Privacy Policy

You can see our previous Privacy Policy here

Effective date: Oct 4, 2019

Welcome to Prisma Labs, Inc. ("Prisma," "we," "us" or "our"), a mobile technology company specializing in deep learning-related products. Our goal is to move forward mobile photography and video creation to the next level using neural networks, deep learning and computer vision technics. We aim to create new ways for people to express their emotions through the camera.

This Privacy Policy applies to all visitors of our website ("Users", "you") and describes the types of information we may collect from you or that you may provide when you visit our website https://prisma-ai.com/ ("Site") and our practices for collecting, using, maintaining, protecting and disclosing that information. We undertake to build our Site and any of its features in such a way that it respects your privacy and allows you to understand what we do with your Personal Data (as defined below).

This Privacy Policy applies to information we collect:

On our Site.
In email, text, and other electronic messages between you and us.

It does not apply to information collected by:

Us offline or through any other means, including on any other site operated by us or any third party (including our affiliates and subsidiaries); or
Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on our Site.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Site. By accessing or using this Site, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy Section). Your continued use of this Site after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

1. INFORMATION WE COLLECT AND HOW WE COLLECT IT

We collect several types of information from and about Users of our Site ("Collected Information"), including information:

By which you may be personally identified, such as name, postal address, email address, telephone number or any other identifier by which you may be contacted online or offline.
That is about you but individually does not identify you.
About your internet connection, the equipment you use to access our Site, and your usage details.

We collect this information:

Directly from you when you provide it to us.
Automatically as you navigate through the Site. Information collected automatically may include usage details, internet protocol ("IP") addresses, and information collected through cookies and other tracking technologies.
From third parties, for example, our business partners.

To the extent information is: (i) associated with an identified or identifiable natural person and (ii) protected as personal data under applicable data protection laws, such information is referred to in this Privacy Policy as "Personal Data". Please bear in mind that provisions of Section 5 do not apply to your pseudonymized Personal Data.

2. INFORMATION YOU PROVIDE TO US DIRECTLY

The information we collect on or through our Site may include records and copies of your correspondence (including email addresses), if you contact us. We may also ask you for information when you report a problem with our Site.

3. INFORMATION WE COLLECT THROUGH AUTOMATIC DATA COLLECTION TECHNOLOGIES

As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

Details of your visits to our Site, including traffic data, location data and other communication data and the resources that you access and use on the Site.
Information about your computer and internet connection, including your IP address, operating system and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically under this Privacy Policy may include your Personal Data, we may maintain it or associate it with your Personal Data we collect in other ways or receive from third parties. It helps us to improve our Site and to deliver a better and more personalized service, including by enabling us to:

Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Site according to your individual interests.
Recognize you when you return to our Site.

If the information covered by this Section is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose.

The technologies we use for this automatic data collection may include:

Third-party analytics. We use third-party analytics tools, such as Google Analytics (for information on how Google Analytics collects and processes your data please visit the following link), to help us measure traffic and usage trends for the Site. These tools collect information sent by your device or our Site, including the web pages you visit, add-ons, and other information that assists us in improving the Site. We collect and use this analytics information with analytics information from other Users so that it cannot reasonably be used to identify any particular individual User.

Cookies (or browser cookies) and similar technologies. A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you disable or refuse cookies, please note that some parts of our Site may then be inaccessible or not function properly. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Site.

Log file information. Log file information is automatically reported by your browser each time you make a request to access (i.e. visit) a web page. It can also be provided when the content of the web page is downloaded to your browser or device. When you use our Site, our servers automatically record certain log file information, including your web request, IP address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on our Site, domain names, landing pages, pages viewed, and other such information. The information allows for more accurate reporting and improvement of our Site.

Device identifiers. When you use a mobile device like a tablet or phone to access our Site, we may access, collect, monitor, store on your device, and/or remotely store one or more "device identifiers". Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, operating system or other software, or data sent to the device by our Site. A device identifier may deliver information to us or to a third party partner about how you browse and use our Site and may help us or others provide reports. Some features of our Site may not function properly if use or availability of device identifiers is impaired or disabled. Among others we collect the following device identifiers:

User Device ID.
Device OS.
First request time.
Language.
Region/Country.
Timezone.
Model.

4. HOW WE USE YOUR INFORMATION

We use information that we collect about you or that you provide to us, including any Personal Data:

To present our Site and its contents to you and others, which could include online ads or other forms of marketing.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
To notify you about changes to our Site or any products or services we offer or provide through it.
To diagnose or fix technology problems.
To link or combine with information we get from others or (and) from you to help understand your needs and provide you with better service.
To monitor metrics such as total number of visitors, traffic, and demographic patterns (including via third party services as specified in Section 6 of this Privacy Policy).
To improve, test, and monitor the effectiveness of our Site.
To develop and test new products and features.
In any other way we may describe, when you provide or when we collect your information or when is indicated in this Privacy Policy.
To fulfill any other purpose for which you provide it.
For any other purpose with your consent.

