Last Updated: June 26, 2024
At Prismatic Software Inc. ("Prismatic," "we," "us," or "our"), we know how important privacy is to you. We have created this privacy policy ("Privacy Policy") to detail how information you provide to us is used and shared, and to assist you in exercising the privacy rights available to you.
Scope of This Policy
This Privacy Policy covers the information that we collect about you when you ("Visitor", "Customer", "User") use our website ("Website"), https://prismatic.io, or web application ("Platform"), https://app.prismatic.io, and our related online and offline offerings and software (collectively, the "Services"). This policy also explains choices you can make surrounding how we use your personal and business information, and what rights you have over, and access you have to, information we collect.
Important Information About This Policy
While we always aim to provide complete and transparent information about how we process your personal information, we reserve the right to amend or update this Policy from time to time or to create additional policies in order to accurately reflect changed circumstances or new legal requirements. As a result, it is important that you read this Policy closely so that you are fully aware of how and why we are using your personal information.
To assist us in ensuring that we can provide the most accurate information possible, we ask that you check this Policy for updates. We also ask that, where we have an ongoing relationship with you and any of the data you have provided becomes no longer accurate, you keep us informed of this so we can amend our records accordingly. By providing us with personal information or using our Site, you expressly consent to the information-handling practices described in this Policy. If you do not agree with this Policy, please do not use our Services or provide us with your information.
Prismatic's Location
Our Website and Platform are operated by Prismatic in the United States (US). If you are located outside the US please be aware that information you provide may be transferred, processed, maintained, stored and used on computer systems outside of your home country where privacy laws may not be as protective as those in your jurisdiction.
Types of Data We Collect
We collect a variety of information from Visitors of our Website, and Users using our Platform and associated Services.
Personal Information
For the purposes of this Policy, "personal information" is any information that identifies, relates to, or can be used to contact a particular individual. We collect the following types of personal information as described below:
Website Visitors or Users
- Contact information – first name, last name, email address, name and mailing address of your organization, billing address, and telephone number.
- Marketing information – details regarding informational and promotional materials you may have requested or received from us, the services in which you are interested, your receipt of promotional communications, and information on your marketing or communication preferences.
- Communication information – copies of communications and inquiries you have submitted to us, including through email, calls, and features available on our Website.
- Device and usage information – details regarding how and when you use our Website, including the device used to connect to the Website, your IP address and device identifier, the frequency and duration of your usage, the pages you view, what websites or search terms referred you to our Website, and information about your interaction with our Website.
- Job applicant information – If you apply for a job through our Website, contact information, information regarding your qualifications and background, educational information, and any other information you provide as part of your application or the application process.
If you are a Website visitor or user, we may collect personal information when you click on or navigate our Website, request access to or use of our Services, submit online forms and surveys, contact us by email, phone, or otherwise, visit or engage with our social media pages, interact with any chatbot deployed on our Website for customer service purposes, or otherwise provide us with personal information.
We typically determine the purposes and means of processing this information and, as such, are the "data controller" for such information under the European Union’s General Data Protection Regulation ("GDPR").
Customers
In addition to the information that would be collected from our Website visitors or users described above, we collect the following types of personal information from or about the Users of our Services:
- User account information – user ID, account username, account password, account number, and other information that we may request or that you may provide relating to your account.
- Technical information – details of the third-party services you will connect to via the Services, including your credentials for such third-party service provider applications.
- Transactional information – details about your transactions with us, including method of payment, payments received, payment details, transaction history, and other information relating to the services purchased by you or your organization.
- Financial account information – details about the financial accounts you designate to make payments or receive payments for your use of the Services.
- Communication information – copies of communications and inquiries you have submitted to us, including through email, calls, and features available on our Platform.
- Customer service information – details of any communications regarding any customer experience or technical issues in using the Platform or our Services.
- Device and usage information – details regarding how and when you use our Platform, including the device used to connect to the Platform, your IP address and device identifier, the frequency and duration of your usage, the pages you view, what websites or search terms referred you to our Platform, and information about your interaction with our Platform.
