Privacy Policy

You can see our previous Privacy Policy here

Effective date: Nov 2, 2018

Welcome to Prisma (“Prisma,” “we,” “us” or “our”). Prisma provides a fast, beautiful and fun way for you to stylize your photo. Just snap a photo, choose a style to transform the look and feel, and share!

Our Privacy Policy explains how we and some of the companies we work with collect, use, share and protect information in relation to our mobile services, web site, and any software provided on or in connection with Prisma services (collectively, the “Service”), and your choices about the collection and use of your information. We undertake to build the Service and any of its features in such a way that it respects your privacy and allow you not only to understand what we do with your personal information, but also manage your data effectively.

By using our Service you understand and agree that we are providing a platform for you to stylize content.

Our Policy applies to all visitors, users, and others who access the Service (“Users”).

1. INFORMATION WE COLLECT

We collect the following types of information.

Information you provide us directly. If you are unregistered user we collect User Content (including your photos and materials with applied styles) that you post through the Service.

Analytics information. We use third-party analytics tools to help us measure traffic and usage trends for the Service. These tools collect information sent by your device or our Service, including the web pages you visit, add-ons, and other information that assists us in improving the Service. We collect and use this analytics information with analytics information from other Users so that it cannot reasonably be used to identify any particular individual User.

Cookies and similar technologies. When you visit the Service, we may use cookies and similar technologies like pixels, web beacons, and local storage to collect information about how you use Prisma and provide features to you.

We may ask advertisers or other partners to serve ads or services to your devices, which may use cookies or similar technologies placed by us or the third party.

Log file information. Log file information is automatically reported by your browser each time you make a request to access (i.e., visit) a web page or app. It can also be provided when the content of the webpage or app is downloaded to your browser or device.

When you use our Service, our servers automatically record certain log file information, including your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails sent to our Users which then help us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service.

Device identifiers. When you use a mobile device like a tablet or phone to access our Service, we may access, collect, monitor, store on your device, and/or remotely store one or more “device identifiers.” Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by Prisma.

A device identifier may deliver information to us or to a third party partner about how you browse and use the Service and may help us or others provide reports or personalized content and ads. Some features of the Service may not function properly if use or availability of device identifiers is impaired or disabled.

Among others we collect the following device identifiers:

User Device ID
Platform (iOS/Android)
Device OS Version
App Version
First request time
Language
Region/Country
Timezone
Model
App Version
Push Token (optional)

Metadata. Metadata is usually technical data that is associated with User Content. For example, Metadata can describe how, when and by whom a piece of User Content was collected and how that content is formatted.

Users can add or may have Metadata added to their User Content including a hashtag (e.g., to mark keywords when you share a photo) or other data.

Registered users. If you are registered user we may collect more Personal Data about you including the following:

Email/Phone number;
Username (real name is not mandatory, just nickname or username),
User DeviceID (generated by our app),
First user authorization date and time,
Shared Posts:
- Photo (not an original one, but with a style applied),
- Post title,
- User ID,
- Geo-location of user’s device (Lat/Long),
- Date/time of posting event.
Different ID assigned to you when you use the Service (for example, comment ID, post ID, sender ID)

If the information covered by this Section is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose. To the extent information covered by this Section is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection laws, it is referred to in this Privacy Policy as “Personal Data.” We use pseudonymization for particular types of Personal Data to ensure better security of your Personal Data. Please bear in mind that provisions of Section 3 do not apply to pseudonymized Personal Data.

2. HOW WE USE YOUR INFORMATION AND PERSONAL DATA

In addition to some of the specific uses of information we describe in this Privacy Policy, we may use information that we receive (including Personal Data) for the following purposes:

to provide personalized content and information to you and others, which could include online ads or other forms of marketing;
to provide, improve, test, and monitor the effectiveness of our Service;
to develop and test new products and features;
to monitor metrics such as total number of visitors, traffic, and demographic patterns (including via third party services as specified in Section 4 of this Privacy Policy);
to diagnose or fix technology problems;
to automatically update the Prisma application on your device;
to send you technical notices, updates, security alerts and support and administrative messages;
to link or combine with information we get from others or (and) from you to help understand your needs and provide you with better service (to use in training of neural networks, artificial intelligence, as well as for any other automated decision-making processing);
for any other purposes disclosed to you at the time we collect Personal Data or indicated in this Privacy Policy.

We will not process your Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you in accordance with Section 2 of this Privacy Policy or collect any Personal Data that is not required for the mentioned purposes (“purpose limitation principle”). For any new purpose of processing we will ask your separate consent. To the extent necessary for those purposes, we take all reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. We also undertake to collect only such amount and types of Persona Data that are strictly required for the purposes mentioned in this Section of the Privacy Policy (“data minimization principle”).

3. YOUR RIGHTS

Modification, correction and erasure. You are able to modify, correct, erase and update your Personal Data in the Service account settings or, if that is impossible, by writing us at [email protected].

Access. You have a right to access your Personal Data you leave when using the Services and ask us about what kind of Personal Data we have about you. You can do this by using the app settings or by writing us at [email protected].

