Privacy Policy

Last updated: 16 May 2026 · Effective date: 16 May 2026

This Privacy Policy explains how Autonoma Capital, trading as “Megaprompt” (“we”, “us”, “our”), collects, uses, discloses and protects personal information when you visit mega-prompt.com(the “Site”) or purchase one of our prompt bibles. It also explains your rights under the major privacy laws that may apply to you, including the European Union General Data Protection Regulation (“GDPR”), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles (“APPs”), the New Zealand Privacy Act 2020, the Singapore Personal Data Protection Act (“PDPA”), and equivalent laws in other jurisdictions.

1. Who we are and how to contact us

The data controller (or, depending on the law that applies to you, the equivalent accountable entity) is Autonoma Capital, based in Sydney, Australia. You can reach us about any privacy matter at hello@mega-prompt.com.

2. Personal information we collect

We only collect information we genuinely need to operate the Site:

  • Email address — when you request a free sample, make a purchase, submit a support ticket, or request a custom bible.
  • Name — when you provide it via the support form, custom-bible request form, or Stripe checkout.
  • Purchase information — the prompt bible(s) you bought, the amount paid, currency, date, and a Stripe session reference. We do not see or store your full card number; Stripe handles all card data.
  • Marketing-consent records— the exact wording of the consent box you ticked, the date and time, your IP address, and your browser’s user-agent string. We keep these as evidence of opt-in.
  • Communications you send us — the contents of your support tickets, custom-bible requests, and any email correspondence.
  • Limited technical data — IP address, browser type, the pages you visited on the Site, and the time of visit. We use this for security, rate-limiting, and aggregate analytics. No advertising cookies are set.

We do not knowingly collect special-category personal data (such as health information, political opinions, religious beliefs, or biometric data). Please do not include such information in support tickets or custom-bible requests.

3. How we use your information

We use your information for the following purposes:

  • Delivering the Products — sending you the free sample, processing your purchase, sending magic-link access emails, and providing customer portal access.
  • Customer support — replying to your support tickets, custom-bible requests, and other correspondence.
  • Marketing — if and only if you ticked the marketing-consent box, sending occasional emails about new prompt bibles, tips, and offers. You can unsubscribe at any time using the link in every marketing email.
  • Service operation and security — running the Site reliably, detecting and preventing fraud, abuse, and security incidents (rate-limiting, suspicious-pattern detection, audit logging).
  • Analytics — understanding which pages are visited and how Products perform, in aggregate. We do not build advertising profiles.
  • Legal and accounting — meeting tax, accounting, and other legal obligations (for example, retaining transaction records for the period required by Australian tax law).

4. Lawful basis for processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction that requires a lawful basis, we rely on the following:

  • Contract (Art. 6(1)(b)) — to deliver a Product you have purchased or a free sample you have requested.
  • Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, and basic analytics. We have weighed these against your rights and consider the processing proportionate.
  • Consent (Art. 6(1)(a)) — for marketing emails. You may withdraw consent at any time without affecting the lawfulness of earlier processing.
  • Legal obligation (Art. 6(1)(c)) — for tax, accounting, and similar legal requirements.

5. Who we share your information with

We share the minimum necessary personal information with the following third-party service providers, who act as our processors and may only use your information to provide services to us:

  • Stripe — payment processing.
  • Resend — transactional and marketing email delivery.
  • Vercel — website hosting and serverless functions.
  • Upstash — the Redis-compatible database (“Vercel KV”) in which we store subscribers, purchases, support tickets, and other operational records.
  • ImprovMX — inbound email forwarding from @mega-prompt.com addresses to our team inboxes.
  • Google (Gmail) — our team inboxes receive and reply to email.
  • Anthropic — provides scheduled Claude agents used internally to run our marketing, content, and security routines. We do not send personal information to these agents beyond what is required to operate the Site.

We may also disclose personal information where we are required to do so by law, to enforce our Terms, or to protect the rights, property, or safety of Megaprompt, our users, or others.

We do not sell or rent your personal information. We do not share it with third parties for cross-context behavioural advertising. We do not use it to train third-party AI models.

6. International transfers

Our service providers are mostly based in the United States. If you are located in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with cross-border transfer rules, your personal information will be transferred to the US when you use the Site or buy a Product. We rely on the following safeguards:

  • Standard Contractual Clausesapproved by the European Commission (and the UK’s International Data Transfer Addendum where applicable) in our contracts with US-based processors, together with the supplementary measures recommended by the European Data Protection Board.
  • Data Privacy Framework certifications where the receiving processor participates (for example, Stripe and Google).

Australian users: where personal information is transferred overseas, we take reasonable steps to ensure that the recipient handles it in a way consistent with the APPs, as required by APP 8.

7. How long we keep your information

  • Free-sample subscribers (with marketing consent) — until you unsubscribe; we keep the consent record for evidentiary purposes for up to 7 years after the consent was given or withdrawn.
  • Free-sample subscribers (no marketing consent) — up to 12 months from your last interaction, then deleted.
  • Purchase records — for the period required by Australian tax law (currently 5 years from the date of the transaction), then archived or deleted.
  • Support tickets and custom-bible requests — up to 3 years after the issue is closed, then deleted.
  • Page-view counters and rate-limit data — daily counters for up to 60 days; rate-limit state is short-lived (minutes to hours).

