PRISMA PRIVACY POLICY
You can see our previous Privacy Policy here.
Effective date: Jun 5, 2024
INTRODUCTION AND SCOPE
This Prisma Privacy Policy (“Privacy Policy”) is delivered on behalf of Prisma Labs, Inc. (“Prisma Labs,” “we”, “us”, and “our”). It explains how we collect and process your Personal Data (as defined below) when you use the Prisma Photo Editor mobile application (the “app”, or the “application”) or our website prisma-ai.com with its related pages (the “website,” and together with the app shall be referred to as “Prisma” or the “Services”).
By Personal Data we mean (i) information that is associated with an identified or identifiable natural person, and (ii) protected as personal data under applicable data protection laws.
Please read this Privacy Policy carefully to understand our privacy practices.
For the rules on how to use our Services, please read our Terms of Use.
If you do not want us to process your Personal Data as it is described in this Privacy Policy, please do not use Prisma.
Questions? If you have any questions about this Privacy Policy or Prisma, please contact us at [email protected].
U.S. State Supplements:
If you are a resident of the U.S. state of California, please see our California Notice at Collection and Privacy Notice.
If you are a resident of the U.S. state of Connecticut or Colorado, or a resident of the U.S. Commonwealth of Virginia please see our U.S. State Privacy Supplement (Non-California).
TABLE OF CONTENTS
Introduction
Section 5: The Purposes and Our Legal Bases For Processing Your Personal Data
Section 7: Cookies, Software Development Kits, and Other Tracking Technologies
Section 15: How to Contact Us, EEA/UK Representative, and Data Protection Officer
We may collect Personal Data from and about you:
Directly from you when you provide it to us.
Automatically when you use Prisma. Information collected automatically may include Usage details and internet protocol (“IP”) addresses.
From third parties, for example, our service providers, partners, and vendors.
When you use Prisma, you may provide Personal Data to us directly or to the service providers that act on our behalf. The Personal Data you provide depends on which features of Prisma you use and how you interact with the app.
Photos that you upload to Prisma. If you grant us permission to access your camera or your device’s photo library, we will process the photos you select to upload to Prisma to provide features of the app that you choose to use. For more information regarding how we process your photos and videos, please see Section 3: How We Process, Share and Retain Your Photos.
Account Information. When you create a Prisma account, we ask you to provide your email address. If you log in with your Apple ID we will receive your Apple ID and may receive the email address associated with your Apple ID, depending on your Apple settings. If you log in via your Google Account we will receive your associated email address.
If you contact us or communicate with us, we will collect and receive records and copies of your correspondence with us and contact details that you have provided us while making your inquiries (such as your name, postal addresses, email addresses and phone numbers or any other identifier by which you may be contacted).
We process your photos to provide you with the features of the application that you choose to use. The following describes how we process, share, and retain your photos in connection with various features of the application. Please note, however, that we may retain your data for longer time periods than set forth below where required to do so by law.
The way your photos are processed depends on the privacy settings you choose for yourself in the app. To check and configure it, go to “Settings” and see the toggles under the “Processing” section.
You may choose whether your photos will be processed online or offline (on-device only). If you turn off online processing, it could lead to slower processing speed, unavailability of some styles, and HD processing.
You turn on the toggle allowing us to use your photos to improve Prisma Styles. By default, this toggle is turned off and your uploaded photos are automatically deleted within 24 hours.
You may turn on the toggle to save your original photos on our server for future editing. If this setting is turned off, we will save only edited versions.
If you choose online processing or consent to improve Prisma Styles, your photos will be stored on our servers, which are provided by Amazon Web Services (USA).
When you use Prisma, we or third parties we permit to do so, may automatically collect certain information, including Personal Data, from you (this is subject to your consent where this is required by law). The information collected from you automatically when you use Prisma may include:
Device information: Information about your mobile device and internet connection, including your IP address, the device’s unique device identifier, operating system and version, mobile network information, device type and device language.
App and country information: Information regarding the version of the app that you are using and the country version of the app store from which you downloaded Prisma.
Photos: For more information regarding how we process your photos when you use various features of the app, please see Section 3: How We Process, Share, and Retain Your Photos.
Usage details: Details of your use of Prisma, including frequency of use, areas and features of the application that you access and information regarding engagement with particular features of the app.
Details about your in-app purchases: For example, details regarding the time you made certain purchases.
(If you have provided your consent) IDFA or Android Advertising ID, whichever is applicable to your device. If you want to disable the collection of IDFA and/or Android Advertising ID by Prisma, please follow the instructions below.
