Security & data

How Prism handles your data

Each Prism module stores only the data it needs to do its job. Meeting Memory stores meeting transcripts so you can query across them. Voice Profile stores your writing voice analysis. Custom Calculator stores your schemas. Modules don't automatically share data with each other — by design.

This keeps each module's outputs scoped, reliable, and private. A unified context layer is on our roadmap as a premium add-on for users who want cross-module intelligence; it will be opt-in per workspace, not on by default.

Per-module data scoping

• Hallucination Guard: stateless. The text and source material you send aren't persisted past the request.
• Meeting Memory: transcripts and the structured extraction live only in your tenant's row of prism_meeting_transcripts. Never read by other modules.
• Voice Profile: your trained profile is scoped to Content Studio. Other modules can't access it.
• Custom Calculator: schemas and run history scoped to that module only.
• Forecast / Slide Deck / Long-Form: stateless within Prism's storage layer beyond what you explicitly save.

Bring your own AI key

When you connect your own Anthropic, OpenAI, or Gemini key, every prompt is sent directly to your provider with that key. Prism doesn't see the completion text on a separate channel; we forward the request, the response comes back, we render it.

Trial-mode users (no session) use Prism's hosted AI for the 4-minute window. Paid users with BYOK keys use their own provider exclusively for their authenticated tool calls.

Identity watermarking

Every authenticated page (dashboard, tools, account, settings) renders a subtle diagonal watermark identifying the viewing user's email and the render timestamp. Invisible at normal viewing opacity (4%); visible in screenshots after compression. We use this to investigate unauthorized data sharing if it happens.

Hallucination Guard API privacy

The public Hallucination Guard endpoint is stateless and per-tenant: your input text and source material aren't retained after the request, and we never use your inputs to train models. Per-key usage counts and timestamps are stored for cap enforcement; the inputs themselves aren't.

Auditable admin actions

When Prism's super-admin (today: a single email at the founder's domain) views a user's account or impersonates a user, the action is written to prism_admin_audit_log with admin email, action type, target tenant id, and timestamp. We don't purge this log.

Data deletion

Email landon@zillyconcapital.com to request account deletion. We delete your tenant row and every row keyed by your tenant_id within 7 business days; the audit log retains the deletion action without referring to the deleted content.

Questions or concerns? Support covers SLAs and contact paths.