We collect this information when you create a Prismatic account. In order to create a Prismatic account, our Customers provide information to us including name, business name, and email address. Our authorization provider collects email and password information for login purposes to the Platform. Our payments provider collects billing information (credit card information, address and name) to process payments for the Platform.
In order to create integrations within our Platform, you will likely connect your integrations to a variety of online third-party services (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform, Dropbox, etc.). Many of these services require authentication ("Credentials" or "Connections" in the Platform).
Information We Collect Automatically
We may collect information automatically on anyone who visits our Website or Platform, using web tracking technologies like "cookies" and third-party tracking services in order to provide a better user experience and to help us analyze Website and Platform usage more thoroughly. You can adjust your cookie settings by accessing the "Cookie Preferences" feature of our Website or indicating your preferences when prompted.
A cookie is a piece of textual information that a website saves on a visitor's computer. That information helps us analyze Website and Platform usage more closely, and provides additional functionality for the Platform. For example, a cookie is saved when a User logs in to our Platform, and is used to identify the User so that they don't need to re-enter login information on subsequent visits.
We also use third-party tracking services to collect data on site usage including, but not limited to, the Visitor's IP address, web browser, operating system, referring site, and date and time of each visit. For the Website and Platform we use Mixpanel to gather information about who is accessing the Website and Platform (IP address, web browser type, referring site, and date/time of each visit), and for the Platform we use Datadog's Real User Monitoring to gather data about performance, usage, and error management so we can create the best user experience possible.
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address, only where prevailing data privacy regulations allow us to do so. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
Some of the third-party analytics tools we use include Google Analytics. Analytics are used to create reports and statistics on the performance of our Website and present you with content tailored to your interests. Analytics can be used to collect information such as IP address, type of device, operating system, referring URLs, country information, date and time of page visits, and which pages you visit the most. You can find more information about how data is collected and processed in connection with the Google Analytics service here. You can also read Google’s privacy policy here.
We use these technologies to help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Services. You are free to decline our automated technologies (in whole or part) if your browser or browser add-on permits, unless our automated technologies are required to operate our websites, prevent fraud, or ensure the security of websites we control. However, declining our automated technologies may interfere with your use of our Services.
The information collected through these technologies may be combined with personal information or aggregated with other information on Website visits. We may share information about your use of our Services with our advertising and analytics partners, who may combine it with other information that you previously provided to them.
Email Recipients
We send two types of emails to Users of our Services, and visitors of our website.
Marketing emails. Prismatic may send you direct marketing communications from time to time, including news, updates, offers, and other promotions relating to our Services. We will only send marketing messages where the law allows us to do so and, in the event that you no longer wish to receive marketing communications from us, then you can always unsubscribe using the option provided in the footer of the communication you have received or by contacting us using the information below.
Transactional emails. We send transactional or administrative emails to customers to do a variety of tasks, including but not limited to confirming email address, sending password change links, and notifying or alerting Platform Users about Service usage. These emails may also track opens, clicks, location based on IP, email client, and date and time of activity. You cannot opt out of transactional or administrative emails.
Information from Other Sources
We may obtain both personal and non-personal information about you from our vendors, business partners, and other third parties and add it to other information we have collected. We, and the third parties we engage, may combine information we collect from you with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.
How We Use Personal Information
We (or service providers acting on our behalf) may use the personal information identified above for the following purposes:
- Performing our contract with you or your business or organization.
- Providing you information about our Services, including documentation related to the access and use of the Platform.
- Providing and optimizing your experience as part of our Services and ensuring that we present our content to you in the most effective manner.
- Gaining insights into who our customers are and who may be an audience of potential customers.
- Communicating with you and responding to your inquiries and communicating regarding our Services and other technical or customer service issues.
- Sending you promotional or informational communications and materials, tracking your marketing preferences, and for our internal marketing purposes.
- Developing, updating, and improving our Services, Customer experience, and otherwise improving our knowledge and insights regarding visitors to our Services.
- Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with the Services.
- Enforcing our agreements with our business partners, partner organizations and others, complying with our legal or regulatory obligations, and defending or advancing legal claims.
- Notifying you about changes to our Services or material changes to this Policy.
- Providing you with surveys or otherwise soliciting feedback from you.
- Performing other functions as otherwise described to you at the time of collection or to which you otherwise consent.
For more information about your options relating to your personal information and your communication preferences, see "Your Choices About Personal Information" below.
Disclosure of Personal Information
When the information we collect about you is aggregated, anonymized, or otherwise does not identify you, we may use that information for any purpose or disclose it to third parties, to the extent permitted by applicable law.
In order to administer our business and for our Website and Platform to run properly, we do disclose some personal or business data with certain types of third parties, as listed below:
- Online analytics providers and vendors: We use these vendors in order to understand our Website traffic and usage patterns and optimize our Website experience. Our Website and Platform use Mixpanel (detailed above) to collect information about visitors to our Website and Platform, how often they visit the sites, what pages they visit, what they do on the pages, and the URL of the site they came from prior to coming to our site. This information is used only to understand user behavior and to improve our Services. Data collected includes your IP address, web browser type, OS version, and date and time of site activities. You can read Mixpanel's privacy policy at https://mixpanel.com/legal/privacy-policy/.
- Marketing and advertising vendors: These vendors assist with hosting information, marketing automation, advertisement placement and targeting, and marketing campaigns and communications.
- Service providers we use to facilitate our business operations and administration: These third parties have access to your personal information only to perform specific tasks on our behalf. For example, our service providers include (i) our payment processors, (ii) IT and system administration providers that host our Site, (iii) data storage providers, and (iv) vendors to assist with IT support for our services or customer service issues.
- Your team members: Prismatic's Platform is collaborative. You work with your team members to assemble integrations, manage your customers, and deploy integrations to your customers. Your team members can modify and view information about your integrations, your customers, and your deployments. You are responsible for creating accounts for your team members and assigning your team members appropriate roles and permissions.
- Third party services you authorize: You can configure your integrations to connect to various third-party services ("Third-Party Services") across the internet. When you link to a Third-Party Service, we may collect relevant information necessary to connect your customers to the Third-Party Service, including but not limited to API URL endpoints and Login Credentials. Please use caution when sharing information generated by an integration with Third-Party Services. Prismatic shall have no liability or responsibility for the privacy practices of any Third-Party Service you choose to connect with.
- Regulatory authorities: Governmental authorities, law enforcement agencies, and courts, as necessary to comply with applicable laws and regulations, respond to a subpoena, search warrant, or other lawful request for information, or to otherwise protect our rights.
- Corporate transaction: Buyers or other successors prior to or in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as a part of bankruptcy, liquidation, or similar proceeding, where the information is among the assets transferred.
- Professional advisors: We may disclose your information to our lawyers, accountants, investors, bankers, and others who provide us professional services.
- Other uses and disclosures: We may also use and disclose your personal and business information as we believe necessary and appropriate to (1) comply with laws inside or outside your country of residence to respond to requests from public and government authorities, (2) cooperate with law enforcement, (3) enforce our terms and conditions, or (4) protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- Other parties for any purpose we disclose at the time you provide the information.
Your Choices About Personal Information
We respect your right to make choices about the ways we collect, use, and disclose your information. We try to offer you meaningful choices regarding your personal information. Some choices you have regarding personal information include the following.
- Marketing Emails: As required by applicable laws, you can opt-out of receiving promotional emails from us by clicking the "opt out," "unsubscribe," or similar link in any such promotional emails and following the instructions provided.
- Cookies: Depending on your browser or device, you may have the option to set the browser to accept all cookies, reject all cookies, notify you when a cookie is set, or delete cookies. Each browser and device are different, so we recommend you evaluate the tools and settings available in your browser or device, as well as any available instructions for the same. You can learn more about disabling cookies here. You can also access the "Cookies Preferences" feature of our Website in order to set your cookie preferences. Note, your rejection of cookies that are essential or necessary to the functionality of the Website may impact your experience using the Website.
