Last updated: 4 June 2026
Liaison is built and operated by Warm Regards Studios Pty Ltd (“Warm Regards”, “we”, “us”), a company registered in Victoria, Australia (ABN 78 695 091 993; ACN 695 091 993). This policy explains what personal information we collect when you use the Liaison desktop app, the website at promptliaison.ai, and the hosted services that support them, how we use it, and who it is shared with. It is written to be read, not to hide things.
When you create an account we collect your email address. If you sign in with Google or GitHub, we receive the basic identifying information those providers return (your email and a provider account identifier) so we can create and authenticate your account. Authentication is handled by Supabase on our behalf.
When you buy Liaison, payment is processed by Stripe, which acts as the merchant of record (the legal seller) for the transaction. Stripe collects and holds your payment details (such as card information) directly. We do not receive or store your card number. From Stripe we receive your billing name, the country/region needed for tax, and the status of your purchase or subscription, so we can grant and manage your access. Because Stripe is the merchant of record, your bank or card statement will show Stripe (not “Warm Regards”) as the seller.
The desktop app generates a random identifier for your installation (a random UUID, stored locally on first launch). It is not derived from your hardware and is not a fingerprint. We use it only to enforce the one-active-device-at-a-time limit that protects against licence sharing, and to let you sign out a device.
If you use the optional receipt feature as a paying user, your app asks our backend to cryptographically sign each saved receipt (see “Receipt identity” below). When it does, we log a minimal security record of that event: the SHA-256 hash that was signed (not the prompt content), the account and device that requested it, the time, and the originating IP address. We use these records for abuse detection and to keep the signing service honest.
If you email us or submit a contact form, we receive what you send (your message, name, and email). Transactional and contact emails are delivered via Resend.
The desktop app and our servers keep basic operational and crash logs to diagnose problems. These never contain prompt content.
Some data stays entirely on your machine and is never sent to us: your recent prompt history, the random device identifier, your own LLM provider API key (stored in your operating system’s secure credential store on the Lifetime plan), and any receipt files you save. You control these files and can delete them at any time.
Liaison formats your prompt by making a single call to a large language model. There are two paths, depending on your plan:
The receipt feature anchors your work in time using DigiCert’s public RFC 3161 timestamp authority. Only an opaque SHA-256 hash is ever sent to DigiCert. DigiCert never receives prompt content, model names, your identity, or anything that could reconstruct what you recorded. The hash goes in, a signed timestamp comes back.
Important and permanent. If you enable this feature, your real billing name is cryptographically and permanently embedded into the signature of every receipt you save while it is on. This is a disclosure of your identity, not just internal use: anyone you give that receipt to can independently verify it was made by a named, paying Liaison account. A signature cannot be removed or undone. Switching to Anonymous later only affects receipts you sign after the change; receipts already signed keep the name forever. We confirm this in the app at the point you turn it on, before any named receipt is created.
If you are signed out, on no active paid plan, or save with the feature off, no signature and no name are added, and the receipt is still a valid, tamper-evident document.
This section is about our marketing website at promptliaison.ai. The desktop app does not use any of this.
We use a single strictly-necessary cookie to keep you signed in to your account. That one is essential and is always on; without it you could not stay logged in.
For everything else (measuring how people discover Liaison and whether our ads work), we use Google Analytics 4 and the Meta Pixel(with Meta’s Conversions API). These set cookies and share limited event data (such as the pages you view and whether you signed up) with Google and Meta, who may use it to attribute and improve advertising. Where you provide an email at sign-up, it is hashed before any server-side event is sent, so the raw address is never shared.
None of this loads until you accept it. When you first visit, a banner asks you to accept or decline. Nothing from Google or Meta loads, and no analytics cookie is set, unless you accept. Declining is as easy as accepting and leaves the site fully functional. Your choice is remembered in your browser, and you can change it at any time using the Cookie preferences link in the bottom corner of every page. We also honour the browser-level Global Privacy Control signal where your browser sends one.
To learn how these providers handle data, see Google’s and Meta’s own privacy policies. We do not use this data to build advertising profiles ourselves, and we never sell it.
We use a small number of trusted service providers to run Liaison. Each receives only what it needs for its function, and they operate in various countries (mainly the United States and the European Union):
We do not sell personal information, and we do not share it with advertisers or data brokers. If we add or change a subprocessor in a way that materially affects how your data is handled, we will update this list and, where required, give notice. We may disclose information if required by law, or to protect the rights, safety, and security of our users and our service.
