What we collect, what we don’t, and why.

Prism is a personal journal that uses AI to find patterns in your writing. The only way the product works is with your entries, so we treat them like the private thoughts they are: never sold, never used to train AI models, never shared with anyone other than the AI providers that process them on your behalf.

·Account data — email address, and a display name if you provide one. Used to sign you in and send account emails.

·Entries you write — the raw text, plus AI-generated classifications (entry type, themes, mood, tags) and embeddings (mathematical representations used for semantic search and pattern detection).

·Behavioral model — a summary the AI builds from your entries: recurring patterns, strengths, blind spots. It lives in your account and evolves as you write.

·Usage signals — standard server logs (IP address, browser, timestamps). Retained 30 days for security and debugging.

We use a small set of third parties to run the product. Each one only sees the data it needs:

·Anthropic & OpenAI — your entries are sent to their APIs to classify, format, and analyze. Both have zero-retention agreements on API traffic: they don’t retain or train on what we send.

·Supabase — our database and auth provider. Your entries are encrypted at rest.

·Vercel — hosts the web app. Receives standard request logs.

·Resend — sends account emails (confirmation, password reset). Only sees your email address.

·We don’t sell your data to anyone.

·We don’t use your entries to train AI models (ours or anyone else’s).

·We don’t read individual entries unless you’ve explicitly asked us to (e.g. through support).

·We don’t run advertising trackers or resell analytics data.

·Export — download everything tied to your account as a single JSON file at any time. Settings → Export my data.

·Delete all entries — wipe your content while keeping your account. Settings → Delete everything.

·Delete your account — permanent and immediate. Everything tied to your user id is removed. Settings → Delete account.

·Ask us anything — email support@primslens.net with privacy questions or requests.

Entries and account data stay as long as your account exists. When you delete your account or individual content, removal is immediate — no soft-delete grace period, no 30-day recovery window. Server logs rotate on a 30-day cycle.

If we change anything material, we’ll email active users before the change takes effect. The version you agreed to at signup stays governing until then.