Privacy

Privacy policy.

Last updated: April 30, 2026

The short version

PRISM treats birth data as the sensitive personal information it is. We encrypt it at rest with tenant-scoped keys, never train models on it, never sell it, and let you delete every record you’ve created at any time. We collect only what we need to compute charts and run the platform, and we tell you what we collect.

What we collect

  • Account information — your name, email, and authentication identifiers, provided when you sign up via Clerk.
  • Birth inputs — name (optional), date, time, and place of birth for each member you create. These are encrypted at rest.
  • Computed charts — the deterministic chart output for each member, derived from birth inputs. This is non-PII once computed.
  • Usage data — page views, feature usage, error logs, and minimal analytics necessary to operate the service.
  • Billing information — handled by Stripe; we receive only the subscription metadata, not your card details.

What we don’t collect

  • We don’t use third-party advertising trackers.
  • We don’t sell your data to anyone, ever.
  • We don’t train AI models on your charts or birth data.
  • We don’t share decrypted birth data outside your own session.

How we protect it

Birth data is field-level encrypted at rest using AES-256-GCM via per-tenant Data Encryption Keys, themselves wrapped with a Key-Encryption Key held outside the database. Database backups inherit the encryption. Access to production systems is logged and limited to a small operations team.

We use industry-standard infrastructure providers (Vercel for compute, Neon for Postgres, Clerk for authentication) and inherit their compliance certifications (SOC 2 where applicable). Security disclosures should be reported to privacy@prismhd.co.

Your rights

  • Access — view all data we hold about you, available in your account settings.
  • Correction — edit any birth inputs at any time; charts recompute automatically.
  • Deletion — delete any chart, member, or your entire account. Deletion is hard-delete, not soft-delete; data is purged from active databases within 24 hours and from backups within 30 days.
  • Export — download a JSON export of every chart you have computed.
  • Restriction — pause processing while you decide; contact privacy@prismhd.co.

Cookies

We use only the cookies necessary to operate the service: authentication session cookies (set by Clerk) and a single preference cookie storing your light/dark theme choice. We don’t use marketing or behavioral tracking cookies.

Children

PRISM is not directed to children under 13. If you are a parent or guardian using PRISM to compute charts for your minor children, you are responsible for the consent and the ongoing handling of that data, and you may delete it at any time.

Changes to this policy

We’ll notify you by email about any material changes to this policy at least 30 days before they take effect. Minor updates (typo fixes, link updates) are made without notice; this page’s “last updated” date reflects the most recent change.

Contact

Questions about this policy or about your data: privacy@prismhd.co. We respond within five business days.