Data Privacy
Understanding data privacy in Prisme.ai and how your information is protected
Prisme.ai is committed to protecting the privacy and security of your data. This page outlines our approach to data privacy, the measures we take to safeguard information, and the controls available to customers to manage their data effectively.
Our Data Privacy Principles
Data Ownership
Your data remains yours. Prisme.ai acts as a processor, not an owner of your information.
Transparency
Clear policies about what data is collected, how it’s used, and who can access it.
Security by Design
Privacy protection is built into our platform architecture, not added as an afterthought.
Compliance
Our practices align with major privacy regulations like GDPR, CCPA, and other regional standards.
How Prisme.ai Handles Your Data
Data Collection and Storage
Prisme.ai collects and processes different types of data to provide our services:
Information about users of the platform including:
- Account information (names, email addresses, organization details)
- Authentication credentials (securely stored and encrypted)
- User preferences and settings
- Activity logs for security and audit purposes
Information about users of the platform including:
- Account information (names, email addresses, organization details)
- Authentication credentials (securely stored and encrypted)
- User preferences and settings
- Activity logs for security and audit purposes
Information you create or upload to the platform including:
- Documents and files uploaded to knowledge bases
- Chat histories and interactions with AI agents
- Workspace and project configurations
- Custom prompts and AI settings
Technical information required for operations:
- Performance metrics and usage statistics
- Error logs and diagnostic information
- Infrastructure and security monitoring data
Data Processing
Prisme.ai processes your data in the following ways:
- Service Provision: To deliver our core platform functionality
- Performance Optimization: To improve response times and system reliability
- Security Monitoring: To protect against threats and unauthorized access
- Analytics: To provide insights about usage patterns and feature adoption
Data processing activities are governed by our Terms of Service and Data Processing Agreement (DPA) available to enterprise customers.
Data Segregation and Multi-Tenancy
Prisme.ai implements robust data segregation to ensure information from different customers remains separate and secure:
- Logical Segregation: Data is partitioned at the database and application layers
- Access Controls: Fine-grained permission systems prevent unauthorized cross-tenant access
- Tenant Isolation: Processing resources are isolated to prevent performance impact between tenants
For enterprise deployments, dedicated infrastructure options are available for enhanced isolation.
Data Sovereignty and Residency
Prisme.ai offers options to maintain data within specific geographical regions to comply with local regulations:
Regional Deployments
Choose where your Prisme.ai instance is hosted based on your compliance requirements
Data Storage Controls
Configure where your data is stored and processed
Processing Boundaries
Set boundaries for where data processing can occur
AI and Machine Learning Privacy Considerations
When using AI and machine learning features in Prisme.ai, additional privacy considerations apply:
Prisme.ai’s approach to AI privacy focuses on keeping you in control of how your data is used with AI models. We provide transparency about when information is sent to external AI services and offer options for using local models when data must remain within your environment.
LLM Data Usage
How LLMs Use Your Data
How LLMs Use Your Data
When you use large language models (LLMs) within Prisme.ai, your data may be processed by these models to generate responses. This might include:
- Queries you enter in chat interfaces
- Documents processed by the RAG system
- Contextual information provided to the AI
The extent of data sharing depends on whether you’re using Prisme.ai’s built-in models, your own deployed models, or third-party AI services.
External AI Service Privacy
External AI Service Privacy
When using external AI services (such as OpenAI’s GPT models, Azure OpenAI, Anthropic’s Claude, etc.):
- Data is transmitted to these services for processing
- Each service has its own privacy policies regarding data retention and usage
- Prisme.ai configures these integrations with privacy-preserving defaults
Enterprise customers can configure which external services are permitted and which are restricted based on their compliance requirements.
On-Premises AI Options
On-Premises AI Options
For organizations with stricter data privacy requirements, Prisme.ai offers:
- Support for locally deployed open-source LLMs
- Integration with private AI deployments
- Hybrid approaches that use local models for sensitive data
These options ensure that data never leaves your environment while still leveraging AI capabilities.
Privacy Controls for Administrators
Prisme.ai provides administrators with robust controls to manage data privacy:
Organization-Level Controls
- Data Retention Policies: Configure how long different types of data are retained
- Privacy Settings: Set organization-wide defaults for privacy options
- Access Control: Manage who can access different types of information
Project-Level Controls
- Data Classification: Label projects with appropriate sensitivity levels
- Sharing Restrictions: Control whether content can be shared externally
- Audit Logging: Track all access and modifications to sensitive projects
User Controls
- Permission Management: Define what actions users can perform with data
- Usage Transparency: View how user data is being utilized within the platform
- Data Subject Rights: Tools to help fulfill requests related to personal data
Data Minimization and Purpose Limitation
Prisme.ai follows data minimization principles, collecting only what’s necessary to provide our services:
- Collection Limitation: We only collect data needed for legitimate purposes
- Storage Minimization: Data is retained only as long as necessary
- Processing Restriction: Data is used only for its intended purpose
Privacy by Design Implementation
Our commitment to privacy by design means privacy considerations are integrated throughout our development process:
Requirements Analysis
Privacy requirements are identified at the earliest stages of product development
Design Phase
Privacy-enhancing technologies and architectures are incorporated into designs
Development
Privacy controls are implemented and tested during development
Testing
Privacy features undergo rigorous testing, including penetration testing
Deployment
Privacy settings are configured with secure defaults
Monitoring
Ongoing monitoring ensures privacy controls remain effective
Additional Resources
Privacy Policy
Our detailed privacy policy covering all aspects of data privacy
Data Processing Agreement
Our DPA for enterprise customers requiring GDPR compliance. Ask your Customer Success Manager.
Security Compliance
Information about our compliance certifications and standards
SSO Implementation
How to configure Single Sign-On for enhanced security
Contact Information
For specific inquiries about data privacy or to request more information:
- Privacy & Data Protection Officer: dpo@prisme.ai
- Support: For existing customers, please use your dedicated support channel