Privacy Policy

Effective date: February 26, 2025

1. What We Collect

Account Data

When you create an account, we collect your email address and name. Passwords are hashed using bcrypt before storage — we never store plaintext passwords.

Uploaded Files

Files you upload are stored in Google Cloud Storage (GCS). We retain them until you delete them or your account is closed.

Analytics Events

We record analytics events when viewers interact with your shared links — including page views, downloads, and link clicks. These events help you understand how your content is being consumed.

Contact Emails

When viewers provide their email to access gated content, those emails are stored in your CRM contacts within Prismism.

IP Addresses

We never store raw IP addresses. All IP addresses are immediately hashed using SHA-256 before storage. This allows us to count unique viewers without tracking individual users.

Cookies

We use session cookies only. Our cookies are configured with HttpOnly, Secure, and SameSite=Strict flags. We do not use any third-party tracking cookies or advertising cookies.

2. How We Use Data

We use the data we collect to:

• Provide and maintain the Prismism service
• Authenticate your account and authorize access
• Generate analytics and insights for your shared content
• Enforce rate limits, prevent abuse, and ensure platform security
• Communicate important service updates

3. Data Retention

• Account data: Retained while your account is active
• Uploaded files: Retained until you delete them
• Analytics events: Retention varies by plan — Free: 30 days, Pro: 365 days, Business: 730 days
• Aggregate counters: Retained permanently (these contain no personally identifiable information)
• Contacts: Retained until you delete them

4. Data Sharing

• We never sell your data
• We do not use any advertising trackers
• We share data only with infrastructure providers necessary to operate the service (cloud hosting, storage)
• We may disclose data if required by law or valid legal process

5. Your Rights

• Access: You can access your data at any time through the dashboard or API
• Deletion: You can delete your files, contacts, and account at any time
• Export: Business tier users can export their data
• Contact: For any data-related requests, email hello@prismism.dev

6. Security

We take security seriously and implement the following measures:

• Password hashing: bcrypt with automatic salting
• IP anonymization: SHA-256 hashing — no raw IPs stored
• Session cookies: HttpOnly, Secure, SameSite=Strict
• API key generation: HMAC-SHA-256 signing
• Transport security: All traffic encrypted via HTTPS

7. Children

Prismism is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at hello@prismism.dev and we will promptly delete it.

8. Changes

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a notice on our website. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

9. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at hello@prismism.dev.