Skip to content

Legal

Prismr Privacy Policy

Last Updated: February 15, 2026

This Privacy Policy describes how Targeted Coaching International, Ltd., operating as Prismr ("we," "our," or "us"), collects, uses, stores, and protects your information when you use the Prismr application on macOS, Windows, or iOS (the "App") and our website at prismr.ai (the "Website"). Together, the App and Website are referred to as the "Services."

By using our Services, you agree to the collection and use of information as described in this policy.

1. Information You Provide to Us

1.1 Account Information

When you create a Prismr account, we collect:

  • Your email address
  • Your account is authenticated via a one-time passcode (OTP) sent to your email address. We do not collect or store passwords.
  • Your account is personal to you and may not be shared with or transferred to another person.

1.2 API Keys

Prismr handles two types of API keys differently:

  • Bring Your Own Key (BYOK). Prismr allows you to provide your own API keys for third-party AI providers, including Anthropic, OpenAI, Google, and OpenRouter. Your BYOK API keys are stored locally on your device. On iOS, keys are stored in the iOS Keychain. On macOS and Windows, keys are stored in Electron's secure storage. Your BYOK API keys are never transmitted to or stored on Prismr's servers. We do not have access to your BYOK API keys and cannot view, retrieve, or recover them.
  • Prismr-provided keys. When you use Prismr's built-in AI features (included with your subscription), we provision an API key on your behalf. This key is stored encrypted on Prismr's servers and is securely delivered to your device upon activation. Once on your device, it is stored in the same secure storage as BYOK keys (iOS Keychain or Electron secure storage). The key is used by your device to make direct requests to the AI provider. In the future, Prismr may change how these keys are handled, and we will update this policy before any change takes effect.

1.3 Payment Information

When you purchase a Prismr subscription, your payment may be processed through one of the following channels:

  • Creem.io. For purchases made through our website, payment is processed by Creem.io. We do not directly collect or store your credit card number, bank account details, or other financial information. Creem.io may share limited information with us, such as the last four digits of your card, your billing address, and transaction status. You can review Creem.io's privacy policy, terms of service, and data processing agreement.
  • Apple App Store and Google Play Store. For purchases made through mobile app stores, payment is processed by Apple or Google respectively. These transactions are governed by their own privacy and payment policies:

1.4 Support Communications

If you contact us for support via email or other channels, we may collect the content of your message, your email address, any attachments you send, and any diagnostic information you choose to share. This information is used solely to respond to your request and improve our Services.

2. Information We Collect Automatically

2.1 Device Information

When you activate Prismr on a device, we collect a device identifier and your IP address. The device identifier is used to manage your license and the devices associated with your account. Your IP address is recorded in our server-side audit log for security and abuse prevention purposes.

The device identifier varies by platform:

  • Desktop (macOS, Windows): A hash derived from your browser environment properties, including screen resolution, locale, and timezone. This is not a hardware serial number or OS-provided identifier. It is a soft fingerprint that may change if you alter your display settings, timezone, or update the application.
  • iOS: Apple's per-vendor identifier (identifierForVendor), a software UUID assigned by Apple. It is not a hardware serial number or advertising identifier.
  • Cloud sync: A separate, randomly generated identifier is created once per device for resolving sync conflicts when you use cloud storage. This is not derived from hardware.

None of these identifiers are hardware IDs.

2.2 Analytics

We do not currently collect any usage analytics, crash logs, or performance metrics. The App does not include any analytics SDKs (such as Firebase Analytics, Sentry, or similar services). If we add analytics in the future, we will update this policy and notify users.

2.3 Log Data

When you visit our Website, our servers may automatically collect standard log data, including your IP address, browser type, pages visited, and timestamps. This data is used to maintain and secure the Website.

2.4 Cookies

Our Website may use essential cookies required for basic functionality (such as payment checkout sessions). We do not use advertising or tracking cookies. Third-party services embedded on our Website (such as Creem.io for payments) may set their own cookies, subject to their respective privacy policies.

3. How Your Data Flows Through Prismr

This section explains what happens to your data when you use Prismr's features. We believe you should know exactly where your information goes.

3.1 AI Prompts and Responses (BYOK)

When you use your own API key to interact with an AI provider through Prismr:

  • Your prompt is sent directly from your device to the AI provider's servers using your API key. Prompts do not route through any Prismr server or proxy.
  • Prismr acts as an interface. We do not intercept, store, log, or process the content of your prompts or the AI-generated responses on our servers.
  • The AI provider receives and processes your data according to their own privacy policy and terms of service.

