Privacy Policy
This Privacy Policy describes how Prism Technologies, Inc. collects, uses, and protects your personal information.
1. Introduction
Prism Technologies, Inc. is committed to protecting your privacy. This Privacy Policy applies to all users of the Prism Service, including residents of the European Union (GDPR), California (CCPA/CPRA), and other jurisdictions with data protection legislation.
2. Data Controller
Prism Technologies, Inc., 110 5th Street, 4th Floor, San Francisco, CA 94103, USA. Registered office: 251 Little Falls Drive, Wilmington, DE 19808, USA. Privacy contact: [email protected].
3. Information We Collect
We collect: (a) information you provide (email address, name, billing information, support enquiries); (b) information collected automatically (IP address, device type, browser, usage data, cookies); (c) wallet addresses you connect for portfolio tracking; (d) computed analytics (P&L, allocation derived from on-chain data); (e) payment information processed by Stripe (we do not store full card numbers). We never collect private keys, seed phrases, or have any ability to execute transactions.
4. How We Use Your Information
We use your information to: provide the Service; process billing and manage subscriptions; maintain security and prevent fraud; improve the product; send service communications; conduct marketing (with your consent).
5. Legal Bases (GDPR Art. 6)
We process your data on the following legal bases: performance of a contract (providing the Service, billing); legitimate interests (security, product improvement, fraud prevention); consent (marketing, analytics and marketing cookies); legal obligation (compliance with legal requirements).
6. Cookies and Similar Technologies
We use: (a) strictly necessary cookies for Service operation; (b) analytics cookies to understand Service usage (with your consent); (c) marketing cookies (with your consent). You may manage your cookie preferences at any time through our consent tool.
7. Sharing Your Information
We may share your data with: cloud infrastructure providers (AWS in US and EU regions); analytics providers; payment processors (Stripe); tax data providers; customer support tools; professional advisers; competent authorities under legal obligation. We do not sell personal data.
8. International Transfers
Prism transfers data between the US and EU. Transfer mechanisms: Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework, and where applicable the UK IDTA.
9. Data Retention
Account data: active + 24 months after closure. Billing records: 7 years (US tax obligation). Tax reports: 7 years upon user request. Analytics cache: 7 days. Support tickets: 36 months. Security logs: 24 months.
10. Your Rights (GDPR and CCPA/CPRA)
Under GDPR (Arts. 15–22): access, rectification, erasure, restriction of processing, portability, objection, automated decisions, withdrawal of consent. Under CCPA/CPRA: right to know, delete, correct, opt out of sale (not applicable — we do not sell data), limit use of sensitive personal information, non-discrimination, authorised agent. To exercise your rights: [email protected]. Response within 30 days (45 days for CCPA requests).
11. Security Measures
We apply TLS 1.3 in transit, AES-256 at rest, multi-factor authentication, role-based access control, regular penetration testing, SOC 2 Type I (in progress), an incident response plan, and breach notification in accordance with GDPR Art. 33 and applicable state breach laws.
12. Children's Privacy
The Service is not directed to individuals under 18 (US) or 16 (EU). If we discover we have collected data from a minor, we will delete it promptly.
13. Do Not Track Signals
The Service currently does not respond to Do Not Track signals. You may manage your cookie preferences through our consent tool.
14. Marketing Communications
We send marketing communications only with your prior consent. You may unsubscribe at any time via the unsubscribe link in any email or by contacting [email protected].
15. Notice to California Residents
Under the CCPA/CPRA, California residents have the right to know the categories of personal information collected (12-month lookback), purposes, sources, recipients, and whether any sale has occurred (it has not). Requests: [email protected].
16. Notice to Nevada Residents
Nevada residents may request that we do not sell their personal information. As we do not sell personal data, this request has no practical application. For enquiries: [email protected].
17. Notice to Virginia, Colorado, Connecticut, and Utah Residents
Residents of these states may have rights similar to those under the CCPA. To exercise your rights: [email protected].
18. Changes to This Policy
We reserve the right to update this Policy. We will notify you of material changes at least 30 days in advance by email or prominent notice within the Service.
19. Contact
Prism Technologies, Inc. · [email protected] · 110 5th Street, 4th Floor, San Francisco, CA 94103, USA.