If you use an iOS device:
Go to Privacy settings to see a list of apps that request to track your activity. On iPhone or iPad, go to Settings > Privacy > Tracking.
Tap to turn off or turn on permission to track for Prisma.
If you use an Android device:
Open Settings app
Navigate to “Privacy” > “Ads”
Tap “Delete Advertising ID”
Tap it again on the next page to confirm.
We and third-parties we engage may use cookies, Software Development Kits (SDKs), and other tracking technologies to automatically collect the Personal Data set forth above. For more information regarding our use of these technologies, please see Section 7: Cookies, Software Development Kits, and Other Tracking Technologies.
We may use your Personal Data for a variety of purposes depending on the category of Personal Data and the way you use and interact with the Prisma app, including the following:
To present to you and others with Prisma and its contents and any other information, products or services that you request from us, including to provide various features of the app and its functionality. We do so to provide you with the services subject to your explicit consent and according to our contractual obligation.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us in relation to Prisma (e.g., the Terms of Use). This is for the performance of our contract with you and for our legitimate interests in performing and enforcing our contracts with you.
To customize our product and service offerings to you, for example, offering pricing personalization and discounts. In doing so, we make automated decisions using device type and device language data. Where required by law, we rely on your consent to offer such personalization and/or offer you the opportunity to opt-out. Please see Section 7: Cookies, Software Development Kits, and Other Tracking Technologies for more information.
To provide you with customer and technical support, investigate your concerns, respond to your inquiries and to monitor and improve our responses to your and other users’ inquiries in relation to Prisma. It is our legitimate interest to provide you with high-quality support.
To communicate with you, such as to notify you about changes to Prisma or any products or services we offer or provide through Prisma, including by sending you technical notices, notices about your account/subscription, including expiration and renewal notices, updates, security alerts and support and administrative messages, which we may send through an in-app or a push notification (you may opt-out of push notifications by changing the settings on your mobile device). It is our legal obligation to keep you informed about your subscription and your account and otherwise in our legitimate interests of keeping you informed about your Prisma account.
To conduct research, analytics and monitor performance and other metrics regarding Prisma and your use of Prisma. This may include data regarding the total number of users of our app, traffic, and demographic patterns related to the use of our app. Where this data is collected through the technologies described in Section 7 and where required by law, we rely on your consent; otherwise, it is our legitimate interest to conduct analytics as it helps us understand our business metrics and improve our product.
To improve, test, and monitor the effectiveness of Prisma. It is our legitimate interest to conduct such analyses to understand our product and business metrics.
To provide personalized content and information to you in relation to Prisma and so that we, and third parties on which we rely, can advertise to you. This may include using your Personal Data to build advertising audiences that we believe are similar to our user base, serving online ads to you, or engaging in other forms of advertising. Where required by law, we rely on your consent to engage in such activities and/or offer you the opportunity to opt-out. Please see Section 7: Cookies, Software Development Kits, and Other Tracking Technologies for more information.
To send marketing and promotional communications to you, such as via email, push notification or in-app messaging either with your consent or as otherwise permitted by law. Please see Section 9: Your Choices About Our Communications With You for more information.
In any other way as we may describe when you provide the information or otherwise at your direction or with your consent.
As permitted or required by law, including for auditing, fraud and security monitoring purposes.
We may disclose the information we process about you, including any Personal Data, as follows:
We may share your Personal Data with businesses that are legally part of the same group of companies that we are part of, including our subsidiaries (“Affiliates”). The Affiliates act as our data processors and may perform data processing on our behalf (e.g., providing technical support or conducting analytics). Such Affiliates are bound by appropriate contractual safeguards. Our Affiliates are:
Palta People Ltd, based in Cyprus (data processor for most of the internal processing activities)
Palta Software Ltd, based in Cyprus (data processor for the purpose of internal analytics)
We may disclose your Personal Data, and other collected information to third-party organizations such as contractors, business partners, service providers, and vendors that we use to support our business and who assist us in providing Prisma. Such service providers may include:
cloud provider Amazon Web Services (USA), which we use to store your Personal Data;
cloud provider Google Cloud Platform, which we use to host analytics data; and
email delivery providers.
We may disclose your Personal Data to third-party analytics providers and advertising partners or otherwise permit them to collect or access it. For more information, please see Section 7: Cookies, Software Development Kits, and Other Tracking Technologies.
