Privacy Policy
Last Updated: January 30, 2026
1. Introduction
PrismPoster ("we," "our," or "us"), operated by [COMPANY_NAME] (a limited liability company registered in Estonia), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [WEBSITE_URL] and use our SaaS application (the "Service").
We act as a Data Controller for your account information and a Data Processor for the content you generate using our tools. By using the Service, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Personal Information (PII)
We collect information that identifies you personally when you register or update your account:
- Identity Data: Name, email address, profile picture (via OAuth providers like Google/GitHub).
- Authentication Data: Encrypted passwords (hashed via bcrypt), OAuth tokens.
- Financial Data: We do not store your credit card numbers. All payments are processed by Stripe, our PCI-DSS compliant payment processor. We only store a customer ID and subscription status.
2.2 Usage & Technical Data
We automatically collect certain information when you access the Service:
- Device Data: IP address, browser type, operating system, and device identifiers.
- Usage Logs: Pages visited, features used, time spent, and clickstream data (via PostHog).
- Cookies: Essential and analytical cookies (see our Cookie Policy).
2.3 Content Data
We store the inputs (text prompts, URLs, uploaded files) you provide to our AI tools and the outputs (text, images, video) generated by them. This content is linked to your user account.
3. How We Use Your Information
We use your data for the following legitimate business purposes:
- Service Delivery: To authenticate you, process payments, and generate AI content.
- Improvement: To analyze usage patterns and improve our AI models and user experience.
- Communication: To send transactional emails (receipts, password resets) via Resend.
- Security: To detect and prevent fraud, abuse, and security incidents (e.g., using IP rate limiting via Upstash).
- Compliance: To comply with legal obligations (e.g., tax laws, GDPR/CCPA requests).
4. Third-Party Processors
To provide our Service, we share data with trusted third-party service providers (Sub-Processors). All providers are vetted for security and compliance.
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Hosting & Edge Compute | USA / Global |
| Neon / Supabase | Database & Auth | USA |
| Stripe | Payment Processing | USA |
| Google (Gemini) | AI Text Generation | USA |
| Anthropic / OpenAI | AI Text Generation | USA |
| Replicate / Kling | AI Image/Video Gen | Global |
| PostHog | Analytics | EU / USA |
| Cloudflare R2 | File Storage | Global |
5. Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update inaccurate or incomplete data via your Settings page.
- Deletion ("Right to be Forgotten"): Request deletion of your account and associated data.
- Portability: Request your data in a structured, machine-readable format.
- Opt-Out: Opt-out of marketing communications or non-essential cookies.
To exercise these rights, please contact us at [CONTACT_EMAIL]. We will respond within 30 days.
6. Data Retention
We retain your personal information only as long as necessary to provide the Service or as required by law.
- Active Accounts: Data is retained indefinitely while your account is active.
- Deleted Accounts: Data is deleted within 30 days of account termination, except for financial records required for tax purposes (retained for 7 years).
7. Children's Privacy (COPPA)
Our Service is not intended for individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected such data, we will take steps to delete it immediately.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, primarily the United States. We rely on Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) to ensure your data remains protected in accordance with GDPR standards.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the Service constitutes acceptance of the changes.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact our Data Protection Officer:
[COMPANY_NAME]
Attn: Privacy Officer
[ADDRESS]
Estonia
Email: [CONTACT_EMAIL]