Note regarding OpenRouter: OpenRouter itself acts as a proxy to underlying LLM providers. If you use an OpenRouter API key, your prompts pass through OpenRouter's infrastructure before reaching the final AI model.

You are responsible for reviewing and accepting the privacy policies of any AI provider whose API key you use through Prismr. The relevant provider policies are:

Future changes: Prismr plans to route BYOK prompts through its own proxy infrastructure in the future. If and when this change occurs, we will update this policy and notify users before implementation.

3.2 AI Services Provided by Prismr

When you use Prismr's built-in AI features (not BYOK), your prompts are sent to AI providers using a Prismr-managed API key that has been securely provisioned to your device.

Current behavior: Your device makes requests directly to the AI provider using the provisioned key. Prismr's servers are not involved in routing prompt content. We do not see, log, or store the content of your prompts or AI responses. Planned behavior: In the future, prompts for Prismr-provided AI features may route through Prismr's proxy servers. When this change takes effect, conversation history may be stored on Prismr's servers to enable cross-device synchronization. We will update this policy and notify users before this change is implemented.

In all cases:

  • Usage is metered and counted against your plan's monthly allocation.
  • We do not use your prompt content or AI responses for training, advertising, or any purpose other than delivering the service to you.

3.3 Cloud Storage Integrations

Prismr allows you to connect third-party cloud storage services, including Google Drive, OneDrive, and Dropbox. When you connect a cloud storage service:

  • Authentication is handled directly between your device and the provider using OAuth 2.0 with PKCE and CSRF state validation. Your access tokens and refresh tokens are stored exclusively on your device (in the OS keychain on desktop, iOS Keychain on mobile) and are never sent to or stored on Prismr's servers.
  • Your files are accessed directly from your cloud storage provider. We do not copy, cache, or store your files on Prismr's servers.
  • All three cloud providers are granted read and write access to your files. This is required for Prismr to create, edit, and organize your project files.

Specific permissions requested:

  • Google Drive: Full file access (drive scope) and email address. This grants access to all files in your Google Drive, not only files created by Prismr.
  • Dropbox: File read/write, metadata read/write, sharing, and account info.
  • OneDrive: File read/write (Files.ReadWrite) and user profile.

Each cloud storage provider has their own privacy policy governing how they handle your data:

4. Data Stored on Your Device

Prismr stores the following data locally on your device:

  • Your project files, documents, and workspace settings
  • Chat history (full conversation transcripts with AI, including attachments), stored within your chosen project storage location
  • Project memories and document comments (including commenter email/initials and document position)
  • Application preferences and configuration (theme, model selections, persona and communication style settings)
  • API keys for third-party services (in secure, encrypted storage)
  • Prismr-provisioned API keys (in secure, encrypted storage)
  • Cloud storage authentication tokens (in secure, encrypted storage)
  • License validation data (email, device identifier)
  • Recent project list (project names, file paths, and last-accessed timestamps)
  • Cached metadata (available model lists, conversation thread indexes)
  • Your email address and initials (stored locally on your device for display in comments)

This data remains on your device and is not sent to Prismr's servers. If you connect a cloud storage provider (Google Drive, Dropbox, OneDrive, or iCloud), your project files and chat history are stored in your cloud storage account, not on Prismr infrastructure.

5. Firebase and Server-Side Data

Prismr uses Google Firebase for the following purposes:

  • Firebase Authentication: Managing user sign-in via email OTP (one-time passcode). Firebase processes your email address to authenticate your identity and issues authentication tokens.
  • Cloud Firestore: Storing your account record (email, account status, subscription tier, creation date), device registrations (device ID, device name, platform, app version), license-related data (usage counts per billing period, invite codes), and encrypted API keys provisioned for Prismr's built-in AI features.

Audit log. We maintain a server-side audit log in Cloud Firestore that records administrative and security-related events, including device activations, key provisioning, and sign-in activity. Each audit log entry may include the action type, your user ID, device ID, platform, app version, IP address, and timestamp. This log is used for security monitoring and abuse prevention. Audit log records are retained for the lifetime of your account and are deleted when your account data is deleted.

Prismr does not use Firebase Analytics, Firebase Crashlytics, or any other Firebase data-collection services.

