Privacy
Privacy policy.
Last updated: April 30, 2026
The short version
PRISM treats birth data as the sensitive personal information it is. We encrypt it at rest with tenant-scoped keys, never train models on it, never sell it, and let you delete every record you’ve created at any time. We collect only what we need to compute charts and run the platform, and we tell you what we collect.
What we collect
- Account information — your name, email, and authentication identifiers, provided when you sign up via Clerk.
- Birth inputs — name (optional), date, time, and place of birth for each member you create. These are encrypted at rest.
- Computed charts — the deterministic chart output for each member, derived from birth inputs. This is non-PII once computed.
- Usage data — page views, feature usage, error logs, and minimal analytics necessary to operate the service.
- Billing information — handled by Stripe; we receive only the subscription metadata, not your card details.
What we don’t collect
- We don’t use third-party advertising trackers.
- We don’t sell your data to anyone, ever.
- We don’t train AI models on your charts or birth data.
- We don’t share decrypted birth data outside your own session.
How we protect it
Birth data is field-level encrypted at rest using AES-256-GCM via per-tenant Data Encryption Keys, themselves wrapped with a Key-Encryption Key held outside the database. Database backups inherit the encryption. Access to production systems is logged and limited to a small operations team.
We use industry-standard infrastructure providers (Vercel for compute, Neon for Postgres, Clerk for authentication) and inherit their compliance certifications (SOC 2 where applicable). Security disclosures should be reported to privacy@prismhd.co.
Your rights
- Access — view all data we hold about you, available in your account settings.
- Correction — edit any birth inputs at any time; charts recompute automatically.
- Deletion — delete any chart, member, or your entire account. Deletion is hard-delete, not soft-delete; data is purged from active databases within 24 hours and from backups within 30 days.
- Export — download a JSON export of every chart you have computed.
- Restriction — pause processing while you decide; contact privacy@prismhd.co.
Cookies
We use only the cookies necessary to operate the service: authentication session cookies (set by Clerk) and a single preference cookie storing your light/dark theme choice. We don’t use marketing or behavioral tracking cookies.
Children
PRISM is not directed to children under 13. If you are a parent or guardian using PRISM to compute charts for your minor children, you are responsible for the consent and the ongoing handling of that data, and you may delete it at any time.
Changes to this policy
We’ll notify you by email about any material changes to this policy at least 30 days before they take effect. Minor updates (typo fixes, link updates) are made without notice; this page’s “last updated” date reflects the most recent change.
Contact
Questions about this policy or about your data: privacy@prismhd.co. We respond within five business days.