Prism|Legal
← Back to Prism

Privacy Policy — Prism by Fiatos

Last updated: March 13, 2026

Effective date: March 13, 2026

1. Introduction

Fiatos LLC (“Fiatos,” “we,” “us,” or “our”) operates Prism, a document intelligence platform available at prismrag.ai and prism.fiatos.ai. This Privacy Policy explains how we collect, use, store, and share information when you use Prism.

By using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address, name, and password when you register
  • Documents: Files you upload to the Service for processing and querying
  • Queries: Natural language questions you submit to the Service
  • Billing information: Payment details processed by Stripe (we do not store full card numbers)
  • Communications: Messages you send to support@fiatos.ai or through the in-app support chat

2.2 Information Collected Automatically

  • Usage data: Query volume, features accessed, session duration, error logs
  • Log data: IP addresses, browser type, operating system, referring URLs, timestamps
  • Cookies and session tokens: Used to authenticate your session and maintain login state
  • Performance data: Latency metrics and error traces (collected via Sentry)

2.3 Information from Third Parties

We do not purchase or receive personal data from data brokers or third-party marketing sources.

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Process your documents, execute queries, return AI-generated responses
  • Account management: Authenticate logins, manage subscriptions, send transactional emails
  • Billing: Process payments via Stripe, manage subscription upgrades and cancellations
  • Support: Respond to support requests and feedback submitted through the Service
  • Improve the Service: Analyze usage patterns to fix bugs and improve features
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal compliance: Meet obligations under applicable law

We do not use your uploaded documents to train AI models or share them with third parties for marketing purposes.

4. Your Documents and Data Isolation

Prism is a multi-tenant platform. Your uploaded documents and query history are logically isolated from other organizations using the Service. We enforce tenant-level data separation at the database, API, and authentication layers.

Document retention: Documents remain stored until you delete them or close your account. Upon account deletion, your documents and associated data are deleted within 30 days.

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

5.1 Service Providers

We use the following third-party processors to operate the Service:

ProviderPurposeData Shared
Google Cloud PlatformHosting, database, AI embeddings (Vertex AI)Documents, queries, usage data
StripePayment processingEmail, billing address, payment method
SentryError tracking and performance monitoringAnonymized error logs, session metadata

All processors are bound by data processing agreements and may not use your data for their own purposes.

5.2 Legal Requirements

We may disclose information if required by law, court order, or government authority, or when necessary to protect the rights, property, or safety of Fiatos, our users, or the public.

5.3 Business Transfers

If Fiatos is acquired or merges with another entity, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

6. Cookies and Tracking

Prism uses:

  • Session cookies: Required for login and authentication. These expire when you close your browser or after a defined inactivity period.
  • Functional cookies: Store user preferences (e.g., theme, layout).

We do not use third-party advertising cookies or behavioral tracking for ad targeting.

7. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Role-based access control and tenant isolation
  • Regular security reviews and dependency audits
  • Incident response procedures

No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law.

8. Data Retention

  • Account data: Retained for the duration of your account plus 30 days after deletion
  • Documents: Retained until deleted by you or 30 days after account closure
  • Query logs: Retained for 12 months for performance and abuse monitoring purposes
  • Billing records: Retained for 7 years as required by financial regulations

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Withdrawal of consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at support@fiatos.ai. We will respond within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how it is used
  • The right to delete personal information (with certain exceptions)
  • The right to opt out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your rights

To submit a CCPA request, contact support@fiatos.ai with “CCPA Request” in the subject line.

11. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our processing of your personal data is subject to the General Data Protection Regulation (GDPR) and applicable national laws.

Legal bases for processing:

  • Contract: Processing necessary to provide the Service you signed up for
  • Legitimate interests: Security monitoring, fraud prevention, service improvement
  • Legal obligation: Financial record-keeping, compliance with court orders
  • Consent: Where explicitly requested (e.g., marketing emails)

Data transfers: Your data may be transferred to the United States. We rely on Standard Contractual Clauses (SCCs) for such transfers.

To exercise your GDPR rights or contact our data controller, email support@fiatos.ai.

12. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us personal data, contact support@fiatos.ai and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice. The “Last updated” date at the top reflects the most recent revision.

14. Contact

For privacy-related inquiries:

Fiatos LLC

support@fiatos.ai

prism.fiatos.ai