PRISM
← Back to PRISM

Privacy Policy

Last updated: 21 April 2026

1. What Data We Collect

PRISM collects only the minimum data required to provide the service:

  • ·Your email address and authentication credentials when you create an account.
  • ·PDF documents you choose to upload for analysis.
  • ·Queries you submit and the AI-generated responses.
  • ·Usage metadata — document count, query count, and token consumption — for billing and plan enforcement.
  • ·Audit logs — timestamped records of document uploads, queries, and deletions for your own security transparency.

2. How Your Data Is Stored

All data is stored on infrastructure operated by Supabase and Microsoft Azure, both of which maintain SOC 2 Type II compliance.

  • ·At rest: All files and database records are encrypted using AES-256.
  • ·In transit: All data is transmitted exclusively over HTTPS with TLS 1.3.
  • ·Isolation: Your documents are mathematically locked to your user identity using Row Level Security. No other user, firm, or tenant can access your files.

3. Your Right to Delete

You retain absolute control over your data. You can permanently delete any document at any time directly from the PRISM interface. Deletion is immediate and irreversible — it purges the original PDF, all extracted text chunks, all vector embeddings, and the complete chat history associated with that document. A timestamped Destruction Receipt is issued as cryptographic proof of permanent deletion.

To request deletion of your entire account and all associated data, contact us at the address below. We will process the request within 7 business days.

4. AI Training Policy

Your documents and chat history are never used to train any AI model. PRISM processes your documents in memory to generate answers. The AI infrastructure operates with content logging disabled. No third party — including our AI infrastructure provider — retains your document content after processing is complete.

5. Data Retention

Documents are retained for as long as your account is active and you choose to keep them. You can delete individual documents at any time. If you close your account, all associated data is permanently deleted within 30 days.

6. Who Can Access Your Data

Only you can access your documents. PRISM staff do not access user documents except where explicitly required to resolve a technical support issue you have raised, and only with your consent. We do not sell, share, or transfer your data to any third party for commercial purposes.

7. Contact

For privacy-related enquiries or data deletion requests, contact Epopteia at privacy@epopteia.com

Security Architecture →Back to PRISM