Legal · PrismScope.ai, Inc.
Privacy policy.
1. Introduction and Scope
PrismScope.ai, Inc. ("PrismScope," "we," "our," or "us"), a Wisconsin corporation, operates the PrismScope Rays platform and associated website at prismscope.ai (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with the Services.
This Policy applies to two distinct categories of individuals:
- Subscribers: Businesses and individuals who create accounts and use the PrismScope platform to design and deploy conversational research campaigns.
- Respondents: Individuals who participate in AI-assisted interviews or surveys deployed by Subscribers through our platform.
PrismScope operates in two legal capacities depending on the data involved:
- As a data controller with respect to account, billing, and usage data collected directly from Subscribers.
- As a data processor (or service provider, in U.S. state law terminology) with respect to interview and conversational data that Subscribers collect from their Respondents using our platform.
If you are a Respondent, the Subscriber who invited you to participate in a research session is the primary data controller for your interview data. Please refer to that organization's own privacy policy for information about how they govern your data.
2. Information We Collect
2.1 Information Collected from Subscribers
Account and Identity Data
- Full name and email address
- Password (stored in hashed form via Clerk; PrismScope does not store plaintext passwords)
- Organization name and role
Billing and Payment Data
- Subscription plan, billing cycle, and payment history
- Payment card details are collected and processed exclusively by Stripe, Inc. PrismScope does not store full card numbers or CVV codes on its systems.
Usage and Behavioral Data
- Log data including IP address, browser type, operating system, and device identifiers
- Feature usage patterns, session duration, and navigation paths within the platform
- Campaign configuration data, question templates, and research design settings
2.2 Information Processed on Behalf of Subscribers (Respondent Data)
When Subscribers deploy research campaigns, the following categories of data may be collected from or about Respondents:
- Interview transcripts: Text records of AI-assisted conversational interviews
- Audio recordings: Where applicable and enabled by the Subscriber's configuration
- Respondent-provided metadata: Any identifying or demographic information a Respondent voluntarily provides during a session
- Session metadata: Timestamps, session identifiers, and completion status
PrismScope processes this data solely on behalf of the Subscriber under their instruction. We do not use Respondent interview data to contact Respondents, build independent profiles, or share it with third parties except as described in Section 4.
2.3 Information Collected Automatically
We collect certain technical data automatically when you interact with our website or platform, including cookies, web beacons, and similar technologies. See Section 9 for our Cookie Policy.
3. Consent and Legal Basis for Processing
3.1 Subscriber Consent
By creating an account and accepting our Terms of Service, Subscribers consent to the processing of their account, billing, and usage data as described in this Policy. We rely on contract performance and legitimate interests as our legal bases for this processing.
3.2 Respondent Consent
PrismScope employs a dual-layer consent model:
- Platform-level notice: Where PrismScope controls the interview interface, we display a clear, plain-language disclosure to Respondents before the session begins, informing them that their responses will be recorded, transcribed, and analyzed using AI.
- Subscriber-managed consent: Subscribers are contractually required under our Terms of Service to obtain all necessary consents from their Respondents prior to deploying a campaign.
4. How We Use Information
4.1 Subscriber Data
| Purpose | Legal Basis |
|---|---|
| Providing, operating, and maintaining the Services | Contract performance |
| Billing, invoicing, and subscription management | Contract performance |
| Account authentication and security | Contract performance / Legitimate interests |
| Platform analytics to improve features and reliability | Legitimate interests |
| Responding to support requests and communications | Contract performance |
| Sending product updates, release notes, and service notices | Legitimate interests |
| Compliance with legal obligations | Legal obligation |
| Marketing communications (opt-in only) | Consent |
4.2 Respondent Data
As a data processor, PrismScope uses Respondent data only for:
- Delivering the real-time interview experience to the Respondent
- Generating transcripts and AI-assisted analysis for the Subscriber
- Aggregated, de-identified analysis to improve platform model accuracy and performance
- Fraud prevention and abuse detection
- Compliance with legal obligations
We do not use Respondent data to serve advertising, build independent consumer profiles, or sell data to third parties.
