Privacy Policy
Last updated 25 April 2025
1 . Who we are
Prompt Cowboy is an online platform operated by Fourday AI Pty Ltd (ABN 44 678 770 799), headquartered in Sydney, Australia. We help people design, store and run AI prompts.
This policy explains—in plain English—how we handle your information under:
- the Privacy Act 1988 (Cth) and the Australian Privacy Principles, as amended by the Privacy and Other Legislation Amendment Act 2024
- other laws that may apply where you live, including the EU/UK GDPR, the California Consumer Privacy Act (CCPA) and similar rules worldwide.
Need help or have questions? Email us at privacy@fourday.ai — we’re real humans and happy to explain anything in this policy.
2 . Scope
This policy applies to anyone who:
- browses Prompt Cowboy without signing in (anonymous users)
- creates a Free, Personal or Business account using email/Supabase Auth or Google Sign-in
- interacts with our website, mobile or desktop apps.
3 . What we collect — and why
| Category | Details | Why we need it |
|---|---|---|
| Authentication data | • Email address (Supabase) • Google account name, email & profile picture | Log you in & secure your account |
| Payment data (Personal & Business) | Processed by Stripe; we never see full card numbers | Process subscriptions & invoices |
| Prompts & outputs | Your prompts, AI responses, timestamps, model info | Deliver core service, show history, troubleshoot |
| Workspace info (Business) | Organisation name, team-member emails | Enable team features & access controls |
| Usage analytics | Aggregated click-stream & error data via PostHog (IP truncated) | Improve performance & plan new features |
| Device / log data | Browser, OS, rough location (city-level), cookies | Keep the service running safely & efficiently |
No sensitive data collected. We do not ask for your legal name, phone number, address, government ID, biometric data or anything unrelated to running Prompt Cowboy.
4 . How we use your information
We never use your prompts to train public AI models, sell ad profiles, or share identifiable data with third-party marketers.
We use the information we collect to:
- run, maintain and personalise the platform
- authenticate you and keep your account secure
- process payments and send invoices/receipts
- send essential service emails (password reset, incident notices)
- send optional product updates or tips (you can unsubscribe any time)
- conduct aggregated, de-identified analytics to improve Prompt Cowboy
- comply with laws, prevent fraud and enforce our Terms of Service.
5 . Legal grounds for processing
| Region | Legal basis |
|---|---|
| Australia | Reasonably necessary to provide the service (APP 3) |
| EU / UK | GDPR Art. 6 (1)(b) “contract”; Art. 6 (1)(f) “legitimate interests”; consent for marketing |
| California | We do not sell personal information; “Do Not Sell or Share” toggle is in your account settings |
6 . Sharing & overseas transfers
| Recipient | Location | Safeguards |
|---|---|---|
| Supabase (hosting & auth) | AWS Sydney (default) or EU/US on request | Contractual APP 8 clauses; encryption |
| Google Cloud (OAuth) | Global | Standard Contractual Clauses (EU) |
| Stripe (payments) | USA, EU, Asia | PCI-DSS, SCCs |
| PostHog (analytics) | EU hosting | Aggregated data; IP truncation |
We bind each provider to use your data only for the purpose we specify and to maintain comparable privacy safeguards.
7 . Security
- TLS 1.3 encryption in transit and AES-256 encryption at rest
- Supabase Row-Level Security so each account can read only its own data
- Annual staff privacy & security training
- Continuous monitoring & logging
Data breaches — If a breach is likely to cause serious harm we will notify affected users and the OAIC (and, where relevant, other regulators) within 72 hours.
8 . Data retention & deletion
You are in control of your data. You can delete your account at any time from Account → Delete. When you do:
- we begin a secure purge of all personal data within 30 days, including back-ups, except where law requires longer retention (e.g. billing records)
- until deletion is complete, your data is inaccessible to normal operations
If you keep your account open, we retain data only as long as needed for the purposes in this policy.
| Data we keep while your account is active | Typical retention | Purpose |
|---|---|---|
| Prompts & outputs | 90 days (Free), 365 days (Personal) or custom (Business) | Provide history & team features |
| Authentication data | Life of account | Sign-in & security |
| Billing records | 7 years (tax law) | Regulatory compliance |
9 . Your choices & rights
| Right | How to exercise it |
|---|---|
| Access / Correction | Self-service in Account → Profile or email privacy@fourday.ai |
| Delete account & data | Account → Delete — secure purge within 30 days |
| Marketing opt-out | Click unsubscribe in any non-essential email |
| Do Not Sell / Share (CCPA) | Toggle off in Privacy → CCPA controls |
If we can’t resolve an issue, you may complain to the Office of the Australian Information Commissioner or your local data-protection authority.
10 . Automated decision-making
We do not make decisions that have legal or similarly significant effects on you.
If this changes, we’ll explain the logic involved and your options.
11 . Children
Prompt Cowboy is not intended for anyone under 16.
If we discover we’ve collected data from a minor, we’ll delete it.
12 . Changes to this policy
We may update this policy for legal, technical or business reasons. When we do we will:
- post the new version here; and
- email or in-app notify registered users at least 14 days before changes take effect (or sooner if required by law).
13 . Governing law & jurisdiction
These terms are governed by the laws of New South Wales, Australia.
By using Prompt Cowboy you agree that any dispute will be subject to the non-exclusive jurisdiction of the courts of New South Wales, Australia.
14 . Contact us
| Role | Details |
|---|---|
| Privacy Officer (Australia) | privacy@fourday.ai Fourday AI Pty Ltd, Surry Hills, Sydney NSW 2000, Australia |