Privacy Policy

1. Who we are

Prismatic API operates an AI API platform available at prismaticapi.com and api.prismaticapi.com. For privacy questions, data access requests or deletion requests, contact support@prismaticapi.com.

This policy applies to visitors, account users, organization members, API users, support contacts and customers who purchase subscriptions or wallet credits.

2. Information we collect

We collect information you provide directly, information generated by your use of the service, and information received from payment, authentication, infrastructure, email and support providers. The categories may include:

• Account information such as name, email address, password hash, organization details, role, session data and security settings.
• Billing information such as selected plan, checkout status, invoices, payment provider identifiers, wallet credits, refunds, chargebacks, tax or compliance metadata, and crypto payment status where applicable.
• API and usage information such as API key prefix, hashed key identifiers, selected public model, request time, response status, token or request usage, estimated and final cost, quota consumption, rate-limit events, errors and provider routing metadata.
• Support information such as tickets, contact forms, email messages, attachments and operational notes needed to answer requests.
• Device and website information such as IP address, browser, user agent, pages visited, locale, cookies, theme, currency preference, security logs and diagnostic data.

3. API inputs, outputs and AI provider processing

When you call the API, prompts, messages, files, images, videos, parameters, generated outputs and related metadata may be transmitted to upstream AI providers and infrastructure providers so they can process the request and return a response. Provider handling of API data may depend on the selected model, provider terms and operational settings.

Do not submit sensitive personal data, protected health information, payment card data, government identifiers, passwords, private keys, confidential third-party data or content you are not authorized to process unless you have a lawful basis and the service documentation explicitly supports that use.

4. How we use information

We use information to provide, secure, bill, support, maintain and improve Prismatic API. This includes account authentication, API routing, model access control, quota enforcement, wallet reservations and settlements, fraud prevention, abuse detection, customer support, service analytics, legal compliance and communications about the service.

5. Legal bases for processing

Where GDPR, UK GDPR or similar laws apply, we process personal data based on one or more legal bases: performance of a contract, legitimate interests in operating and securing the service, compliance with legal obligations, consent where required, and protection of vital interests in limited safety or abuse cases.

6. Cookies and local preferences

We use cookies and local storage for essential service functions such as sessions, security, locale, theme and billing currency preferences. If analytics or marketing cookies are introduced, we will update this policy and provide consent controls where required by law.

7. How we share information

We share information only as needed to operate the service, comply with law, enforce terms, process payments, provide support, prevent abuse or complete a transaction requested by you. Recipients may include:

• AI model providers and upstream infrastructure providers that process API requests and outputs.
• Payment processors, merchant-of-record providers, card networks, PayPal, crypto payment providers, fraud prevention services and tax or compliance services where applicable.
• Hosting, database, email, logging, security, monitoring and customer support providers.
• Professional advisers, authorities or counterparties where required to comply with law, enforce rights, investigate abuse, prevent fraud or protect the service.
• Successors in connection with a merger, acquisition, financing, reorganization or sale of assets, subject to appropriate confidentiality protections.

8. International transfers

Prismatic API, its providers and upstream AI providers may process information in countries other than your own. Where required, we use appropriate safeguards such as contractual protections, data processing agreements or other lawful transfer mechanisms.

9. Retention

We retain personal data only as long as needed for the purposes described in this policy, including providing the service, maintaining security, resolving disputes, enforcing agreements, meeting tax/accounting requirements, processing payments and complying with law.

Typical retention periods vary by data type. Account data is kept while the account is active. Billing and ledger records may be kept as required for accounting, tax, fraud prevention and audit obligations. API usage metadata may be kept for billing, abuse prevention and operational diagnostics. Support records are kept as long as needed to resolve and document requests.

10. Security

We use technical and organizational measures designed to protect personal data, including hashed API keys, access controls, encryption where appropriate, logging, monitoring and least-privilege operational practices. No system is perfectly secure, and you are responsible for protecting your credentials, devices, API keys and integrations.

11. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, export, restrict or object to processing of your personal data, and to withdraw consent where processing is based on consent. You may also have the right to complain to a data protection authority.

To exercise rights, contact support@prismaticapi.com. We may need to verify your identity and account relationship before completing a request. Some data may be retained where required for security, billing, legal compliance, dispute resolution or fraud prevention.

12. Children

Prismatic API is not directed to children under 13, and users must be at least 18 or the age of legal majority to create an account. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact support@prismaticapi.com.

13. Changes to this policy

We may update this Privacy Policy as the service, providers, laws or business operations change. The effective date above shows the latest version. Material changes may be communicated through the website, dashboard or email where appropriate.