back to console
Legal · privacy

Privacy Policy

PRISM is a public-record search instrument. This page explains what we collect, what we don't, how long we keep it, and what control you have. Plain English, no dark patterns.

effective 2026-05-06
Who we are

PRISM ("the service", "we") is an independent open-source intelligence (OSINT) tool. We provide an interface and a tracer engine; we don't maintain our own database of people. When you submit a query, the engine searches third-party public indexes that already exist, parses what they return, and presents the result.

What we collect
account data
  • Email + password hash. Required to create an account. Passwords are bcrypt-hashed before they hit disk.
  • Display name + callsign. Optional, only used in the UI for you.
  • Last-seen timestamp. Used to expire stale sessions.
  • API keys. We store a SHA-256 hash of each key, never the key itself. The plaintext is shown to you exactly once at creation.
  • Credit ledger. Each top-up and each per-trace debit is recorded so you can audit your billing.
  • Trace history. The seeds you submit, the parameters (depth, AI cluster), the engine job id, the duration, the result, and any webhook delivery state.
  • Audit log. Sensitive account events (key creation, key revocation, credit transactions) with IP and User-Agent for fraud review.
  • BYOLLM keys. If you opt in, your provider API key is encrypted at rest with AES-256-GCM under a server-only secret.
What we don't collect
never
  • No third-party analytics, no trackers, no ad pixels.
  • No fingerprinting beyond standard request headers.
  • No social-graph imports. We don't ask for your contacts.
  • No payment-card data. Crypto top-ups are processed by NOWPayments; we receive only an opaque invoice id.
  • No personal records of search subjects beyond what the third-party indexes already publish.
Search subjects (people you look up)
important

When you submit a trace, the seed and any returned dossier are attached to your account so you can re-open the result later. We do not aggregate this into a master people-database, sell it, share it across operators, or expose it to any third party. The information itself originates from already-public indexes; we cache the output of your query for your review.

If you cancel a job before it finishes, the partial result is still attached to your history (and your credits are refunded). If you delete a trace from the API, the row is hard-deleted.

Retention
by table
  • Account, keys, ledger: as long as your account is active, plus 90 days after deletion for accounting / dispute resolution.
  • Trace history: as long as your account is active. Operator-deletable any time via API or UI.
  • Audit log: 12 months, then aged out.
  • Webhook delivery attempts: 30 days.
  • Email auth tokens (verify, reset): single-use, expire in 24h, deleted after consumption.
Sharing & subprocessors

We process data on the following infrastructure:

  • Vercel — application hosting (US).
  • Neon — PostgreSQL (US).
  • Cloudflare Workers + R2 — tracer queue + result storage.
  • Anthropic — when AI cluster is enabled, dossier candidates are sent to Claude for evaluation.
  • Resend — transactional email (verify, reset).
  • NOWPayments — crypto invoice processing for top-ups.
  • 2captcha / CapSolver — anti-bot challenge solvers used by the engine.

We do not sell personal data. We do not share with advertisers. We do not allow subprocessors to use your data for their own purposes. We will respond to lawful subpoenas, narrowly scoped to what is required.

Security
  • Passwords stored as bcrypt hashes (cost factor ≥ 10).
  • API keys stored as SHA-256 hashes; only a non-secret prefix and last-4 hint are surfaced in the UI.
  • BYOLLM provider keys encrypted at rest with AES-256-GCM under a server-only key.
  • All transport over TLS 1.2+. The console & API enforce HTTPS.
  • Webhooks signed with HMAC-SHA-256 derived from your API key — verify on receipt to prove origin.
  • Per-key rate limits and idempotency on writes prevent runaway billing.
Your rights
request
  • Access: hit /api/v1/account for the full snapshot of your account.
  • Export: hit /api/v1/tracer with pagination to pull every trace you've run.
  • Correction: update profile fields in Settings.
  • Deletion: delete an individual trace via DELETE /api/v1/tracer/{id}; for full account deletion, contact privacy ↓.
  • Revocation: revoke any API key from the Settings panel; it stops working immediately.
  • Opt-out: we have nothing to opt out of — there is no marketing email, no advertising profile, no behavioral tracking.
Children

PRISM is not directed to children under 16. Do not create an account if you are under 16. Do not use PRISM to investigate minors except in lawful child-safety contexts (e.g. licensed investigators with a court order).

Jurisdiction

Operated from the United States. Data is processed in US regions by the subprocessors above. Use of PRISM is at your own risk and subject to your local laws regarding personal data, public records, and investigative work.

Changes

Material changes to this policy will be reflected in the "effective" date at the top, and (for account-impacting changes) emailed to verified addresses at least 14 days before they take effect.

Contact
privacy

Privacy questions or requests: privacy@prism-tools.vip. Security disclosures: security@prism-tools.vip.

terms of service →·doctrine →·api docs →