EU and Swiss residents. Individuals residing in the countries of the European Union have certain statutory rights in relation to their personal data introduced by the General Data Protection Regulation (the “GDPR”). Subject to any exemptions provided by law, you may have the right to request access to Personal data (including in a structured and portable form), as well as to seek to update, delete or correct Personal data. You can do this by using the app settings and writing us at [email protected].

Rectification of Personal Data and Restriction of Processing. You are responsible for ensuring the accuracy of your Personal Data that you submit to Prisma. Inaccurate information will affect your experience when using the Services tools and our ability to contact you as described in this Privacy Policy. If you believe that your Personal Data is inaccurate, you have right to contact us and ask us to correct such Personal Data as described above. You shall also have the right to obtain restriction of processing of your Personal data, if you contest the accuracy of the Personal Data and we need some time to verify its accuracy.
Access to your Personal Data and Data Portability. The Services give you the ability to access and update Personal Data within the Services and your account settings. You shall have the right to request information about whether we have any Personal Data about you, to access your Personal data (including in a structured and portable form) by using app settings or by simply writing us at [email protected].
Erasure of your Personal Data. If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you has withdrawn your consent or object to the processing of your Personal Data, or where the processing of your Personal Data does not otherwise comply with the GDPR, you have right to contact us and ask us to erase such Personal Data as described above. You can use a special feature in the app settings or simply write us at [email protected]. Please be aware that erasing some Personal Data affect your possibility to use the Services.
Right to object processing of your Personal Data. You can object processing your Personal Data and stop us from processing your Personal data using a special feature in the app settings simply write us at [email protected]. Please be aware that erasing some Personal Data inserted by you may affect your possibility to use the Services.
Notice about automated decision-making. We use automated decision-making tools (e.g. neural networks) that process your Personal Data in order to provide you better Services (for example, improvement of filters application).
Notification requirements. We commit to notify you promptly and your data protection authority within the timeframe specified in applicable law (72 hours) about any personal data breaches.
Data Protection Authorities. Subject to GDPR, you also have the right to (i) restrict our use of Personal Data and (ii) lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with GDPR.

Please keep in mind that in case of a vague access, erasure, objection request or any other request in exercise of the mentioned rights we may engage the individual in a dialogue so as to better understand the motivation for the request and to locate responsive information. In case this is impossible, we reserve the right to refuse granting your request.

Following the provisions of GDPR we might also require you to prove your identity (for example, by requesting an ID or other proof) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties are violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.

Please note that we will grant your request within 30 days after receiving it, but it may take up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems - this is due to the size and complexity of the systems we use to store data.

4. SHARING OF YOUR PERSONAL DATA

We will not rent or sell your Personal Data to third parties outside Prisma (or the group of companies of which Prisma is a part) without your consent, except as Parties with whom we may share your information in accordance with this Policy.

Parties with whom we may share your Personal Data. We may share User Content and your Personal Data (including but not limited to, information from cookies, log files, device identifiers, location data, and usage data) with businesses that are legally part of the same group of companies that Prisma is part of, or that become part of that group (“Affiliates”). Affiliates may use this information to help provide, understand, and improve the Service (including by providing analytics) and Affiliates’ own services (including by providing you with better and more relevant experiences). But these Affiliates will honor the choices you make about who can see your photos and are bound by the rules of this Privacy Policy.

We also may share your Personal Data as well as information from tools like cookies, log files, and device identifiers and location data, with third-party organizations that help us provide the Service to you (“Service Providers”). Our Service Providers will be given access to your Personal Data as is reasonably and appropriately necessary to provide the Service under reasonable confidentiality and data protection terms.

We may also share certain Personal data and information such as cookie data with third-party advertising partners. This information would allow third-party ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.

We may remove parts of data that can identify you and share anonymized data with other parties.

The parties we share your Personal Data with are either EU-based or compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirement are met. We also utilize standard contractual clauses and other contractual safeguards in order to protect your privacy and insure that all transfers of your Personal Data are safe and compliant with applicable laws.

We may also combine your information (including Personal Data) with other information in a way that it is no longer associated with you and share that aggregated information.

Parties with whom you may choose to share your User Content. Any information or content that you voluntarily stylize with the Service, such as User Content, becomes available to the Prisma anonymously.

What happens in the event of a change of control. If we sell or otherwise transfer part or the whole of Prisma or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information such as User Content and any other information collected through the Service may be among the items sold or transferred. You will continue to own your User Content. The buyer or transferee will have to honor the commitments we have made in this Privacy Policy.

Responding to legal requests and preventing harm. We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

5. HOW WE STORE, PROCESS AND TRANSFER YOUR PERSONAL DATA

General. The Company is based the United States and the information we collect is governed by U.S. law. Please be advised that U.S. law and laws of other countries may not offer the same protections as the law of your jurisdiction.

EU and Swiss residents. Please bear in mind that we may transfer your Personal Data to the United States which data protection is not deemed adequate under applicable data protection laws.

