PRYSMERA.AI
Back to Home Start Free Trial

Privacy Policy

Legal

Last Updated: November 29, 2025

1. Introduction

Prysmera.ai ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered website assistant service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (encrypted at rest)
  • Password (hashed with bcrypt, never stored in plaintext)
  • Company/website domain
  • Account creation timestamp

2.2 Analytics Data

When visitors interact with websites using our SDK, we collect:

  • Anonymous session identifiers (no personally identifiable information)
  • Page URLs and navigation patterns
  • Element interactions (clicks, hovers, scroll depth)
  • Browser metadata (user agent, viewport size)
  • IP addresses (anonymized after 30 days)

2.3 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or sensitive payment data. We receive only subscription status, plan type, and transaction IDs from Stripe.

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Prysmera service
  • Process your subscription and payments
  • Generate website analytics and insights
  • Deliver AI-powered visitor guidance
  • Send transactional emails (payment failures, subscription changes)
  • Improve our product and develop new features
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted service providers who assist in operating our service:

  • Stripe - Payment processing
  • Google Cloud Platform - Hosting and infrastructure
  • Anthropic - AI model processing (Claude API)
  • Mistral AI - Brand intelligence analysis
  • SendGrid - Transactional email delivery

4.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures:

  • Encryption at rest - Sensitive fields encrypted with Fernet (AES-128)
  • Encryption in transit - TLS 1.3 for all connections
  • Password security - Bcrypt hashing with salt
  • Secret management - GCP Secret Manager for production secrets
  • Access controls - Row-level security (RLS) in PostgreSQL
  • API key validation - HMAC-SHA256 signatures
  • Session security - HttpOnly, Secure, SameSite cookies

6. Data Retention

We retain data as follows:

  • Account data - Retained while account is active
  • Analytics data - Retained per your subscription plan limits
  • IP addresses - Anonymized after 30 days
  • Deleted accounts - Data soft-deleted and purged after 30 days
  • Backup data - Retained for disaster recovery (30-day retention)

7. Your Rights (GDPR Compliance)

You have the following rights regarding your data:

  • Right to access - Request a copy of your data via GET /api/me
  • Right to deletion - Delete your account via DELETE /api/account or contact support
  • Right to portability - Export your analytics data from the dashboard
  • Right to correction - Update your account information in settings
  • Right to object - Opt out of analytics tracking (contact support)
  • Right to withdraw consent - Cancel your subscription at any time

To exercise these rights, contact us at privacy@prysmera.ai

8. Cookies and Tracking

We use the following cookies:

  • cic_session - Session authentication (HttpOnly, 7-day expiry)
  • prysmera_session - SDK analytics session (client-side, session-only)

Our SDK respects navigator.doNotTrack settings. Users who enable Do Not Track will not be tracked.

9. Children's Privacy

Prysmera is not intended for users under 18 years old. We do not knowingly collect information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

10. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure adequate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) where applicable.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website. Continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or concerns:

Email: privacy@prysmera.ai
Website: https://prysmera.ai
Address: [Your Company Address]

Terms of ServiceCookie PolicyData Processing AgreementBack to Home