5. Artificial Intelligence and Model Training
PrismScope uses large language models (LLMs) and AI infrastructure to power conversational interviews and generate analytical insights.
We do not use identifiable Subscriber or Respondent data to train or fine-tune AI models.
We may use anonymized and aggregated data derived from platform interactions to improve model performance. Before any such use, data is:
- Stripped of all direct identifiers (names, email addresses, organizational identifiers)
- Aggregated across multiple sources so that no individual response can be attributed to a specific Respondent or Subscriber
- Subject to a reasonable re-identification risk assessment
Subscribers may request, via written notice through our contact page, that their campaign data be excluded from any aggregated analysis. We will honor such requests within 30 days.
6. Disclosure and Third-Party Sharing
6.1 Sub-Processors
| Sub-Processor | Role | Location |
|---|---|---|
| Clerk, Inc. | Identity and authentication management | United States |
| Stripe, Inc. | Payment processing and billing | United States |
| Google Cloud Platform | Cloud infrastructure, database hosting, AI services | United States |
| Anthropic, PBC | Large language model API services | United States |
We will notify Subscribers of material changes to our sub-processor list with at least 30 days' advance notice.
6.2 Other Disclosures
We may disclose personal information to:
- Service providers performing functions on our behalf, bound by confidentiality obligations
- Legal and regulatory authorities when required by applicable law or court order
- Successors in interest in connection with a merger, acquisition, or sale of substantially all assets
- Professional advisors under appropriate confidentiality obligations
We do not sell personal information as defined under the CCPA/CPRA or any applicable U.S. state privacy law.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Subscriber account data | Duration of active subscription + 3 years |
| Billing and payment records | 7 years (tax and accounting compliance) |
| Interview transcripts and recordings | Up to 3 years from campaign close, or as configured by Subscriber |
| Usage and analytics logs | 24 months rolling |
| Anonymized/aggregated data | Indefinitely (no personal data present) |
Upon account termination, Subscribers may request export of their campaign data within 60 days. After 60 days, data is deleted from active systems. Residual copies in encrypted backups are purged on a rolling 90-day cycle.
8. Your Rights and Choices
8.1 Subscriber Rights
Subscribers may at any time:
- Access and review their account and billing information via the platform dashboard
- Correct inaccurate account information
- Delete their account and request deletion of associated data
- Opt out of non-essential marketing communications
- Request a copy of their personal data in a portable format
8.2 Respondent Rights
Because PrismScope acts as a data processor for Respondent data, requests to access, correct, or delete Respondent data should generally be directed to the Subscriber. PrismScope will cooperate with Subscribers to fulfill such requests.
8.3 U.S. State Privacy Rights
California (CCPA/CPRA): Right to know, right to delete, right to correct, right to opt out of sale or sharing, right to limit use of sensitive personal information, and right to non-discrimination.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA): Right to access, correct, delete, and obtain a portable copy of personal data; right to opt out of targeted advertising, profiling, and sale of personal data.
To submit a verifiable rights request, please use our contact page with the subject "Privacy Rights Request."
9. Cookies and Tracking Technologies
PrismScope uses cookies and similar technologies for:
- Essential/functional cookies: Authentication, security tokens, and core platform functionality
- Analytics cookies: Aggregate usage data to understand feature adoption and platform performance
- Preference cookies: Storing user interface preferences and settings
We do not use third-party advertising cookies or cross-site tracking cookies.
10. Data Security
PrismScope implements technical and organizational security measures including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Role-based access controls limiting employee access to personal data
- Hosting on Google Cloud Platform (SOC 2 Type II and ISO 27001 certified)
- Regular security assessments and penetration testing
- Incident response procedures for suspected data breaches
11. International Transfers
PrismScope is based in the United States and processes data on servers located in the United States. If you access the Services from outside the United States, your data will be transferred to and processed in the United States.
12. Children's Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email notification and a prominent notice on our website for at least 30 days prior to the effective date.
14. Contact Information
For privacy-related questions, requests, or concerns:
PrismScope.ai, Inc. Attn: Privacy Madison, Wisconsin Contact us