Legal Center

Pages

Privacy Policy

Effective: June 15, 2022

At Prismatic Software Inc. ("Prismatic," "we," "us," or "our"), we know how important privacy is to you. We have created this privacy policy ("Privacy Policy") to detail how information you provide to us is used and shared, and to assist you in exercising the privacy rights available to you.

To reinforce that security is a high priority, we completed a SOC 2 Type 1 security audit in November 2021. An outside security auditor verified that our security policies and practices met their stringent standards. As of May 2022, we completed our SOC 2 Type 2 security audit. Our SOC 2 certification will be audited and renewed annually.

Scope of This Policy

This Privacy Policy covers the information that we collect about you when you ("Visitor", "Customer", "User") use our website ("Website"), https://prismatic.io, or web application ("Platform"), https://app.prismatic.io, and our related online and offline offerings and software (collectively the "Services"). This policy also explains choices you can make surrounding how we use your personal and business information, and what rights you have over, and access you have to, information we collect.

Prismatic's Base of Operations

Our Website and Platform are operated by Prismatic in the United States (US), and complies with US law. If you are located outside the US please be aware that information you provide may be transferred, processed, maintained, and used on computer systems outside of your home country where privacy laws may not be as protective as those in your jurisdiction.

Types of Data We Collect

We collect a variety of information from Visitors of our Website, and Users using our Platform and associated Services.

Site Visitors

We may collect information automatically on anyone who visits our Website or Platform, using web tracking technologies like "cookies" and third-party tracking services in order to provide a better user experience and to help us analyze Website and Platform usage more thoroughly.

A cookie is a piece of textual information that a website saves on a visitor's computer. That information helps us analyze Website and Platform usage more closely, and provides additional functionality for the Platform. For example, a cookie is saved when a User logs in to our Platform, and is used to identify the User so that they don't need to re-enter login information on subsequent visits.

We also use third-party tracking services to collect data on site usage including, but not limited to, the Visitor's IP address, web browser, operating system, referring site, and date and time of each visit. For the Website and Platform we use Mixpanel to gather information about who is accessing the Website and Platform (IP address, web browser type, referring site, and date/time of each visit), and for the Platform we use Datadog's Real User Monitoring to gather data about performance, usage, and error management so we can create the best user experience possible.

Email Recipients

We send two types of emails to Users of our Services, and visitors of our website.

Marketing emails. We send marketing emails via Customer.io for the purpose of sharing information about Prismatic and promoting our Platform. These emails are opt-in through our website. Customer.io tracks whether an email has been opened, clicks within the email, User's preferred language, geolocation based on IP, email client, and date and time of activity. You can opt out of marketing emails by clicking the "unsubscribe" link at the bottom of any marketing email.

Transactional emails. We send transactional or administrative emails to customers to do a variety of tasks, including but not limited to confirming email address, sending password change links, and notifying or alerting Platform Users about Service usage. These emails may also track opens, clicks, location based on IP, email client, and date and time of activity. You cannot opt out of transactional or administrative emails.

Customers

In order to create a Prismatic account, our Customers provide information to us including name, business name, and email address. Our authorization provider (Auth0) collects email and password information for login purposes to the Platform. Our payments provider (Stripe) collects billing information (credit card information, address and name) to process payments for the Platform.

In order to create integrations within our Platform, you will likely connect your integrations to a variety of online third-party services (e.g. Amazon Web Services, Microsoft Azure, Google Cloud Platform, Dropbox, etc.). Many of these services require authentication ("Credentials" or "Connections" in the Platform). We collect and encrypt these Credentials in our Platform's database using tenant-specific encryption keys.

Prismatic will not rent or sell any personal or business information that our Customers provide to us. In order for our Website and Platform to run properly, we do share some personal or business data with certain third parties without further notice to you, as listed below:

Mixpanel. Our Website and Platform use Mixpanel (detailed above) to collect information about visitors to our Website and Platform, how often they visit the sites, what pages they visit, what they do on the pages, and the URL of the site they came from prior to coming to our site. This information is used only to understand user behavior and to improve our Services. Data collected includes your IP address, web browser type, OS version, and date and time of site activities. You can read Mixpanel's privacy policy at https://mixpanel.com/legal/privacy-policy/.

Customer.io. We use Customer.io to send transactional and campaign-based emails to assist users in successfully using the platform. Customer.io tracks whether an email has been opened, clicks within the email, User's preferred language, geolocation based on IP, email client, and date and time of activity in the email and Prismatic application. You can read Customer.io's privacy policy at https://customer.io/legal/privacy-policy/.

Segment. We use Segment to send data from our application and website listed on this page to some third parties listed on this page. You can read Segment's privacy policy at https://segment.com/legal/privacy/.

