Terms of Service, Acceptable Use, Privacy, and Security information for Prismatic.
Effective: June 15, 2022
To reinforce that security is a high priority, we completed a SOC 2 Type 1 security audit in November 2021. An outside security auditor verified that our security policies and practices met their stringent standards. As of May 2022, we completed our SOC 2 Type 2 security audit. Our SOC 2 certification will be audited and renewed annually.
Our Website and Platform are operated by Prismatic in the United States (US), and complies with US law. If you are located outside the US please be aware that information you provide may be transferred, processed, maintained, and used on computer systems outside of your home country where privacy laws may not be as protective as those in your jurisdiction.
We collect a variety of information from Visitors of our Website, and Users using our Platform and associated Services.
We may collect information automatically on anyone who visits our Website or Platform, using web tracking technologies like "cookies" and third-party tracking services in order to provide a better user experience and to help us analyze Website and Platform usage more thoroughly.
A cookie is a piece of textual information that a website saves on a visitor's computer. That information helps us analyze Website and Platform usage more closely, and provides additional functionality for the Platform. For example, a cookie is saved when a User logs in to our Platform, and is used to identify the User so that they don't need to re-enter login information on subsequent visits.
We also use third-party tracking services to collect data on site usage including, but not limited to, the Visitor's IP address, web browser, operating system, referring site, and date and time of each visit. For the Website and Platform we use Mixpanel to gather information about who is accessing the Website and Platform (IP address, web browser type, referring site, and date/time of each visit), and for the Platform we use Datadog's Real User Monitoring to gather data about performance, usage, and error management so we can create the best user experience possible.
We send two types of emails to Users of our Services, and visitors of our website.
Marketing emails. We send marketing emails via Customer.io for the purpose of sharing information about Prismatic and promoting our Platform. These emails are opt-in through our website. Customer.io tracks whether an email has been opened, clicks within the email, User's preferred language, geolocation based on IP, email client, and date and time of activity. You can opt out of marketing emails by clicking the "unsubscribe" link at the bottom of any marketing email.
Transactional emails. We send transactional or administrative emails to customers to do a variety of tasks, including but not limited to confirming email address, sending password change links, and notifying or alerting Platform Users about Service usage. These emails may also track opens, clicks, location based on IP, email client, and date and time of activity. You cannot opt out of transactional or administrative emails.
In order to create a Prismatic account, our Customers provide information to us including name, business name, and email address. Our authorization provider (Auth0) collects email and password information for login purposes to the Platform. Our payments provider (Stripe) collects billing information (credit card information, address and name) to process payments for the Platform.
In order to create integrations within our Platform, you will likely connect your integrations to a variety of online third-party services (e.g. Amazon Web Services, Microsoft Azure, Google Cloud Platform, Dropbox, etc.). Many of these services require authentication ("Credentials" or "Connections" in the Platform). We collect and encrypt these Credentials in our Platform's database using tenant-specific encryption keys.
Prismatic will not rent or sell any personal or business information that our Customers provide to us. In order for our Website and Platform to run properly, we do share some personal or business data with certain third parties without further notice to you, as listed below:
Your team members. Prismatic's Platform is collaborative. You work with your team members to assemble integrations, manage your customers, and deploy integrations to your customers. Your team members can modify and view information about your integrations, your customers, and your deployments. You are responsible for creating accounts for your team members and assigning your team members appropriate roles and permissions.
Third party services you authorize. You can configure your integrations to connect to various third-party services ("Third-Party Services") across the internet. When you link to a Third-Party Service, we may collect relevant information necessary to connect your customers to the Third-Party Service, including but not limited to API URL endpoints and Login Credentials. Please use caution when sharing information generated by an integration with Third-Party Services. Prismatic shall have no liability or responsibility for the privacy practices of any Third-Party Service you choose to connect with.
Other uses and disclosures. We may also use and disclose your personal and business information as we believe necessary and appropriate to (1) comply with laws inside or outside your country of residence to respond to requests from public and government authorities, (2) cooperate with law enforcement, (3) enforce our terms and conditions, or (4) protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
If you have reason to believe your child under the age of 13 has given us personal information, please contact us and we will help to delete that personal information from our systems.
If you need to submit a data subject access request (DSAR) in accordance with GDPR, please use one of the following links:
Depending on your country and its applicable laws, you may have the right to:
- Access personal information about you consistent with legal requirements. Additionally, in some cases you may request that your data be transferred to you or another party.
- Request correction of your personal information where it is inaccurate or incomplete.
- Request deletion of your personal information, subject to some legal exceptions.
- Not be discriminated against by us for exercising your privacy rights.
1300 W 57th St, Suite 200
Sioux Falls, SD 57108