to your display name, unless you ask us to remove them.
  • Usage and logs — up to 90 days, then deleted or aggregated so it no longer identifies you.
  • Newsletter records — until you unsubscribe, plus a suppression record so we don't email you again.
  • Billing records — 7 years (Australian tax law requirement).

Your rights

Wherever you live, you can exercise these rights at any time. If you are in the EEA or UK, the GDPR gives you the full set below; if you are in Australia, the APPs give you access, correction and complaint rights.

  • Access — get a copy of the data we hold about you.
  • Export (portability) — download your data in a portable JSON file, yourself, from your profile on the web. No waiting, no email needed.
  • Correct — fix any incorrect or out-of-date personal information.
  • Delete — permanently delete your account and all linked data from inside the app (Profile → Delete account on mobile; Profile on web). This is immediate and irreversible.
  • Object and restrict — object to, or ask us to pause, processing based on our legitimate interests.
  • Withdraw consent — turn off the newsletter or any optional feature at any time, without affecting anything we did before you withdrew.
  • Complain — raise it with us first. If you're in Australia you can then complain to the Office of the Australian Information Commissioner (oaic.gov.au). If you're in the EEA or UK you can complain to your local data protection authority (in the UK, the ICO at ico.org.uk).

To exercise a right that isn't self-service, email info@prompt-porter.com and we'll respond within 30 days.

Data breaches

We take reasonable steps to protect your information. If a data breach occurs that is likely to result in serious harm, we will notify affected users and the relevant regulator (the OAIC in Australia, and where the GDPR applies, the relevant supervisory authority within 72 hours) as required by law.

Children

Prompt Porter is intended for adults running a business. It is not directed at children. We do not knowingly collect data from anyone under 16 in the EEA or UK, or under 13 elsewhere. If you believe a child has given us personal information, contact us and we'll delete it.

Changes

We'll update this policy when we change how we handle data. Material changes will be notified by email and a prominent notice in the app before they take effect.

Contact

For any privacy question or to exercise a right, email info@prompt-porter.com. We aim to respond within 5 business days, and within 30 days for formal requests.