We may disclose your Personal Data in the event that we or any of our affiliates, subsidiaries or lines of business is merged, acquired, divested, financed, sold, disposed of or dissolved, including in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation. In such cases, your Personal Data and any other collected information may be among the items sold, transferred, or otherwise disclosed as part of that transaction or proceeding.
We may disclose your Personal Data in response to legal requests and for purposes of preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: (i) detect, prevent and address fraud and other illegal activity; (ii) protect ourselves, you and others, including as part of investigations; and (iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
When you use Prisma, we and our service providers, vendors, and partners, including third parties, may use cookies (a small text file placed on your computer or mobile device to identify your computer and web browser) and other similar technologies to collect or receive certain information about you and/or your use of Prisma. We also use third-party analytics tools like Google Firebase, Facebook Analytics, AppsFlyer, and Amplitude to help us measure traffic and usage trends for Prisma and for other purposes. Such analytics tools collect information via third-party SDKs incorporated into Prisma, which includes information about features of Prisma you visit or use, your actions in Prisma, and information about your subscription.
Interest-based Advertising. We may partner with ad networks and other ad-serving providers that serve ads on behalf of us and others on non-affiliated platforms. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information ad networks and ad serving providers collect about your use of the app over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.
Your Choices. Most browsers and devices are configured to accept cookies and similar tracking technologies automatically. You may be able to set your browser and device options so to limit such technologies. You can visit the Digital Advertising Alliance (“DAA”) Webchoices tool at www.aboutads.info to learn more about this interest-based advertising and how to opt out of this kind of advertising by companies participating in the DAA self-regulatory program, and http://www.aboutads.info/appchoices for information on the DAA’s mobile app opt-out program. You can also opt out of receiving interest-based ads from members of the Network Advertising Initiative (“NAI”) by visiting the NAI consumer opt-out page at http://optout.networkadvertising.org/?c=1#!/. Opting out of receiving interest-based ads does not mean that you will no longer receive ads from us, but rather that the ads will not be tailored to your perceived interests.
For users in the European Economic Area, United Kingdom and United States. You can opt-out from processing of Personal Data via cookies, SDKs and other tracking technologies by clicking sending a request to [email protected].
You may find that some parts of the app may not function properly if you have refused cookies or similar tracking technologies, and you should be aware that disabling cookies or similar tracking technologies may prevent you from accessing some of our content. Your choices are typically device and browser specific
Access, modification, correction and erasure. You can send us an email at [email protected] to request access to, modification, correction, update, erasure or portability of any Personal Data that you have provided to us and that we have about you. You can also request deletion of your account inside the app, both for iOS and Android users. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
EEA/UK individuals. Individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR”) and the UK version of the EEA GDPR (“UK GDPR”) (collectively, the “GDPR”), including the rights specified below. You can exercise these rights by contacting us at [email protected]. We will do our best to accommodate your request or objection but please note that not all rights are absolute.
Access to your Personal Data: You have a right to request information about whether we have any Personal Data about you, and to receive a copy of such Personal Data.
Rectification of your Personal Data: You are responsible for ensuring the accuracy of your Personal Data that you provide to us. Inaccurate information may affect your experience when Using Prisma features and our ability to contact you as described in this Privacy Policy. If you believe that your Personal Data is incomplete or inaccurate, you have a right to contact us and ask us to correct such Personal Data.
Restriction of processing: You also have the right to demand restriction of processing of your Personal Data, for example, if you contest the accuracy of the Personal Data which inaccuracy is verified by us.
Erasure of your Personal Data: In certain circumstances, you may ask us to erase your Personal Data. Please be aware that erasing some Personal Data may affect your ability to use Prisma.
Right to portability of your Personal Data: In certain circumstances, you have the right to request us to receive any Personal Data you provided us in a structured, commonly used and machine-readable format. You may further ask us to give that Personal Data to another party.
Right to object to processing or otherwise using your Personal Data: Where we are processing your Personal Data based on our legitimate interest, you may object to the processing or otherwise using your Personal Data. Please be aware that our inability to process or otherwise use some of your Personal Data may affect your ability to use Prisma. If you have opted in to receiving marketing communications, you have the right to opt out of those at any time.
Right to withdraw your consent at any time: Where you may have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
Right to lodge a complaint with a supervisory authority: Subject to the GDPR, you have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authority here, and the UK’s supervisory authority (ICO) here.
Please keep in mind that in case of a vague request to exercise any of the aforementioned rights we may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, we reserve the right to refuse granting your request. Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your username or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.
