Privacy Policy

We collect account and organization information (such as name, email, company, and role), billing information, and service configuration data (including provider connections and settings).

We also collect operational metadata needed to run the service, such as request timestamps, model/provider identifiers, token counts, costs, latency, attribution tags (for example team/service/environment), budget enforcement events, and alert delivery history.

By default, Prismo is designed to avoid storing prompt/response content unless a feature explicitly requires temporary processing. Customers may also use per-request zero-logging controls where supported.

We use collected information to provide and operate the Prismo platform, including:

• routing and proxying AI requests (when enabled);
• usage tracking, cost analytics, budgets, alerts, and forecasting;
• security monitoring, abuse prevention, and service reliability;
• customer support, onboarding, and product improvement;
• billing, invoicing, and account administration.

Prismo acts as an infrastructure layer between your application and supported AI providers. If you route traffic through Prismo, requests are processed to deliver gateway, analytics, and FinOps features.

We retain operational logs and metadata needed for analytics, billing, and enforcement functions. This may include request IDs, model selection outcomes, costs, token counts, and budget-related events. We do not use customer prompts or outputs to train models.

Customers are responsible for configuring request tagging, routing settings, and zero-logging options in line with their own privacy obligations.

We share information only as needed to operate the service, such as with cloud hosting providers, analytics/monitoring vendors, payment processors, and messaging providers used for alerts or support. We may also share information when required by law or to protect our rights and users.

When Prismo routes requests to an AI provider configured by you, that provider processes the request under its own terms and privacy practices.

We use reasonable technical and organizational safeguards, including encryption in transit, encryption at rest for sensitive configuration data, access controls, and audit logging. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type (for example, billing records, analytics metadata, and support records).

Prismo may process data in multiple jurisdictions. Where applicable, we use appropriate safeguards for cross-border transfers and support customer compliance efforts through documentation and contractual terms (such as a DPA, where offered).

Depending on your jurisdiction, you may have rights to access, correct, delete, or export personal information, or to object to certain processing. Organization administrators can also manage provider keys, routing settings, and alert settings from the dashboard.

To make a privacy request, contact privacy@prismo.ai.

Prismo is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the effective date above. Material changes may also be communicated through the dashboard or email.

Questions about this Privacy Policy can be sent to privacy@prismo.ai or hello@prismo.ai.