- Google Analytics: We may use Google Analytics in connection with the Website. If you would like to refrain from having your data collected by Google Analytics, Google has developed an opt-out browser that you can use. You can find more information on how Google uses the information it collects here.
- Declining to Provide Information: You can choose not to provide us with information we may request through our Services, but that may result in you being unable to use certain features of our Services, request information about our services, or initiate other transactions with us.
- Do Not Track Mechanisms: Please note that our Website does not honor "Do Not Track" signals, and such signals will not impact the operation of the Services.
In addition to the above, you may contact us using the details provided at the end of this Policy with any questions about the choices relating to your personal information.
Data Retention
We will retain your personal or business information in a form that identifies you only for as long as it serves the purpose(s) for which it was originally intended as stated by this Privacy Policy, as allowed or required under applicable law, or subsequently authorized.
Information Security
We take the security and privacy of your personal and business information that we collect pursuant to this Privacy Policy very seriously. To protect your information from loss, misuse and unauthorized access, disclosure, alteration or destruction, we implement reasonable and appropriate security measures. We take risks involved in processing your data into account and comply with applicable laws and regulations.
Children
We do not knowingly collect personal information from children under the age of 16 through our Services. If you are under 16, please do not give us any personal information. We encourage parents of children under 16 years old to monitor their children's Internet usage to help us enforce our Privacy Policy.
If you have reason to believe your child under the age of 16 has given us personal information, please contact us and we will help to delete that personal information from our systems.
External Websites
Our Website, especially our documentation, and our Platform contain links to third-party websites. We have no control over the privacy practices nor control the content of these third-party websites that we link to. We are not responsible for the contents or privacy policies of these third-party websites. Please check each third-party's own privacy policy for terms when visiting their websites.
Rights Under the GDPR (EU/UK Residents)
The European Union’s General Data Protection Regulation and the United Kingdom’s version of the same (collectively, the "GDPR") afford certain rights to individuals in the European Economic Area, Switzerland, and UK. If you are in the EEA, Switzerland or UK, you have the following rights. Note, however, that not all rights apply in all circumstances.
- Right of access: subject to certain exceptions, you have the right of access to your personal information that we hold. If you are requesting access to your data in order to protect the rights of others, we may require you to validate your identity before we can release that information to you
- Right to rectify your personal information: if you discover that the information, we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e., corrected).
- Right to be forgotten: you may ask us to delete information we hold about you in certain circumstances. This right is not absolute and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
- Right to restriction of processing: in some cases, you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
- Right to object to processing: you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis.
- Right to data portability: you have the right to receive, move, copy, or transfer your personal information to another controller when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means.
With regard to the personal information we collect from Customers or visitors, we are typically the "data controller" for such information under the GDPR. As a result, if you wish to exercise one of the rights discussed above, you may do so by submitting a written request via the contact information below or the following links:
This is normally free, unless this process is unduly difficult or is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or decline to respond. Once we have received your request, we will review it and contact you within thirty (30) days of receipt of your request, will notify you of any delay in processing your request and, in any event, will respond to the request within three (3) months. Please note that we may need to request specific information from you to help us confirm your identity. If you are located in the EEA, Switzerland, or UK and have a concern about our processing of your data, you may have the right to make a complaint to the appropriate data protection authority in the EEA, Switzerland, or UK.
Lawful Basis under GDPR
We will process different types of information under different lawful bases under the GDPR depending on the nature of the information and your relationship with us. The following describes how we plan to use your personal information and our lawful basis for doing so. We may process your personal information on more than one basis depending on the specific purpose for which we have collected or are otherwise using your information.