We will not process your Personal Data in a way that is incompatible with the purposes for which it has been collected or authorized by you in accordance with this Section 4 of this Privacy Policy or collect any Personal Data that is not required for the mentioned purposes ("purpose limitation principle").

For any new purpose of processing we will ask for your separate consent. To the extent necessary for those purposes, we take all reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete and current. We also undertake to collect only such amount and types of Personal Data that are strictly required for the purposes mentioned in this Section of the Privacy Policy ("data minimization principle").

5. YOUR RIGHTS

Access, modification, correction and erasure. You can send us an email at [email protected] to request access to, modification, correction, update, erasure or deletion of any Personal Data that you have provided to us and that we have about you. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

EEA residents. Individuals residing in the European Economic Area ("EEA") have certain statutory rights in relation to their Personal Data, such as introduced by the General Data Protection Regulation ("GDPR"). Subject to any exemptions provided by law, you may have the right to request access to your Personal Data (including in a structured and portable form), as well as to seek to update, delete or correct your Personal Data. You can do this by writing to us at [email protected].

Access to your Personal Data and Data Portability. You have a right to request information about whether we have any Personal Data about you, to access your Personal Data (including in a structured and portable form) that you have provided to us, when using our Site, and that we have about you. You can do this by writing to us.
Rectification of Personal Data and Restriction of Processing. You are responsible for ensuring the accuracy of your Personal Data that you provide to us. Inaccurate information may affect your experience when using our Site tools and our ability to contact you as described in this Privacy Policy. If you believe that your Personal Data is inaccurate, you have a right to contact us and ask us to correct such Personal Data as described above. You shall also have the right to demand restriction of processing of your Personal Data, if you contest the accuracy of the Personal Data which inaccuracy is verified by us.
Erasure of your Personal Data. If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you have withdrawn your consent or object to the processing of your Personal Data, or where the processing of your Personal Data does not otherwise comply with the GDPR, you have the right to contact us and ask us to erase such Personal Data as described above. Please be aware that erasing some Personal Data may affect your ability to use the Site.
Right to object processing of your Personal Data. You can object to and stop us from processing your Personal Data by writing to us. Please be aware that our inability to process some Personal Data may affect your ability to use the Site.
Notification requirements. We commit to notify you promptly and your data protection authority within the timeframe specified in applicable law (72 hours) about any Personal Data breaches in relation to you.
Data Protection Authorities. Subject to the GDPR, you also have the right to (i) restrict our use of the Personal Data and (ii) lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with the GDPR.

Please keep in mind that in case of a vague access, erasure, objection request or any other request in exercise of the mentioned rights we may engage you in a dialogue so as to better understand the motivation for the request and to locate responsive information. In case this is impossible, we reserve the right to refuse granting your request.

Following the provisions of the GDPR we might also ask you to prove your identity (for example, by requesting an ID or other proof) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties are violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.

Please note that we will grant your request within 30 days after receiving it, but it may take up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems - this is due to the size and complexity of the systems we use to store data.

Your California Privacy Rights. If you are a California resident, California law may provide you with additional rights regarding our use of your Personal Data. To learn more about your California privacy rights, visit the following link.

6. SHARING OF COLLECTED INFORMATION

We may disclose aggregated information about our Users, and information that does not identify any individual, without restriction. We may remove parts of data that can identify you and share anonymized data with other parties. We may also combine your information (including Personal Data) with other information in a way that it is no longer associated with you and share that aggregated information.

We will not rent or sell your Personal Data to third parties outside Prisma (or the group of companies of which Prisma is a part) without your consent, except as parties with whom we may share your information in accordance with this Privacy Policy.

Parties with whom we may share your Personal Data. We may share your Personal Data (including but not limited to, information from cookies, log files, device identifiers and usage data) with businesses that are legally part of the same group of companies that Prisma is part of, or that become part of that group ("Affiliates"). Affiliates may use this information to help provide, understand, and improve the Site (including by providing analytics). Such Affiliates are bound by the rules of this Privacy Policy.

We also may share your Personal Data as well as information from tools like cookies, log files and device identifiers with third-party organizations such as contractors and service providers that we use to support our business and who are bound by reasonable confidentiality and data protection terms to keep your Personal Data confidential and use it only for the purposes for which we disclose it to them ("Service Providers").

The parties we share your Personal Data with are either EU-based or compliant with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks that ensure that European data privacy requirements are met. We also utilize standard contractual clauses and other contractual safeguards in order to protect your privacy and insure that all transfers of your Personal Data are safe and compliant with applicable laws.

