Privacy Policy

PRISM — Relationship Intelligence
Operated by Prism Spectrum, Dhaka, Bangladesh
Last updated: April 10, 2026

1. Information We Collect

When you use PRISM, we may collect:

• Account data: Name, email address, profile photo (via Google or Apple Sign-In)
• Contact data: Contacts you voluntarily add for relationship analysis (names, notes, behavioral observations)
• Usage data: Pages visited, features used, AI analysis requests
• AI interaction data: Prompts sent to AI, analysis outputs (stored for service improvement)
• Device data: Device type, OS version, browser type (for analytics and support)
• Payment data: Processed by SSLCommerz (BDT) or Paddle (international). We do not store card numbers.

2. How We Use Your Data

• Provide and personalise the PRISM relationship intelligence service
• Generate AI-powered behavioral analysis, compatibility scores, and communication coaching
• Process subscriptions and payments
• Improve service quality and AI model accuracy
• Send service notifications (not marketing, unless you opt in)

3. Third-Party Services

We use the following third-party services to operate PRISM:

• Supabase — Database hosting and authentication (Singapore region)
• Google Gemini AI — AI analysis and text generation (via server-side proxy)
• Google Imagen — AI image generation (via server-side proxy)
• Vercel — Frontend hosting
• SSLCommerz / Paddle — Payment processing
• Google Analytics 4 — Anonymous usage analytics
• Resend — Transactional email delivery

AI features are processed server-side. Your data is never sent directly from your browser to AI providers.

4. Data Retention

Your data is retained while your account is active. You can delete your account and all associated data at any time via the Account Deletion page.

5. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your account and all data (Request deletion)
• Export your data upon request
• Withdraw consent at any time by adjusting settings or contacting us

6. Cookies & Analytics

We use essential cookies for authentication and optional analytics cookies (Google Analytics 4). You can manage cookie preferences in your browser settings.

7. Children's Privacy

PRISM is designed for users aged 13 and above. We do not knowingly collect data from children under 13.

8. Data Security

We implement industry-standard security measures including encryption in transit (HTTPS/TLS), Row Level Security (RLS) on all database tables, JWT authentication, and rate limiting.

9. International Transfers

Data may be processed in Singapore (Supabase), the United States (Vercel, Google Cloud), and Bangladesh (our operations). We ensure appropriate safeguards are in place.

10. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with an updated date.

11. Contact

For privacy-related requests, contact:
Email: privacy@prismcharacter.com
Company: Prism Spectrum, Dhaka, Bangladesh