Manage Business Relationship
Purpose/Activity
To enter into and subsequently to manage our business relationship with you including:
- Negotiating, entering into, and performing agreements with your company
- Responding to inquiries and providing customer support and service
- Managing and processing transactions for our services
- Notifying you about changes to our website, business terms, or this Policy
- Communicating with you and responding to your inquiries regarding our services, agreements with your company, and other issues
Type of Information
- Contact Information
- Transactional Information
- User Account Information
- Communications Information
- Technical Information
- Customer Service Information
- Financial Account Information
Basis of Processing
- Necessary for our legitimate interests (to manage our business relationships and administer our operations including through the keeping of appropriate records)
- Performance of a contract with you
- Necessary to comply with legal obligations
Administer and Protect Business and Website
Purpose/Activity
To administer and protect our business and website including:
- Maintaining business records for legal purposes and to comply with tax requirements
- Defending and advancing legal claims
- Enforcing our rights under any agreements
- Ensuring effective security for our services and website
- Conducting website maintenance
- Identify and address security risks and unlawful activity
Type of Information
- Contact Information
- Transactional Information
- User Account Information
- Technical Information
- Communications Information
- Customer Service Information
- Financial Account Information
- Device and Usage Information
Basis of Processing
- Necessary for our legitimate interests (running our business, facilitating administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
- Necessary to comply with legal obligations
Make Marketing Decisions
Purpose/Activity
To make decisions about how best to deliver relevant website content and advertisements to you, and otherwise market to you, and to better understand the effectiveness of our marketing efforts
Type of Information
- Marketing Information
- Transactional Information
- Communications Information
- Customer Service Information
- Device and Usage Information
Basis of Processing
Necessary for our legitimate interests (better understanding website functionality and how website users navigate and interact with the site)
Advance and Promote Business Interests
Purpose/Activity
To advance and promote our business interests including contacting you regarding services or promotions that may be of interest, conducting surveys or soliciting feedback on our services, and updating, developing, and improving our services, customer service, and marketing efforts
Type of Information
- Contact Information
- Marketing Information
- Transaction Information
- Customer Service Information
- Device and Usage Information
Basis of Processing
Necessary for our legitimate interests (to enhance our services, improve our marketing strategies and develop our business)
Respond to Employment Applications
Purpose/Activity
To respond to your request to process your application for employment
Type of Information
- Job Applicant Information
Basis of Processing
Necessary for our legitimate interests (running our business and facilitating the applications of individuals seeking employment with us)
Transfers from the EEA, Switzerland, or UK
If we transfer personal information from the EEA, Switzerland, or UK to the United States or any other country, we will implement appropriate legal mechanisms to ensure an adequate level of personal data protection consistent with the GDPR’s requirements. For example, if the recipient country has not received an Adequacy Decision from the European Commission (such as the United States), we will rely on Standard Contractual Clauses (SCC) that have been approved by the European Commission as the lawful mechanisms for such transfers. Further, we will enter into appropriate data processing agreements with all non-EU (sub)processors that contain SCCs and define data protection standards to be employed by each (sub)processor.
Nevada Privacy Rights
Under Nevada law, Nevada residents who have purchased services from us may opt out of the "sale" of "covered information" (as such terms are defined under Nevada law) for monetary consideration to a person for that person to license or sell such information to additional persons. "Covered information" includes first and last name, address, email address, and phone number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in any activities that would qualify as a sale under Nevada law.
Changes to This Privacy Policy
Our Services and business may change over time, so it may be necessary for Prismatic to make changes to this Privacy Policy. We reserve the right to update and modify this Privacy Policy at any time. If we update our Privacy Policy, we will post changes on this page. We encourage you to check this page often for changes, and refer to the "Last Updated" Date at the top of this page. We may also post any changes on our Website, or notify you via email depending on the magnitude of the changes as soon as the changes go into effect. By using our Services after such changes to this Privacy Policy are made, you are deemed to have accepted the changes.
Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
Prismatic Software Inc.
5013 S Louise Ave #122
Sioux Falls, SD 57108
Phone: 888-305-5453
Email: privacy@prismatic.io
Updated on June 26, 2024. Added language regarding data being used by online data partners or vendors to the "Information We Collect Automatically" section.