However, we comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles (the “Principles”), the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Complaints and Dispute Resolution. In compliance with the Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at [email protected] or mailing address:
```
Prisma Labs, Inc.
440 N Wolfe Rd
Sunnyvale, CA 94085
```
 We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the following link for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Arbitration. You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.
U.S. Federal Trade Commission Enforcement. Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Data security. We use reasonable and appropriate information security safeguards to help keep the information collected through the Service secure and take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. However, Prisma cannot ensure the absolute security of any information you transmit to the Service or an absolute guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed. Please understand that there is no ideal technology or measure to maintain 100 % security. Among others, we utilize the following information security measures:

Pseudominization of certain categories of your Personal Data;
Encryption of your Personal Data in transit and in rest;
Systematic vulnerability scanning and penetration testing;
Organizational and legal measures. For example, our employees have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of the Service. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal Data.
Conducting periodical data protection impact assessments in order to ensure that the Service fully adheres to the principles of ‘privacy by design’, ‘privacy by default’ and others. We also commit to undertake privacy audit in case of Company’s merger or takeover.

Please do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and Prisma, at all times. Your privacy settings may also be affected by changes the social media services you connect to Instagram make to their services. We are not responsible for the functionality, privacy, or security measures of any other organization.

Data retention. We will retain your Personal Data as long as your account is active or needed to provide you services, and only for as long as it serves purposes of processing identified in Section 2 of this Privacy Policy. At any time, you can remove your Personal Data using in-app features as specified in Section 3 of this Privacy Policy or instruct us to remove it by emailing us at [email protected].

You should be aware that we may retain certain Personal Data and other information after your account has been terminated in an aggregated, anonymized form. Any posts or comments you submit may remain visible if and after you delete your account. We are not obligated to remove your posts or comments. We reserve the right to use your information in any aggregated data collection after you have terminated your account, however we will ensure that the use of such information will not identify you personally. We will also retain your Personal Data as necessary to comply with legal obligations, resolve disputes and enforce our agreements.

All information that you provide to us through the App is automatically uploaded to our servers and is stored there in duplicate to the information stored on your device.

If you remove data from your account, you will no longer see it in the App, but some backups of the data may remain in our archive servers for a reasonable period of time due to technical reasons.

Third party (onward) transfers and Privacy Shield compliance. In the context of an onward transfer, we have responsibility for the processing of Personal Data we receive under the Privacy Shield or generally from the EU and Swiss residents and subsequently transfer to a third party acting as an agent on our behalf. We remain liable under the Principles and GDPR, if our agent processes such Personal Data in a manner inconsistent with the Principles and GDPR, unless we prove that we are not responsible for the event giving rise to the damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.

If we receive Personal Data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the Personal Data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

Contacting you. You agree that we may send you Service-related emails (e.g., changes/updates to features of the Service, technical and security notices, updates to the Privacy Policy). Note that you may not opt out of Service-related e-mails, unless applicable laws provide differently for particular types of users.

6. CHILDREN’S PRIVACY

General age limitation. Prisma does not knowingly collect or solicit any information from anyone under the age of 13. The Service and its content are not directed at children under the age of 13. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us.

Age limitation for EU residents. Due to requirements of the GDPR you shall be at least 16 years old in order to use the Service. To the extent prohibited by applicable law, we do not allow use of the Service by the EU residents younger than 16 years old. If you are aware of anyone younger than 16 using the Service, please contact us at [email protected] and we will take required steps to delete such information and (or) delete her account.

7. OTHER WEB SITES AND SERVICES

We are not responsible for the practices employed by any websites or services linked to or from our Service, including the information or content contained within them. Please understand that this Privacy Policy applies only to information and Personal Data we collect from you. Where we have linked to a third-party website or service, you should read the privacy policy stated on that third-party website or service.

8. HOW TO CONTACT US. EU REPRESENTATIVE AND DATA PROTECTION OFFICER

General contact details. If you have any questions about this Privacy Policy or the Service, please contact us through the email [email protected] or to our mailing address:

Prisma Labs, Inc.
440 N Wolfe Rd
Sunnyvale, CA 94085

Appointed EU representative. If you are the resident of the EU and you have any questions about this Privacy Policy or the Service, please contact us through the email [email protected] or to our EU representative mailing address:

DPOEU LTD
Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus
Email: [email protected]

Data Protection Officer. If you are the resident of the EU and you wish to exercise your rights under Section 3 of the Privacy Policy, or you have any questions about this Privacy Policy or our privacy practices, you can contact our Data Protection Officer through the email [email protected].

9. CHANGES TO OUR PRIVACY POLICY

Prisma may modify or update this Privacy Policy from time to time, so please review it periodically. We may provide you additional forms of notice of modifications or updates as appropriate under the circumstances. Your continued use of Prisma or the Service after any modification to this Privacy Policy will constitute your acceptance of such modification. In some cases, we may require you to expressly accept new Privacy Policy in order to continue using our Service (for example if we expand types of Personal Data collected from you or introduce new purposes of collection and processing).