Where data-protection law requires a legal basis, ours are:
Account and purchase records: kept while your account is active and for up to 7 years after closure to meet Australian tax and accounting obligations, then deleted or anonymised. Signing-event security logs (including IP address): retained for up to 12 months for abuse detection, then deleted or aggregated into non-identifying statistics. Support correspondence: kept for up to 24 months. Where law requires us to retain certain records (for example, transaction records Stripe holds as merchant of record), we retain only what the law requires. If you delete your account, we delete or anonymise the personal information we hold, except for records we are legally required to keep.
We only send marketing or promotional email if you opt in, and every such email has a working unsubscribe link, in line with the Spam Act 2003 (Cth) and equivalent laws. Essential service emails (such as purchase confirmations and password resets) are not marketing and are sent as part of providing the service.
You can access, correct, or request deletion of the personal information we hold about you, object to certain processing, withdraw any consent you have given, and switch your receipt identity to anonymous at any time. To make a request, email support@promptliaison.ai.
Australia. We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth). If you have a privacy complaint, email support@promptliaison.ai with the details. We will acknowledge within 5 business days and aim to resolve within 30 days; if we need longer we will tell you why and give a revised timeframe. If you are not satisfied, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au; 1300 363 992).
European Economic Area / UK.If you are in the EEA or UK, you have rights under the GDPR / UK GDPR including access, rectification, erasure, restriction, portability, objection (Article 21), and the right to withdraw consent at any time (Article 7(3)). You may lodge a complaint with your local data protection authority (in the UK, the Information Commissioner’s Office at ico.org.uk).
United States.We are not currently a “business” subject to the California CCPA/CPRA or to other US state privacy laws (we fall below their thresholds), but we apply their principles. We collect only the categories described above (identifiers such as email and a provider account ID; commercial information such as purchase or subscription status; and, in signing-event logs, an IP address), from you and from our payment and authentication providers, only for the purposes described above. We do not collect sensitive personal information for inference or profiling. We have not sold or shared personal information in the preceding 12 months, and we will not. We do not discriminate against you for exercising your rights. To exercise the rights to know, delete, or correct, email support@promptliaison.ai; an authorised agent may submit a request with your written authorisation. Residents of other US states with privacy laws have equivalent rights, which we honour on the same basis.
Warm Regards is based in Australia and our service providers operate in other countries, including the United States and the European Union. Using Liaison therefore involves transferring your personal information overseas. Where a provider processes personal information from the EEA or UK, transfers are made under the European Commission’s Standard Contractual Clauses (and the UK Addendum/IDTA for UK data) incorporated into that provider’s data-processing terms; for transfers to Warm Regards in Australia we apply equivalent contractual protections. Australia is not currently the subject of an EU adequacy decision. For Australian users, we take reasonable steps to ensure overseas recipients handle your information consistently with the Australian Privacy Principles; some overseas recipients may not be bound by the Privacy Act 1988 (Cth) and you may not be able to seek redress under that Act against them. You can request the safeguards that apply to a specific transfer by emailing support@promptliaison.ai.
We use industry-standard measures to protect your information, including encryption in transit, scoped access controls, and isolating the receipt-signing key on a dedicated server. No system is perfectly secure, but we design Liaison to collect as little as possible in the first place, which is the best protection there is. If a data breach occurs that is likely to result in serious harm, we will assess it promptly and, where required, notify affected individuals and the relevant regulator — the OAIC under the Notifiable Data Breaches scheme (Privacy Act 1988 (Cth), Part IIIC), and for EEA/UK individuals the relevant supervisory authority and affected individuals under the GDPR/UK GDPR — without undue delay and within the timeframes those laws require.
Given the limited and low-risk nature of the personal information we process, we have not appointed a Data Protection Officer or an EU/UK representative under Article 27 of the GDPR/UK GDPR. You can reach us for any data-protection matter at the contact below.
We may update this policy as the product evolves. We will update the date at the top, and for material changes we will give reasonable notice through the app or by email.
Questions or privacy requests: support@promptliaison.ai.
WARM REGARDS STUDIOS PTY LTD
Level 10, 440 Collins Street
Melbourne VIC 3000
Australia
ABN 78 695 091 993; ACN 695 091 993