Privacy Policy

Last Updated: January 13, 2026

This Privacy Policy describes how Prism-AI collects, uses, and handles your information when you use our Chrome extension and associated services.

1. Information We Collect

In order to provide GDPR and ethical compliance auditing, we collect and process the following categories of data:

  • Website Content: When you initiate a compliance check, our extension reads the text content of the active browser tab.
  • Personally Identifiable Information: This includes names, email addresses, and identification numbers contained within the text you analyze.
  • Financial Information: This includes credit card numbers and bank details identified during the redaction process.

2. How We Use Information

We use the collected information solely for the following purposes:

  • To identify and redact sensitive personal information from your text.
  • To analyze content for ethical risks and GDPR compliance.
  • To provide real-time advice on data privacy and security.

3. Data Transmission and Security

We prioritize the security of your data through the following measures:

  • Encryption: All data is encrypted during transmission between your browser and our inference engine using TLS 1.3.
  • No Retention: We do not store or log the text content you analyze. Data is processed in volatile memory and is cleared immediately after the analysis is complete.
  • Infrastructure: We utilize secure, isolated serverless environments to ensure your data is never accessible to other users or unauthorized parties.

4. Disclosure of Information

We do not sell, trade, or otherwise transfer your personal information to outside parties. Data is only shared with our technical infrastructure providers (such as Modal or Vercel) for the sole purpose of executing the analysis you request.

5. Your Rights and Choices

You have the right to access the data we process on your behalf. Because we do not store your data after a session ends, your rights are primarily exercised by controlling the extension's access to your browser. You can disable the extension or revoke site permissions at any time through the Chrome extension settings.

6. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected by the Last Updated date at the top of this page. We encourage you to review this policy periodically.

7. Contact Information

If you have questions or concerns regarding this Privacy Policy, please contact us at nirman0511@gmail.com.

This policy outlines our commitment to your privacy under the General Data Protection Regulation (GDPR), the California Online Privacy Protection Act (CalOPPA), and the Children's Online Privacy Protection Act (COPPA).

GDPR Disclosure (European Union)

Under the GDPR, we act as the Data Controller for the information processed by Prism-AI. Our legal basis for processing your data is your explicit consent, which you provide by invoking the extension to perform an audit.

Your GDPR Rights include:

  • The right to be informed of data collection practices.
  • The right of access to any personal data handled during a session.
  • The right to rectification, erasure, and restriction of processing.
  • The right to object to data processing activities.

CalOPPA Disclosure (California, USA)

CalOPPA requires us to disclose exactly what personally identifiable information (PII) we collect. We collect names, physical addresses, email addresses, and financial account numbers for the sole purpose of redaction.

  • Review Process: Users may review or request changes to their data by contacting us via the email below.
  • Do Not Track (DNT) Signals: Our extension does not currently respond to or track "Do Not Track" browser signals, as all processing is ephemeral and session-based.
  • Policy Changes: We will notify users of significant changes to this policy by updating the "Effective Date" at the top of this page.

COPPA Compliance (Children Under 13)

Prism-AI is a general audience compliance tool and is not directed at children under the age of 13.

  • No Knowledgeable Collection: We do not knowingly collect, maintain, or use personal information from children under 13.
  • Parental Rights: If you are a parent or guardian and discover that your child under 13 has provided personal information to us, please contact us immediately to have that information deleted.
  • Safety First: We encourage parents and guardians to take an active role in their children's online activities and interests.

Data Security

We implement strict security measures, including TLS 1.3 encryption for all data in transit between your browser and our serverless inference engine. No data is permanently stored on our servers.

Contact Information

If you have questions regarding this policy, please contact our Data Protection Officer at: nirman0511@gmail.com.