Firebase processes data according to Google's privacy policy: https://firebase.google.com/support/privacy

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction that requires a legal basis for processing personal data, the following table explains the basis we rely on for each type of processing:

Purpose Legal Basis
Account creation and authentication Performance of a contract (providing the service you signed up for)
License management and device registration Performance of a contract
Payment processing Performance of a contract
Provisioning managed API keys Performance of a contract
Audit logging (sign-ins, activations, IP addresses) Legitimate interest (security and abuse prevention)
Server-side log data (website visits) Legitimate interest (maintaining and securing our services)
Responding to support requests Performance of a contract / Legitimate interest
Sending service-related communications Performance of a contract
Complying with legal obligations Legal obligation

We do not rely on consent as a legal basis for our core data processing because the data we collect is necessary to provide and secure the service. Where consent is required (for example, for any future analytics), we will obtain it before collecting that data.

7. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Prismr application
  • Verify your identity and manage your account
  • Manage your license and associated devices
  • Process payments and manage subscriptions
  • Send you important service updates (such as security notices or changes to these terms)
  • Respond to your support requests
  • Monitor for abuse or violations of our Terms of Service

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We do not use your data for advertising of any kind.

8. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share limited information in the following circumstances:

  • Service Providers. We work with third-party service providers who help us operate our Services (such as payment processors and hosting providers). These providers only receive the minimum information necessary to perform their services and are contractually obligated to protect your data. Current service providers include Google (Firebase, Cloud Run hosting), Creem.io (payment processing), and the AI providers listed in Section 3.
  • Legal Requirements. We may disclose your information if required to do so by law, or if we believe in good faith that disclosure is necessary to comply with legal process, protect our rights, or ensure the safety of our users.
  • Business Transfers. If Prismr is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

9. Data Security

We take reasonable measures to protect your information, including:

  • Storing API keys in platform-native secure storage (iOS Keychain, Electron secure storage)
  • Using HTTPS for all communications between the App and our servers
  • Using short-lived one-time passcodes for authentication
  • Encrypting Prismr-managed API keys at rest in our database
  • Using PKCE (Proof Key for Code Exchange) and CSRF state validation for all OAuth flows with cloud storage providers

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Data Retention

  • Account data is retained for as long as your account is active. To request account deletion, contact us at privacy@prismr.ai. We will delete your personal information within 30 days of a verified request.
  • Audit log data is retained for the lifetime of your account and is deleted when your account data is deleted following a deletion request.
  • Locally stored data (project files, chat history, API keys, settings) remains on your device until you delete it. Uninstalling the App removes most local data, though some OS-level items (such as macOS Keychain entries) may require manual removal.
  • Server-side log data (Cloud Run request logs) is retained for no longer than 30 days, excluding Google Cloud platform-level administrative logs, which are retained per Google's default policies.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate information.
  • Deletion: Request that we delete your personal information.
  • Portability: Request a copy of your data in a portable format.
  • Restriction: Request that we restrict processing of your personal information.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@prismr.ai. We will respond to verified requests within 30 days.

Data Protection Officer: Our Data Protection Officer can be reached at privacy@prismr.ai for any questions or concerns regarding your personal data.

Right to lodge a complaint: If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.

12. California Privacy Notice

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

Categories of personal information we collect: Identifiers (email address, device identifier, IP address) and internet or electronic network activity information (log data, license activation records). We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Your California rights include:

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale or sharing of personal information (we do not sell or share).
  • The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at privacy@prismr.ai.

13. International Data Transfers

Prismr is operated by Targeted Coaching International, Ltd., registered in the Cayman Islands. Our servers are hosted in Google Cloud facilities located in the United States. If you are accessing our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

For users in the EEA or UK, data transfers to the United States are necessary for the performance of our contract with you (providing the Prismr service). Google, as our infrastructure and Firebase provider, maintains data transfer mechanisms including Standard Contractual Clauses. By using the Services, you acknowledge and consent to this transfer.

14. Children's Privacy

Prismr is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@prismr.ai and we will take steps to delete that information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. If we make material changes, we will notify you through the App or by email.

Your continued use of Prismr after any changes take effect constitutes your acceptance of the revised policy.

16. Contact Us

If you have any questions about this Privacy Policy, contact us at:

Targeted Coaching International, Ltd.
PO Box 30080
Seven Mile Beach, Grand Cayman
Cayman Islands KY1-1201

Email: privacy@prismr.ai | Website: https://www.prismr.ai