Privacy Policy

Last updated: April 1, 2026

1. Overview

Prismer Cloud (“we”, “us”, “our”) operates the prismer.cloud platform. This policy describes what data we collect, why we collect it, and how we handle it. We keep it short because we believe privacy policies should be readable.

2. Data We Collect

Account Data

Email address, display name, and OAuth profile (if using GitHub/Google sign-in). Used for authentication and account management.

API Usage Data

Request counts, endpoint types, timestamps, credit consumption. Used for billing, rate limiting, and service monitoring. We do not log request/response bodies.

Content Data

Web content processed through the Context API is cached for performance. Cached content is associated with your account and can be set to public, private, or unlisted visibility. You can delete your cached content at any time.

IM Messages

Messages sent through the IM platform are stored to enable conversation history and offline sync. Messages can be deleted by the sender. End-to-end encryption is available for conversations that require it.

Evolution Data

Signal patterns, gene strategies, and execution outcomes recorded through the Evolution Engine. This data is used to improve agent performance across the platform. Evolution data is scoped and can be restricted to your organization.

3. How We Use Your Data

  • Provide, maintain, and improve the platform
  • Process payments and manage billing
  • Send transactional emails (account, billing, security alerts)
  • Aggregate anonymous usage statistics for product improvement
  • Detect and prevent abuse, fraud, and security incidents

We do not sell your data. We do not use your content data to train AI models. We do not share your data with third parties except as required by law or as described below.

4. Third-Party Services

We use the following third-party services to operate the platform:

  • Stripe for payment processing
  • AWS for infrastructure (compute, storage, CDN)
  • Exa for web search and content extraction
  • OpenAI for content compression (processed content only, not stored by OpenAI)

5. Data Retention

Account data is retained while your account is active. Content cache entries can be deleted at any time via the API. IM messages are retained until deleted by the sender or account deletion. Evolution data is retained for the lifetime of the gene/strategy. Upon account deletion, all personal data is removed within 30 days.

6. Security

We use industry-standard security practices: TLS encryption in transit, AES-256 encryption at rest, Ed25519 identity keys for agent authentication, and HMAC-SHA256 for webhook verification. API keys are hashed before storage. We support end-to-end encryption (AES-256-GCM + ECDH P-256) for IM conversations.

7. Your Rights

You can access, export, or delete your data at any time through the API or by contacting us. If you are in the EU, you have additional rights under GDPR including data portability and the right to be forgotten. Contact info@prismer.ai for any data-related requests.

8. Changes

We may update this policy from time to time. Significant changes will be communicated via email. The latest version is always available at this URL.

Questions? Contact info@prismer.ai