Please note that we will process your request within one month after receiving it. We may extend this period by up to two months where necessary, taking into account the complexity and number of the requests. If we extend the response period, we will let you know within one month from your request. We will not discriminate against you for exercising your rights under the law.
If you are using Prisma you may receive electronic communications from us (e.g., by posting in-app notices in Prisma, push notifications or emails). We send some of these communications to you, such as those related to your subscriptions, technical and security notices and updates to the Privacy Policy and Terms of use, where necessary to perform our contract with you to provide Prisma or otherwise based on our legitimate interest in contacting you.
If required by law, we will ask for your consent to send you promotional and marketing emails, in-app communications and push notifications about new products, features or offers from Prisma and its affiliates.
Marketing & Promotional Emails. If you wish to opt-out of our promotional and marketing emails, you can do so:
by following the opt-out links in any marketing email sent to you; or
through the Prisma app by tapping “Settings” -> “Get Tutorials & Updates”.
Push Notifications. If you wish to opt-out of push notifications, you can do so through your mobile device settings by tapping “Settings” -> “Notifications” -> Choose Prisma - > press the toggle to allow or forbid push notifications from the app.
We use reasonable and appropriate information security safeguards to help keep your Personal Data secure and in an effort to protect it from accidental loss and unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we take measures to do our best to protect your Personal Data, we cannot guarantee the security of the collected information transmitted to or through Prisma or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your Personal Data is at your own risk. We are not responsible for the circumvention of security measures contained in Prisma. Please understand that there is no ideal technology or measure to maintain 100% security.
The safety and security of your information also depends on you. For instance, we are not responsible for how you choose to share the photos, videos, Avatars or other information processed in your Prisma account, such as via social media services. We are not responsible for the functionality, privacy, or security measures of any other organization.
Other than as set forth in Section 3: How We Process, Share and Retain Your Photos, we generally retain your Personal Data until you delete your Prisma account. If you delete your Prisma account, we will generally delete your account within 4 hours.
To make a request to delete your Prisma account, please contact us at [email protected].
Notwithstanding the foregoing, please note that we may retain your Personal Data, including photos, for longer periods of time than set forth above, such as in connection with your privacy-related requests and communications with us, if any, as necessary to comply with our legal obligations, to resolve disputes, or to enforce our agreements. Even if we delete some or all of your Personal Data, we may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.
We and certain of our service providers are incorporated in the United States. Accordingly, your Personal Data may be transferred to and stored in the United States.
Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.
Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.
As to the location of our servers, we use AWS servers located in the USA for Prisma operation, while our analytics operations are processed both on the servers provided by AWS (located in the USA) and by Google LLC (located in the Republic of Ireland).
For further information please contact [email protected]
General age limitation. Prisma is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to use Prisma. If you are under 13, do not: (i) use or provide any information in Prisma or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number or email address. If you are a parent or guardian and believe we have collected information from your child who is under the age of 13, please contact us at [email protected].
Age limitation for EEA/UK individuals. You must be at least 16 years old in order to use Prisma. We do not allow use of Prisma by EEA/UK individuals younger than 16 years old. If you are aware of anyone younger than 16 Using Prisma, please contact us, and we will take the required steps to delete the information provided by such persons.
We are not responsible for the practices employed by any websites or services linked to or from Prisma, including the information or content contained within them. Where we have a link to a website or service, linked to or from Prisma, we encourage you to read the privacy policy stated on that website or service before providing information on or through it.
General contact details. If you have any questions about this Privacy Policy or Prisma, please contact us via email at [email protected].
Appointed EEA/UK representative. If you are an individual in the EEA or the UK and you have any questions about this Privacy Policy or Prisma, please contact us via email at [email protected] or at our representative mailing address:
For the EEA: DPOEU LTD
Email: [email protected] (please indicate that you are Prisma user)
Address: Nikolaou Lazarou 13, 3020, Limassol, Cyprus
For the UK: Palta UK Ltd
Email: [email protected] (please indicate that you are Prisma user)
Address: Sterling House Fulbourne Road, Walthamstow, London, E17 4EE
Data protection officer. If you are an individual in the EEA or the UK and you wish to exercise your rights under Section 8, or you have any questions about this Privacy Policy or Prisma, you can contact our data protection officer via email at [email protected].
The date this Privacy Policy was last revised is indicated at the top of the page. We may modify or update this Privacy Policy from time to time. Some changes do not require your consent. However, if we determine that the changes may pose risk to your rights and freedoms, we will ask for your consent to those changes separately from this Privacy Policy.