PrismFlowBack to Home
Legal Documentation

Privacy Policy

Effective Date: July 25, 2025
Last Updated: July 25, 2025

1. INTRODUCTION

Prismflow LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. It is designed to be transparent about our practices and to help you understand your rights.

2. YOUR ROLE AND OUR ROLE REGARDING CUSTOMER DATA

A critical distinction must be made regarding the data processed through our Services.

  • You are the Data Controller: When you connect your third-party data sources (e.g., Shopify, Stripe) to our Services, you own and control that data ("Customer Data"). You determine which data sources to connect and what processing should occur through the workflows you configure. You are solely responsible for ensuring you have the legal right and authority to collect and process this Customer Data.
  • Prismflow is the Data Processor: We act as a Data Processor for your Customer Data. We process this data solely on your behalf and in accordance with your instructions, which you provide by configuring and running workflows in our Services.

3. INFORMATION WE PROCESS

We process two categories of information:

A) Account Information We Collect From You

To create and manage your account, provide our Services, and communicate with you, we collect information directly from you via our authentication provider, Clerk:

  • Identifiers: Your first name, last name, and email address.
  • Profile Information: Your profile image URL.
  • Account Activity: Timestamps related to your account, such as creation date, last sign-in, and last activity.
  • Usage Data: We collect information about how you interact with our Services, such as features used, pages visited, and workflow execution metadata. This helps us improve our platform.
  • Cookies: We use cookies and similar technologies like Google Analytics on our marketing website to understand traffic and improve our user experience.

B) Customer Data We Process On Your Behalf

Our core service is to process your Customer Data. This process is as follows:

  1. Data Ingestion: When you connect a data source, we use Fivetran to synchronize your Customer Data into a dedicated and logically isolated schema created exclusively for you within our secure Google BigQuery environment.
  2. Data Processing: We run dbt transformations on this data as instructed by the workflows you create.
  3. Data Access: You access the transformed data through the Data Viewer in our application.

4. HOW WE SHARE YOUR INFORMATION (SUBPROCESSORS)

We do not sell your personal information. We share information only with trusted third-party service providers who act as subprocessors to help us deliver the Services. Our key subprocessors include:

  • Clerk: For user authentication and account management.
  • Stripe: To process payments for your subscription.
  • Fivetran: To facilitate the creation and management of data connections.
  • Google Cloud Platform (BigQuery): As our primary data warehouse for storing and processing your Customer Data.
  • dbt Cloud & Prefect Cloud: To orchestrate and execute your data transformation workflows.
  • Google Analytics: To analyze usage of our marketing website.

5. DATA SECURITY & INTERNATIONAL TRANSFERS

  • Security Measures: We take the security of your data seriously. We implement industry-standard technical and organizational measures to protect your information. This includes data encryption at-rest and in-transit, multi-level access controls, and secure infrastructure hosted on Google Cloud Platform. While we are not yet SOC 2 compliant, we are building our systems with these security frameworks in mind.
  • Data Isolation: Your Customer Data is stored in a separate, dedicated schema within our data warehouse, ensuring strict logical isolation from other customers' data.
  • International Data Transfers: All of our services and subprocessors are located and operated within the United States. Your information will be stored and processed in the US.

6. DATA RETENTION AND DELETION

We retain your Account Information for as long as your account is active with us. If you choose to terminate your account, we will permanently delete your Account Information and all associated Customer Data from our application databases and our Google BigQuery environment within 30 days. This action is irreversible.

7. CHILDREN'S PRIVACY

Our Services are not intended for or directed at individuals under the age of 18, and we do not knowingly collect personal information from children. As the Data Controller, you are responsible for ensuring that any Customer Data you process through our Services complies with all applicable laws, including those related to the privacy of minors.

8. YOUR DATA PROTECTION RIGHTS

You have the following data protection rights:

  • The right to access – You have the right to request copies of your personal information.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

To exercise any of these rights, please contact us at privacy@prismflow.io.

9. CONTACT US

If you have any questions, comments, or concerns about this Privacy Policy, please contact us at:

Prismflow LLC
5534 Saint Joe Road, Fort Wayne, IN, 46835, USA
privacy@prismflow.io