Cookies Policy

This Cookies Policy explains how Ironact, Inc. ("Prompt Architect", "we", "us") uses cookies and similar technologies on the Prompt Architect websites and platform. It supplements the Privacy Policy.

1. What are cookies?

Cookies are small text files placed on your device by a website. They are widely used to make websites work, to remember preferences, and to provide information to the site owner. "Similar technologies" include localStorage, sessionStorage, and pixel tags, which serve comparable purposes.

2. Categories of cookies we use

2.1 Strictly necessary (always on)

These cookies are essential for the website and the platform to function. They cannot be switched off in our systems. They are usually only set in response to actions you take, such as signing in or filling in forms. They do not require your consent under the ePrivacy Directive Art. 5(3), TDDDG § 25(2) (Germany), or French Loi Informatique et Libertés Art. 82.

2.2 Analytics

We use Google Analytics 4 ("GA4") on the marketing site (promptarchitect.app and language sub-paths) to understand aggregate traffic, blog readership, and which pages are most useful. GA4 sets the following first-party cookies on your browser; data is processed by Google LLC under the controller-to-controller terms in our DPA.

IP addresses are truncated by Google before storage (IP anonymisation). We do not link GA4 data to advertising networks and we have not enabled Google Signals or ads remarketing. Under the UK Data (Use and Access) Act 2025 (DUAA) and recent CNIL guidance, certain low-risk first-party analytics may be set without prior consent where users are informed and can opt out — we rely on that exemption for GA4 on the marketing site. You can opt out at any time using the Google Analytics Opt-out Browser Add-on or by blocking cookies in your browser. On the platform (studio.promptarchitect.app) we use PostHog for product analytics, gated behind the cookie banner — see section 2.3 below.

2.3 Product analytics (platform only)

On studio.promptarchitect.app we use PostHog to measure how authenticated users interact with the product (which features are used, where users get stuck, retention). PostHog is loaded as part of the platform's product analytics — its use is disclosed at sign-up under our Privacy Policy and is necessary to operate, secure, and improve the service. It sets the following first-party cookies:

Personally identifiable information (email, name) is attached to the PostHog person profile only once you sign in. We do not record session replays of inputs containing sensitive data — text inside <input> fields is masked by default.

2.4 Advertising

We do not use advertising or behavioural tracking cookies, and we do not share data with advertising networks. Google Signals and remarketing features in GA4 are disabled.

3. Consent and your choices

3.1 EEA, UK, Germany, France

Strictly necessary cookies do not require consent. Any non-essential cookies — should we add them — will only be set after you give consent through the cookie banner. Our banner provides "Accept all" and "Refuse all" buttons of equal prominence on the first layer (per CNIL Délibération 2020-091 and ICO guidance), and a persistent "Cookie preferences" link in the footer lets you withdraw consent as simply as you gave it (LIL Art. 82). You can change or withdraw consent at any time.

The legal bases are:

• ePrivacy Directive (2002/58/EC) Art. 5(3) as transposed into national law;
• France: Loi Informatique et Libertés Art. 82 and CNIL guidance (including 2025 SAN decisions);
• Germany: § 25 TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, renamed from TTDSG on 13 May 2024). We aim to comply with the German Consent Management Ordinance (Einwilligungsverwaltungsverordnung, in force 1 April 2025) if and when we integrate a recognised CMS.

3.2 Korea

Strictly necessary cookies are used to perform the contract for the Services and to provide functions you have requested. Where consent is required under the Personal Information Protection Act (PIPA § 22 et seq.) — for example to set cookies for marketing — we obtain it through the cookie banner.

3.3 Browser controls

You can also control cookies through your browser settings:

• Chrome — Settings → Privacy and security → Cookies and other site data
• Safari — Preferences → Privacy → Manage Website Data
• Firefox — Settings → Privacy & Security → Cookies and Site Data
• Edge — Settings → Cookies and site permissions → Cookies and site data

Disabling strictly necessary cookies may prevent the Services from functioning correctly.

4. Do Not Track and global opt-out signals

We respect the following standardised opt-out preference signals:

• Global Privacy Control (GPC) — California (Cal. Civ. Code § 1798.135(b)).
• Universal Opt-Out Mechanisms required by Colorado (effective 1 July 2024) and Connecticut (effective 1 January 2025), and similar mechanisms in Texas (TDPSA), Oregon (OCPA), and any other state where required.

Legacy "Do Not Track" (DNT) signals from older browsers have no industry consensus and we do not respond to them; however, this has limited practical effect because we do not engage in cross-site behavioural tracking.

5. Changes

We will update this Cookies Policy whenever the set of cookies we use changes materially. The "Last updated" date at the bottom always reflects the current version. If non-essential cookies are added, we will re-prompt for consent where required.

6. Contact

Questions about this Cookies Policy: contact@ironact.net