Stripe. We process payments for the Platform through the Stripe payment processing service. Credit card information is saved exclusively on Stripe's systems, but billing information is shared between Prismatic and Stripe so Prismatic Services can be billed appropriately. You can read Stripe's privacy policy at https://stripe.com/privacy.

Auth0. Prismatic Users use Auth0 to log in to our Platform. Your password is stored with Auth0, and upon login an authentication token is saved to your web browser that allows you to log in to our Platform. You can read Auth0's privacy policy at https://auth0.com/privacy/.

Salesforce.com. We use Salesforce.com to track marketing, sales, and user data and activity. You can read Salesforce.com's privacy policy at https://salesforce.com/company/privacy/.

Your team members. Prismatic's Platform is collaborative. You work with your team members to assemble integrations, manage your customers, and deploy integrations to your customers. Your team members can modify and view information about your integrations, your customers, and your deployments. You are responsible for creating accounts for your team members and assigning your team members appropriate roles and permissions.

Third party services you authorize. You can configure your integrations to connect to various third-party services ("Third-Party Services") across the internet. When you link to a Third-Party Service, we may collect relevant information necessary to connect your customers to the Third-Party Service, including but not limited to API URL endpoints and Login Credentials. Please use caution when sharing information generated by an integration with Third-Party Services. Prismatic shall have no liability or responsibility for the privacy practices of any Third-Party Service you choose to connect with.

Support Platform. We offer support to our customers through Zendesk, where users can submit support tickets to Prismatic, ask questions of support staff, etc. You can read Zendesk's privacy policy at https://www.zendesk.com/company/customers-partners/privacy-policy/.

Other uses and disclosures. We may also use and disclose your personal and business information as we believe necessary and appropriate to (1) comply with laws inside or outside your country of residence to respond to requests from public and government authorities, (2) cooperate with law enforcement, (3) enforce our terms and conditions, or (4) protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

Additionally, we host our Website and Platform in Amazon Web Services, and aggregate logs and use monitoring and alerting services of Datadog.

Business Transfer

In the event of a merger, acquisition, reorganization, sale of assets, or in the event of bankruptcy Prismatic may sell, transfer, or otherwise share some or all of its assets with another party. In these events we will make concerted efforts to notify our Users if their personal or business information is disclosed or transferred or becomes subject to a different privacy policy.

Data Retention

We will retain your personal or business information in a form that identifies you only for as long as it serves the purpose(s) for which it was originally intended as stated by this Privacy Policy, as allowed under applicable law, or subsequently authorized.

Information Security

We take the security and privacy of your personal and business information that we collect pursuant to this Privacy Policy very seriously. To protect your information from loss, misuse and unauthorized access, disclosure, alteration or destruction, we implement reasonable and appropriate security measures. We take risks involved in processing your data into account and comply with applicable laws and regulations.

Children

We do not knowingly collect personal information from children under the age of 13 through our Services. If you are under 13, please do not give us any personal information. We encourage parents of children under 13 years old to monitor their children's Internet usage to help us enforce our Privacy Policy.

If you have reason to believe your child under the age of 13 has given us personal information, please contact us and we will help to delete that personal information from our systems.

External Websites

Our Website, especially our documentation, and our Platform contain links to third-party websites. We have no control over the privacy practices nor control the content of these third-party websites that we link to. We are not responsible for the contents or privacy policies of these third-party websites. Please check each third-party's own privacy policy for terms when visiting their websites.

Submit a Data Subject Access Request

If you need to submit a data subject access request (DSAR) in accordance with GDPR, please use one of the following links:

A Summary of Your Legal Rights

Depending on your country and its applicable laws, you may have the right to:

Access personal information about you consistent with legal requirements. Additionally, in some cases you may request that your data be transferred to you or another party.
Request correction of your personal information where it is inaccurate or incomplete.
Request deletion of your personal information, subject to some legal exceptions.
Not be discriminated against by us for exercising your privacy rights.

If you would like to exercise any of these rights, please contact us using the contact information at the bottom of this Privacy Policy. We will take steps to verify your identity prior to fulfilling your request. For example, we may request that you submit your request through our Platform's support system.

Changes to This Privacy Policy

Our Services and business may change over time, so it may be necessary for Prismatic to make changes to this Privacy Policy. We reserve the right to update and modify this Privacy Policy at any time. If we update our Privacy Policy, we will post changes on this page. We encourage you to check this page often for changes, and refer to the Effective Date at the top of this page. We may also post any changes on our Website, or notify you via email depending on the magnitude of the changes as soon as the changes go into effect. By using our Services after such changes to this Privacy Policy are made, you are deemed to have accepted the changes.