◈ PRYSM

Privacy Policy

Effective: March 1, 2026 · Last updated: March 2, 2026

1. Overview

PRYSM ("we", "us") is committed to protecting your privacy. This policy describes how we collect, use, and safeguard your personal data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK Data Protection Act 2018, Brazil's LGPD, and other applicable data protection laws worldwide.

2. Data Controller

PRYSM is the data controller for personal data processed through our services. For GDPR inquiries, contact our Data Protection Officer at dpo@prysm1.com.

3. What We Collect

Account data: name, email address, and hashed password (or OAuth profile if using third-party sign-in). Billing data: processed and stored by Paddle — we never see or store full card numbers. Usage metadata: request count, model used, response time, and cost — never the content of your prompts or AI responses. Technical data: IP address (anonymized after 30 days), device type, and browser for security and fraud prevention.

4. What We Never Collect

Prompt content, AI response content, uploaded files, images, or any data you send to AI models through PRYSM. Your queries are routed directly to the selected AI provider — they pass through our routing layer but are never logged, stored, or used for any purpose including model training.

5. Legal Basis for Processing (GDPR Art. 6)

Contract performance: processing your requests to deliver the service you subscribed to. Legitimate interest: security, fraud prevention, and service improvement using anonymized aggregate data. Consent: marketing communications (opt-in only, withdrawable at any time).

6. Your Rights

Under GDPR, CCPA, LGPD, and equivalent laws, you have the right to: access your personal data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict or object to processing, data portability (export in machine-readable format), withdraw consent at any time, and lodge a complaint with your local supervisory authority. To exercise any right, email privacy@prysm1.com. We respond within 30 days.

7. Data Transfers

Your data may be processed in the EU, US, or other jurisdictions where our infrastructure providers operate. All cross-border transfers use Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent legal mechanisms.

8. Data Retention

Account data: retained while your account is active, deleted within 30 days of account closure. Billing records: retained for 7 years as required by applicable tax law. Usage metadata: anonymized after 90 days, aggregated statistics retained indefinitely.

9. Sub-processors

Paddle (payments and merchant of record), AWS/GCP (infrastructure), and AI providers (OpenAI, Anthropic, Google, etc.) as data processors for query routing. A full list of sub-processors is available at trust.prysm1.com.

10. Cookies

We use only essential cookies required for authentication and security. No advertising cookies, no tracking pixels, no third-party analytics that identify individual users.