What happens in the event of a change of control. If we sell or otherwise transfer part or the whole of Prisma or our assets to another organization (e.g., in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation), your Personal Data and any other information collected through the Site may be among the items sold or transferred. The buyer or transferee will have to honor the commitments we have made in this Privacy Policy.

Responding to legal requests and preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects Users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

7. HOW WE STORE, PROCESS AND TRANSFER YOUR PERSONAL DATA

General. The Company is based in the United States and the information we collect is governed by U.S. law. Please be advised that U.S. law and laws of other countries may not offer the same protections as the law of your jurisdiction.

EEA and Swiss residents. Please bear in mind that we may transfer your Personal Data to the United States which data protection is not deemed adequate under applicable data protection laws.

However, we comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EEA and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles ("Principles"). If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall prevail. To learn more about the Privacy Shield program, and to view our certification, please visit the following link.

Complaints and Dispute Resolution. In compliance with the Principles, we commit to resolve complaints about our collection or use of your Personal Data. EEA and Swiss residents with inquiries or complaints regarding our Privacy Policy should first contact us (for contact information, please, see How to Contact Us Section).
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the following link for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Arbitration. You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through an European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.
U.S. Federal Trade Commission Enforcement. Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission ("FTC").

Data security. We use reasonable and appropriate information security safeguards to help keep the Collected Information (including your Personal Data) secure and to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to or via our Site or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of security measures contained on the Site. Please understand that there is no ideal technology or measure to maintain 100% security. Among others, we utilize the following information security measures:

Pseudominization of certain categories of your Personal Data.
Encryption of your Personal Data in transit and in rest.
All information you provide to us is stored on our secure servers behind firewalls.
Systematic vulnerability scanning and penetration testing.
Organizational and legal measures. For example, our employees have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of the Site. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal Data.
Conducting periodical data protection impact assessments in order to ensure that our Site fully adheres to the principles of "privacy by design", "privacy by default" and others. We also commit to undertake privacy audit in case of Prisma’s merger or takeover.

Third-party (onward) transfers and Privacy Shield compliance. In the context of an onward transfer, we have responsibility for the processing of Personal Data we receive under the Privacy Shield or generally from the EEA and Swiss residents and subsequent transfer to a third party acting as an agent on our behalf. We remain liable under the Principles and GDPR, if our agent processes such Personal Data in a manner inconsistent with the Principles and GDPR, unless we prove that we are not responsible for the event giving rise to the damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.

If we receive Personal Data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the Personal Data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

8. CHILDREN’S PRIVACY

General age limitation. Our Site is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to use our Site. If you are under 13, do not use or provide any information on this Site or through any of its features, or provide any information about yourself to us, including your name, address, telephone number or email address. In the event that we learn that we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 13, please contact us (for contact information, please, see How to Contact Us Section).

Age limitation for EEA residents. Due to requirements of the GDPR you shall be at least 16 years old in order to use our Site. To the extent prohibited by applicable law, we do not allow use of our Site by the EEA residents younger than 16 years old. If you are aware of anyone younger than 16 using our Site, please contact us (for contact information, please, see How to Contact Us Section) and we will take required steps to delete information provided by such persons.

9. OTHER WEB SITES AND SERVICES

We are not responsible for the practices employed by any websites or services linked to or from our Site, including the information or content contained within them. Where we have a link to a website or service, linked to or from our Site, you should read the privacy policy stated on that website or service.

10. HOW TO CONTACT US. EU REPRESENTATIVE AND DATA PROTECTION OFFICER

General contact details. If you have any questions about this Privacy Policy or the Site, please contact us via email at [email protected] or our mailing address:

Prisma Labs, Inc.

Suite D2028

440 N Wolfe Rd

Sunnyvale

CA 94085

Appointed EU representative. If you are a resident of the EEA and you have any questions about this Privacy Policy or the Site, please contact us via email on [email protected] or our EU representative mailing address:

DPOEU LTD

Office 902, Oval

Krinou 3, Ayios Athanasios

4103, Limassol, Cyprus
Email: [email protected]

Data Protection Officer. If you are a resident of the EEA or Switzerland and you wish to exercise your rights under Section 5 of the Privacy Policy, or you have any questions about this Privacy Policy or our privacy practices, you can contact our Data Protection Officer via email at [email protected].

11. CHANGES TO OUR PRIVACY POLICY

Prisma may modify or update this Privacy Policy from time to time, so please review it periodically. The date this Privacy Policy was last revised is identified at the top of the page. Your continued use of the Site after any modification to this Privacy Policy will constitute your acceptance of such modification.