Privacy Policy

Last Updated: January 1, 2026

1. Information We Collect

Account Information

Email address, name, organization details, and billing information

Usage Data

API calls, validation tier routing, query patterns, and performance metrics

Technical Data

IP addresses, browser types, device information, and system logs

2. How We Use Your Data

  • Provide and improve our AI validation services
  • Process queries through our 5-tier validation architecture
  • Generate analytics and performance reports
  • Detect and prevent fraud or abuse
  • Communicate service updates and support
  • Comply with legal obligations

3. Data Processing

Your queries are processed through our validation tiers:

  • T0 (NLP Preprocessor): Basic query analysis
  • T1 (Neuron Validation): Rapid pattern matching
  • T2 (SLM Validation): Small language model verification
  • T3 (LLM Validation): Large language model validation
  • T4 (ELM Expert): Expert-level consensus validation

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). We do NOT train models on your data without explicit consent.

4. Data Sharing

We do not sell your data. We may share data only with:

  • Service providers (hosting, payment processing) under strict NDAs
  • Law enforcement when legally required
  • Corporate transactions (mergers/acquisitions) with notice

5. Data Retention

Query logs: 90 days
Analytics data: 2 years
Account information: Duration of service + 30 days
Billing records: 7 years (legal requirement)

6. Your Rights

  • Access: Request copies of your data
  • Correction: Update inaccurate information
  • Deletion: Request data deletion (subject to legal obligations)
  • Portability: Export your data in machine-readable format
  • Objection: Opt-out of certain data processing

7. Security Measures

  • Post-quantum cryptography (ML-KEM-1024)
  • End-to-end encryption for sensitive data
  • Regular security audits and penetration testing
  • Role-based access control (RBAC)
  • Automated threat detection and response

8. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics cookies (Google Analytics) can be disabled in your browser settings.

9. International Data Transfers

Data is processed in US and EU regions. We use Standard Contractual Clauses (SCCs) for international transfers to ensure GDPR compliance.

10. Children's Privacy

Our services are not intended for users under 18. We do not knowingly collect data from children.

11. Changes to Policy

We will notify users of material changes via email or platform notifications 30 days in advance.

12. Contact

Data Protection Officer: privacy@prismbusiness.ai
General Inquiries: support@prismbusiness.ai