Privacy Policy

1. Introduction

PrismBot ("we," "us," or "our") operates an AI assistant platform accessible through Telegram. This Privacy Policy describes how we collect, use, store, and protect your information when you use our services. We are committed to protecting your privacy and maintaining transparency about our data practices.

Our service is hosted on Hetzner VPS infrastructure in Germany and uses Vercel for web application deployment, ensuring European data protection standards. We comply with applicable privacy laws, including GDPR.

2. Information We Collect

2.1 Account Information

When you create a PrismBot account, we collect:

• Name and email address
• Telegram user ID and username
• Subscription tier and billing information
• Authentication tokens and session data

2.2 Usage Data

We collect information about your interaction with PrismBot:

• Messages sent to and received from your AI assistant
• Knowledge base entries and memory data
• Command usage and feature interactions
• Technical logs for service operation and debugging
• Performance metrics and error reports

2.3 Payment Information

Payment processing is handled by Stripe. We store only subscription status, billing cycle, and transaction references. Full payment details are securely processed and stored by Stripe according to their privacy policy.

3. Google Workspace Integration

When you connect your Google Workspace account to PrismBot, we access specific Google services on your behalf to provide AI assistant functionality. This integration is optional and requires your explicit consent.

3.1 Google Data We Access

PrismBot requests access to the following Google services and data:

3.2 How We Use Google Data

Google user data is used exclusively to provide PrismBot services:

• AI Assistant Functionality: Your AI assistant can read emails, manage calendar events, access Drive files, and work with documents when you request such actions
• Task Automation: Performing actions you request, such as scheduling meetings, organizing files, or drafting emails
• Context and Memory: Building context about your preferences and workflows to provide more personalized assistance
• Integration Operations: Maintaining connections between PrismBot and your Google services

3.3 Google Data Storage and Security

Google user data is handled with the highest security standards:

• Data is encrypted in transit using TLS and at rest using AES-256 encryption
• Google OAuth tokens are stored securely and refreshed automatically
• Each user's data is isolated in separate database partitions
• Access logs are maintained for all Google API interactions
• Data is stored in EU-based servers (Germany) for GDPR compliance

3.4 Google Data Sharing and Third Parties

We do NOT sell your Google data to third parties. We do NOT use your Google data for advertising purposes. Google user data may be shared only in these limited circumstances:

• AI Processing: Message content may be sent to AI models for processing your requests
• Legal Requirements: If required by law enforcement or legal process
• Service Providers: With infrastructure providers (Supabase, Hetzner) under strict data processing agreements

3.5 Revoking Google Access

You can revoke PrismBot's access to your Google data at any time:

• Visit your Google Account settings at myaccount.google.com/permissions
• Remove PrismBot from your connected apps
• Contact us at support@prismbot.ai to request immediate data deletion
• Use the data deletion feature in your PrismBot dashboard

When access is revoked, we will delete your Google data within 30 days, except where retention is required by law.

4. Google API Services User Data Policy Compliance

PrismBot's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means:

• We use Google user data only to provide or improve our user-facing features
• We do not transfer Google user data to others unless necessary for these purposes, for security purposes, or to comply with applicable law
• We do not use or transfer Google user data for serving ads, including retargeting, personalized or interest-based advertising
• We do not allow humans to read Google user data unless required for security purposes, to comply with applicable law, or with your explicit consent

5. How We Use Your Information

We use collected information to:

• Provide Service: Operate and maintain PrismBot, process your messages through AI systems
• Personalization: Build your knowledge base, maintain conversation memory, and provide personalized responses
• Communication: Send service updates, billing notifications, and support responses
• Improvement: Analyze usage patterns to improve features and performance
• Security: Monitor for abuse, prevent unauthorized access, and maintain service integrity
• Compliance: Meet legal obligations and protect our rights

6. Data Storage and Security

6.1 Storage Infrastructure

Your data is stored using:

• Database: Supabase (PostgreSQL) with encryption at rest
• Hosting: Hetzner VPS in Germany for GDPR compliance
• Web Application: Vercel with global CDN
• Container Isolation: Each user gets an isolated Docker container

6.2 Security Measures

• End-to-end encryption for data in transit (TLS 1.3)
• AES-256 encryption for data at rest
• Regular security audits and vulnerability assessments
• Multi-factor authentication for administrative access
• Automated backup systems with encryption
• Network segmentation and firewall protection

6.3 Access Controls

Access to your data is strictly limited:

• Only you can access your AI assistant and data
• Our team accesses data only for technical support (with your consent) or security incidents
• All access is logged and monitored
• Consultant tier and above receive additional container isolation

7. Data Sharing and Third Parties

We do not sell your personal data. We may share information with:

7.1 Service Providers

• AI Providers: Third-party AI model providers for message processing
• Supabase: Database hosting and authentication
• Hetzner: Server hosting infrastructure
• Vercel: Web application deployment
• Stripe: Payment processing

All service providers are bound by data processing agreements and security requirements.

7.2 Legal Requirements

We may disclose information if required by:

• Court orders or legal processes
• Law enforcement requests with proper authorization
• Protection of our rights, property, or safety
• Prevention of fraud or abuse

8. Data Retention and Deletion

8.1 Retention Periods

• Account Data: Retained while your account is active
• Conversation History: Retained according to your subscription tier settings
• Google Data: Retained only as long as necessary to provide services
• Billing Records: Retained for 7 years for accounting and tax purposes
• Technical Logs: Retained for 90 days for security and debugging

8.2 Data Deletion

You can request deletion of your data:

• Delete specific conversations or knowledge base entries through the dashboard
• Request complete account deletion via support@prismbot.ai
• Automatic deletion 90 days after account cancellation
• Google data is deleted within 30 days of access revocation

9. Your Privacy Rights

Under GDPR and other privacy laws, you have the right to:

9.1 Access and Portability

• Request a copy of your personal data
• Export your data in a machine-readable format
• Access your data processing history

9.2 Correction and Updates

• Update your account information through the dashboard
• Request correction of inaccurate data
• Modify your Google integration settings

9.3 Deletion and Restriction

• Delete your account and all associated data
• Request restriction of data processing
• Object to data processing for legitimate interests

9.4 Exercising Your Rights

To exercise these rights:

• Use the privacy controls in your PrismBot dashboard
• Email us at support@prismbot.ai with your request
• We will respond within 30 days as required by law

10. Cookies and Tracking

10.1 Essential Cookies

We use essential cookies for:

• User authentication and session management
• Security features and fraud prevention
• Basic functionality and user preferences

10.2 No Tracking

We do NOT use:

• Third-party tracking cookies
• Advertising cookies or pixels
• Analytics cookies (beyond basic server logs)
• Cross-site tracking technologies

11. International Data Transfers

PrismBot is hosted in Germany (EU) to provide strong privacy protections. If you access our service from outside the EU:

• Your data is transferred to and stored in the EU
• We provide appropriate safeguards for international transfers
• EU data protection laws apply to your information
• Some AI processing may occur on servers outside the EU with appropriate protections

12. Children's Privacy

PrismBot is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it immediately. Parents who believe their child has provided information to us should contact support@prismbot.ai.

13. Privacy Policy Changes

We may update this Privacy Policy from time to time. When we make material changes:

• We will notify users by email at least 30 days in advance
• We will post the updated policy on our website
• We will update the "Last updated" date at the top
• Continued use after changes constitutes acceptance

14. Contact Information

For privacy-related questions, concerns, or requests:

• Email: support@prismbot.ai
• Contact Page: prismbot.ai/contact
• Data Protection Officer: support@prismbot.ai
• EU Representative: PrismBot, support@prismbot.ai

We aim to respond to all privacy inquiries within 48 hours and complete requests within 30 days as required by law.