Privacy Policy

Introduction

This Privacy Policy describes how PrismSec, Inc. ("PrismSec," "we," "us," or "our") collects, uses, shares, and protects information when you use the PrismSec platform (the "Service"). We are committed to protecting your privacy and handling your data responsibly and transparently.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

Information We Collect

We collect information from and about you in the following categories:

Account and Contact Information

When you create an account or contact us, we collect information such as your name, email address, company name, billing address, and payment information. This information is necessary to provide the Service, process billing, and communicate with you.

Usage and Analytics Data

We automatically collect information about how you interact with the Service, including IP addresses, browser type, device identifiers, pages viewed, features used, session duration, and referral sources. This data helps us understand usage patterns, improve the Service, and detect security incidents.

Source Code and Repository Metadata

To perform security analysis, PrismSec accesses your source code repositories, pull request data, commit metadata, file structures, and related version control information. This is the core data processed by the Service to generate security findings and recommendations. See the "Source Code Handling" section below for details on how we process and protect this information.

How We Use Information

We use the information we collect for the following purposes:

• Provide and Improve the Service: To perform security reviews, generate findings, open fix pull requests, and deliver the core features of PrismSec.
• Security Analysis: To analyze your code for vulnerabilities, secrets, dependency risks, and misconfigurations, and to generate actionable remediation guidance.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Billing and Account Management: To process payments, send invoices, and manage your subscription.
• Service Improvement: To understand usage patterns, improve our algorithms and detection capabilities, and develop new features. (Note: we do not use customer source code to train machine learning models. See "Source Code Handling" below.)
• Communications: To send you transactional emails (e.g., account confirmations, security alerts) and, with your consent, marketing communications about PrismSec updates and offers.
• Security and Compliance: To detect, prevent, and respond to fraud, abuse, security incidents, and legal obligations.

Source Code Handling

Your source code is sensitive and proprietary. We handle it with the utmost care and respect:

• Least-Privilege Access: We access your repositories using scoped permissions that grant only the minimum level of access required to perform security analysis (read access to code and pull requests; write access only if you enable automatic fix pull requests).
• Processing for Security Analysis: Source code is processed by our security analysis engine to detect vulnerabilities, secrets, dependency risks, and misconfigurations. Findings are stored in your account dashboard and used to generate reports and fix pull requests.
• No Training on Customer Code: PrismSec does not use your source code, repository data, or security findings to train machine learning models or to improve our algorithms in ways that would derive insights from or expose your proprietary information.
• Encryption: All source code and related data are encrypted in transit (via TLS) and at rest (using industry-standard encryption methods).
• Retention and Deletion: We retain source code snapshots and analysis results for the duration of your account. Upon account termination or at your written request, we will delete your source code and related data in accordance with our data retention policies, subject to legal and backup retention requirements.

How We Share Information

We do not sell, rent, or trade your personal information or source code. We share information only in the following limited circumstances:

Service Providers and Subprocessors

We engage trusted third-party service providers to help us deliver the Service, including cloud hosting providers, payment processors, and analytics tools. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal and Compliance

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of our users.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will provide notice and ensure that the acquiring entity continues to honor this Privacy Policy.

Data Retention

We retain your account information, usage data, and source code analysis results for as long as your account is active or as needed to provide the Service. After account termination, we will delete or anonymize your data within a reasonable timeframe, subject to legal, accounting, or backup retention requirements.

Security

We implement industry-standard security measures to protect your information, including encryption (in transit and at rest), access controls, secure authentication, regular security audits, and vulnerability scanning. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you become aware of any security incident, please contact us immediately at hello@prism-sec.com.

Your Rights

Depending on your location, you may have the following rights with respect to your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request that we delete your personal information, subject to legal retention requirements.
• Portability: You may request a copy of your data in a structured, machine-readable format.
• Objection and Restriction: You may object to or request restriction of certain processing activities.
• Withdrawal of Consent: If we process your data based on consent, you may withdraw consent at any time (though this will not affect the lawfulness of prior processing).

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR). If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, and opt out of the sale or sharing of personal information (note: we do not sell personal information).

To exercise any of these rights, please contact us at hello@prism-sec.com. We will respond to your request within the timeframe required by applicable law.

International Data Transfers

PrismSec is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other countries. We take steps to ensure that your data receives an adequate level of protection, including through contractual safeguards with our service providers.

Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience, understand usage patterns, and deliver targeted content. Cookies are small text files stored on your device when you visit our website or use the Service.

The types of cookies we use include:

• Essential Cookies: Required for the Service to function (e.g., session authentication).
• Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics).
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (with your consent where required).

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information. If you believe we have collected information from a child, please contact us at hello@prism-sec.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify you by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also provide additional notice via email or through the Service. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

PrismSec, Inc.
855 El Camino Real, Suite 300, Palo Alto, CA 94301, USA
Email: hello@prism-sec.com