8. Cookies and similar technologies

We use a small number of strictly necessary first-party cookies (for example, the encrypted session cookie that keeps you logged in to the customer portal). We do not use third-party advertising cookies, social media cookies, or cross-site tracking cookies. We do not display ad-tracking pixels.

We use Vercel’s privacy-friendly analytics which records aggregate page views without setting cookies or storing personal identifiers, alongside a lightweight page-counter we maintain ourselves. Neither system stores your IP address in identifiable form.

9. Your rights — by region

Everyone

Regardless of where you live, you can email us at hello@mega-prompt.com to:

  • request a copy of the personal information we hold about you;
  • ask us to correct inaccurate information;
  • ask us to delete your information (subject to our legal record-keeping obligations);
  • unsubscribe from marketing emails (or use the one-click link in any marketing email);
  • ask us a question about this policy.

We will respond within 30 days (or sooner where required by your local law) and we do not charge for honouring a privacy request.

EEA, UK and Switzerland (GDPR / UK GDPR)

You have the rights to: access; rectification; erasure (the “right to be forgotten”); restriction of processing; data portability; objection to processing based on legitimate interests; objection to direct marketing; not to be subject to a decision based solely on automated processing that produces a legal or similarly significant effect; and to withdraw consent at any time. You also have the right to lodge a complaint with your national data protection authority. We do not have an EU representative under Article 27 of the GDPR; if you believe one is required for our processing, please contact us and we will respond.

California (CCPA / CPRA)

If you are a California resident, you have the rights to: know what personal information we have collected about you; delete it; correct inaccurate information; opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined under California law); limit the use and disclosure of sensitive personal information; and the right to not be discriminated against for exercising any of these rights. To exercise any of these rights, email hello@mega-prompt.com with subject line “California Privacy Request”. We will verify your request by asking you to confirm via the email address we have on file.

Other US states (Virginia, Colorado, Connecticut, Utah, Texas, etc.)

You have rights that broadly mirror the California rights above under your state’s comprehensive privacy law. We will honour your verified request in accordance with the applicable state law.

Australia (Privacy Act 1988 / APPs)

You have rights to access and correct your personal information under APP 12 and APP 13. We will not generally charge for an access request. If you believe we have breached the APPs, you can complain to us first and, if not satisfied, to the Office of the Australian Information Commissioner (oaic.gov.au).

New Zealand (Privacy Act 2020)

You have rights of access and correction under Information Privacy Principles 6 and 7. If you believe we have breached the IPPs, you can complain to the Office of the Privacy Commissioner (privacy.org.nz).

Singapore (PDPA) and other APAC jurisdictions

You have rights of access and correction under the PDPA. Equivalent rights apply in many other APAC jurisdictions (Hong Kong PDPO, Japan APPI, South Korea PIPA, Philippines DPA, Indonesia PDP Law, India DPDP Act 2023, China PIPL where it applies, etc.). To exercise any right under these laws, contact us at hello@mega-prompt.com; we will respond in line with the timeframes set by the applicable law.

Canada (PIPEDA)

You have the rights of access and correction under the Personal Information Protection and Electronic Documents Act and equivalent provincial laws (e.g. Quebec Law 25). You may complain to the Office of the Privacy Commissioner of Canada.

10. Marketing and unsubscribing

We only send marketing emails to people who have actively ticked the marketing consent box. Every marketing email contains a one-click unsubscribe link; clicking it removes you from the list immediately and we keep an audit record of the unsubscribe. You will still receive transactional emails relating to purchases or accounts you have (purchase delivery, access-recovery links, refund confirmations) because these are not marketing.

11. Children

The Site is not directed at children under 16 and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Security

We use industry-standard technical and organisational measures to protect personal information, including encryption in transit (HTTPS), encryption at rest by our processors, JWT-signed session tokens for the customer portal, rate-limiting, server-side input validation, audit logging, and HMAC-signed one-click unsubscribe links. No system is perfectly secure, however, and we cannot guarantee absolute security.

13. Data breach notification

If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the relevant regulator in accordance with the law that applies to us, which currently includes the Notifiable Data Breaches scheme under the Australian Privacy Act and equivalent obligations under the GDPR/UK GDPR.

14. Automated decision-making

We do not make decisions that produce legal effects or similarly significant effects based solely on automated processing of your personal information.

15. AI-generated content and your inputs

Our prompt bibles are templates you submit to third-party AI tools (such as ChatGPT, Claude, Gemini). Anything you paste into those tools — including any personal information of yours or anyone else’s that you include in the brackets — is processed by that AI provider under their privacy policy, not ours. You are responsible for understanding those policies and not pasting personal information into AI tools where doing so would breach your own legal obligations.

16. Changes to this policy

We will post updates to this page and update the “Last updated” date above. Material changes that affect your rights will be highlighted on the Site and, where the law requires, separately notified to you.

17. Complaints

If you have a complaint about how we have handled your personal information, please email hello@mega-prompt.com and we will investigate and respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your national or state privacy regulator (see Section 9 for the major regulators).