Privacy Policy

1. Introduction

Welcome to PrismPoster ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content transformation platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), name, and profile details
• Payment Information: Credit card details, billing address (processed securely via Stripe)
• Content Data: Topics, URLs, text content you submit for transformation
• Brand Voice Samples: Writing samples you provide for AI training
• Communications: Support emails, feedback, and correspondence

2.2 Automatically Collected Information

• Usage Data: Features used, content generated, platforms selected
• Device Information: IP address, browser type, operating system
• Cookies: Session IDs, preferences, analytics data (see Cookie Policy)
• Log Data: Access times, pages viewed, errors encountered

3. How We Use Your Information

• Service Delivery: Generate AI-powered content transformations
• Account Management: Maintain your account, process payments
• Personalization: Train brand voice models, save preferences
• Communication: Send transactional emails (receipts, password resets)
• Analytics: Improve our service, understand usage patterns
• Security: Prevent fraud, abuse, and unauthorized access
• Legal Compliance: Meet tax, regulatory, and legal obligations

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted partners who help us operate our service:

• Google Gemini API: AI content generation (your content is processed but not stored by Google)
• OpenAI API: Alternative AI provider for content generation
• Anthropic Claude API: Alternative AI provider for content generation
• LetzAI: AI image generation services
• Stripe: Payment processing (PCI-DSS compliant)
• Supabase: Database hosting (PostgreSQL)
• Vercel: Application hosting and deployment
• Resend: Transactional email delivery
• Sentry: Error monitoring and debugging (see Section 8 for session replay details)

4.2 Analytics Partners

With your consent, we share data with analytics providers to improve our service:

• PostHog: Product analytics, user behavior analysis, and session recordings. Data is processed in PostHog's EU region. PostHog Privacy Policy
• Google Analytics 4 (GA4): Website traffic analysis and conversion tracking. Google Privacy Policy
• Vercel Analytics: Web vitals and performance metrics for optimization. Vercel Privacy Policy
• Vercel Speed Insights: Real-time performance monitoring. Vercel Privacy Policy

Note: Analytics cookies are only loaded after you give explicit consent through our cookie banner. You can withdraw consent at any time via Cookie Settings.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.4 Business Transfers

If PrismPoster is acquired or merged, your data may be transferred to the new owner.

5. Your Rights (GDPR & CCPA)

5.1 EU Users (GDPR)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in JSON format
• Objection: Opt out of processing for marketing purposes
• Restriction: Limit how we use your data

5.2 California Users (CCPA)

• Know: What personal information we collect
• Delete: Request deletion of your information
• Opt-Out: Do not sell your personal information (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights: Email privacy@prismposter.com

6. Data Retention

• Active Accounts: Data retained while account is active
• Cancelled Subscriptions: Data retained for 30 days, then deleted
• Legal Requirements: Some data retained for tax/legal compliance (7 years)
• Backups: Deleted data may persist in backups for up to 90 days

7. Data Security

We implement industry-standard security measures:

• Encryption: HTTPS/TLS for data in transit, AES-256 for data at rest
• Authentication: Bcrypt password hashing, JWT sessions
• Access Controls: Role-based access, multi-factor authentication
• Monitoring: 24/7 security monitoring, intrusion detection
• Regular Audits: Quarterly security assessments

8. Cookies and Tracking

We use cookies and similar technologies organized into the following categories:

8.1 Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

• Authentication: Session tokens for secure login (NextAuth.js)
• Security: CSRF protection tokens
• Consent: Your cookie preference settings

8.2 Analytics Cookies (Consent Required)

These cookies help us understand how visitors use our website. They are only loaded after you give explicit consent:

• PostHog (ph_*): Product analytics, user journeys, session recordings
• Google Analytics (_ga, _gid): Traffic analysis, conversion tracking
• Vercel Analytics: Web vitals and performance metrics
• Vercel Speed Insights: Real-time performance monitoring

8.3 Sentry Session Replay

We use Sentry for error tracking. Session replay is only enabled with your analytics consent. Error tracking without replay is considered essential for service reliability. When session replay is enabled:

• All form inputs are automatically masked
• Only interactions with our own API are captured
• Recordings help us debug issues you experience

8.4 Managing Your Preferences

You can manage your cookie preferences at any time by clicking "Cookie Settings" in the footer, or by adjusting your browser settings.

See our Cookie Policy for a complete list of cookies and detailed information.

9. Children's Privacy

PrismPoster is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately at privacy@prismposter.com.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your own. We ensure adequate safeguards through:

• EU Standard Contractual Clauses (SCCs)
• Privacy Shield certification (where applicable)
• Data Processing Agreements with sub-processors

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of PrismPoster after changes constitutes acceptance.

12. Data Controller

The data controller responsible for your personal data is:

• Company: Prisma UG (haftungsbeschränkt)
• Address: Auf Ulca 2, 54310 Ralingen, Germany
• Email: privacy@prismposter.com
• Data Protection Officer: dpo@prismposter.com
• Cookie Settings: Manage Cookie Preferences

For privacy-related questions or to exercise your GDPR/CCPA rights, please contact us at the email addresses above.