Privacy Policy

1. Introduction

Prism ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Prism platform, website, and mobile application (the "Service"). By using the Service, you agree to the practices described in this policy. This policy is incorporated into our Terms of Service.

2. Data We Collect

We collect the following categories of personal information:

• Account data: Email address, password (hashed, never stored in plaintext), and authentication tokens.
• Profile information: Display name, age, role/preferences, and bio that you choose to provide.
• Photos and media: Images you upload to your profile or send within the app. Adult/explicit content is only viewable by other registered users 18+.
• Location data: Approximate GPS coordinates, only if you explicitly grant location permission. Used solely for distance-based profile sorting. Precise coordinates are never shared with other users.
• Messages: Content of private conversations you send and receive within the app.
• Usage data: Device type, browser type, IP address, pages visited, and interaction logs, collected automatically for security and service improvement.
• Legal records: Timestamp and record of your agreement to our Terms of Service, retained for compliance purposes.

3. How We Use Your Data

We use your personal information solely to operate and improve the Prism platform:

• Authenticating your account and maintaining security
• Displaying your profile to other users
• Enabling messaging and reactions between users
• Sorting profiles by proximity (using location data, if granted)
• Detecting and preventing fraud, abuse, and Terms violations
• Complying with legal obligations (including reporting CSAM to NCMEC)
• Improving the Service based on aggregated, anonymized usage patterns

We do not sell your personal information. We do not use your data for third-party advertising or share it with data brokers.

4. Adult Content and Sensitive Data

Prism is an adult platform. Photos and messages may include sexually explicit content shared between consenting adults. We treat this content with heightened care:

• Explicit profile photos are only visible to authenticated users who are 18+.
• Explicit content in messages is only visible to the intended conversation participants.
• We do not analyze or use the content of your messages or explicit photos for any purpose other than delivering them to the intended recipient and complying with legal obligations.
• We may scan uploaded media for known CSAM fingerprints using industry-standard hash-matching tools, as required by applicable law.

5. Third-Party Service Providers

We use the following third-party services to operate Prism. These providers process your data on our behalf under data processing agreements:

• Supabase — Our primary backend provider, handling authentication, database storage, and file (photo) storage. Supabase is SOC 2 Type II certified. Data is stored on servers in the United States. Supabase Privacy Policy: supabase.com/privacy
• Google — If you choose "Sign in with Google," Google processes your Google account information to authenticate you. Google's Privacy Policy applies to that authentication step: policies.google.com/privacy
• Vercel — Our hosting and content delivery provider. Vercel Privacy Policy: vercel.com/legal/privacy-policy

We do not share your personal data with any other third parties except as described in this policy or required by law.

6. Data Retention

We retain your data only as long as necessary:

• Active accounts: All data retained while your account is active.
• After account deletion: Profile info, photos, messages, and location data are permanently deleted within 30 days.
• Legal compliance records: A minimal audit record (email address, account creation date, deletion date, ToS acceptance timestamp) is retained for up to 7 years for fraud prevention and legal compliance.
• Abuse/CSAM reports: Records related to NCMEC reports or law enforcement requests are retained as required by applicable law.

7. Your California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g., legal compliance records).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale: We do not sell personal information. No opt-out is required, but you have this right regardless.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, you can delete your account through the app's profile settings, or contact us at support@prismapp.us. We will respond to verifiable requests within 45 days.

8. Your General Privacy Rights

Regardless of your location, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Delete: Request deletion of your account and associated data at any time through the app.
• Correct: Update your profile information directly within the app.
• Withdraw consent: Revoke location access at any time through your device settings.
• Data portability: Request an export of your personal data by contacting us.

9. Security

We implement industry-standard technical and organizational security measures to protect your personal information, including encrypted data transmission (HTTPS/TLS), hashed passwords, access controls, and SOC 2 compliant infrastructure. However, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

10. Cookies and Local Storage

Prism uses browser local storage and session storage to store session information (such as your profile ID and unread message counts) on your device. We do not use third-party tracking cookies or analytics cookies. Authentication tokens are managed by Supabase and stored in secure cookies.

11. International Data Transfers

Prism is operated from the United States and your data is stored on US-based servers. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. The United States may not provide the same level of data protection as your home country. By using the Service, you consent to the transfer of your data to the United States.

As Prism expands internationally, we will update this policy and implement additional protections (such as Standard Contractual Clauses for EU/EEA users) as required by applicable law.

12. Children's Privacy (COPPA)

Prism is strictly for users 18 and older. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will immediately terminate their account and delete their data. If you believe a minor has created an account, please contact us immediately.

13. Law Enforcement and Legal Disclosures

We may disclose your personal information to law enforcement, government agencies, or other parties when required by law, court order, or legal process. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of any person, or investigate fraud or a serious security incident. Any CSAM discovered on the platform will be immediately reported to NCMEC and relevant authorities as required by 18 U.S.C. § 2258A.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the app or email at least 14 days before changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

15. Contact Us

For privacy-related questions, data requests, or to report a concern:

Prism App
San Francisco, California
support@prismapp.us

For CSAM reports, contact NCMEC at www.cybertipline.org or 1-800-843-5678.