What we collect: Your email, CV, and assessment responses.
How we use it: AI analyzes your CV to help match you with jobs. We share your profile with employers you express interest in.
AI decisions: Our AI provides recommendations only—humans (employers) make all hiring decisions.
Your rights: You can access, correct, or delete your data anytime. Just email us.
We don't sell your data: Ever. We only share with employers when you express interest in roles or opt into our talent network.
The full legal details are below. If anything in the summary conflicts with the full policy, the full policy governs.
1. Introduction
Welcome to Prism. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI-powered recruitment platform.
CV/Resume: Work history, education, skills, contact details, and any other information in your uploaded CV
Career Assessment: Your responses to career assessment questions
Interview Responses: Your answers during video/audio interviews
2.2 Automatically Collected Information
Usage Data: Pages visited, time spent, features used
Device Information: Browser type, IP address, operating system
Cookies: Essential cookies for authentication and functionality
3. How We Use Your Information
AI Analysis: We use AI (Anthropic Claude) to analyze your CV and assess your fit for job roles
Job Matching: Match your profile with relevant job opportunities
Communication: Send you job-related updates and platform notifications
Platform Improvement: Analyze usage patterns to improve our service
4. AI and Automated Decision-Making
Important: Prism does NOT make hiring decisions. We use artificial intelligence to analyze CVs and provide scores to assist employers in their evaluation process.
AI scores are recommendations provided to employers, not hiring decisions
Job matching is a suggestion service—we do not accept or reject candidates
Employers always make their own hiring decisions with human review
Prism never autonomously determines employment outcomes
We actively work to minimize bias in our AI models
5. Data Sharing
We share your information with:
Employers: Companies you express interest in or are matched with can view your CV and assessment scores
Third-Party Service Providers:
Anthropic (AI CV analysis and career recommendations)
Supabase (secure data storage and authentication)
Vercel (website hosting and infrastructure)
PostHog (analytics to improve our service)
Resend (transactional emails)
ElevenLabs (optional voice features)
Legal Requirements: When required by law or to protect our rights
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our platform of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
We do NOT sell your personal data to data brokers, advertisers, or other third parties for profit.
6. Your Rights (GDPR)
Under GDPR and other privacy laws, you have the right to:
Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Data Portability: Receive your data in a machine-readable format
Object: Object to processing of your data
Withdraw Consent: Withdraw consent at any time
Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights:
Visit your account settings or contact our Data Protection Officer at tk@tryprism.com
We will respond to GDPR requests within 30 days (or notify you if we need an extension).
7. Data Retention
Active Accounts: We retain your data while your account is active
Deleted Accounts: Data is permanently deleted within 30 days of account deletion
Legal Requirements: Some data may be retained longer if required by law
8. Data Security
We implement industry-standard security measures:
Encryption of data in transit (TLS/HTTPS) and at rest
Secure authentication with encrypted passwords
Regular security audits and updates
Limited employee access to personal data
Secure cloud infrastructure (Supabase on AWS)
8.1 Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms
Document all breaches, including their effects and remedial actions taken
Provide you with information about the nature of the breach, likely consequences, and measures taken to address it
If you believe your data may have been compromised, please contact our Data Protection Officer immediately at tk@tryprism.com.
9. Cookies
We use the following types of cookies:
Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
Analytics Cookies: Help us understand how you use our platform (can be disabled)
You can control cookie preferences in your browser settings.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.
11. Children's Privacy
Prism is not intended for anyone under 18 years old. We do not knowingly collect personal information from minors. If you believe we have collected information from someone under 18, please contact us immediately at tk@tryprism.com.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.
12.1 Categories of Personal Information We Collect
We collect the following categories of personal information as defined by the CCPA:
Category
Examples
Collected
Identifiers
Name, email address, IP address
Yes
Professional/Employment Info
Work history, job titles, skills, education (from CV)
Yes
Internet/Network Activity
Browsing history on our platform, interactions with features
Yes
Geolocation Data
General location (city/country from IP)
Yes
Inferences
Career preferences, job fit scores, skill assessments
Yes
Sensitive Personal Information
Account login credentials
Yes
12.2 Sources of Personal Information
Directly from you: When you create an account, upload your CV, or complete assessments
Automatically: Through cookies and similar technologies when you use our platform
From employers: When they invite you to apply or assess for a role
12.3 Business Purposes for Collection
Providing our career assessment and job matching services
Processing your job applications and sharing your profile with employers
Analyzing and improving our AI scoring and matching algorithms
Communicating with you about your account and opportunities
Detecting and preventing fraud, abuse, and security incidents
12.4 Your California Privacy Rights
As a California resident, you have the right to:
Right to Know: Request what personal information we have collected, used, disclosed, or sold about you
Right to Delete: Request deletion of your personal information (subject to certain exceptions)
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information
Right to Limit Use of Sensitive PI: Limit how we use your sensitive personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
12.5 We Do Not Sell Your Personal Information
Prism does NOT sell your personal information to third parties.
We share your information with employers only when you express interest in roles or opt into our talent network. This is considered a business purpose, not a "sale" under CCPA.
Using the data export and deletion features in your account settings
Verification: To protect your privacy, we will verify your identity before processing your request. We may ask you to confirm information associated with your account.
Authorized Agents: You may designate an authorized agent to make a request on your behalf. The agent must provide proof of authorization (such as a signed permission or power of attorney).
Response Time: We will respond to verifiable requests within 45 days. If we need more time (up to an additional 45 days), we will notify you.
12.7 California "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. Prism does not disclose personal information to third parties for their direct marketing purposes.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Your continued use of the platform after changes constitutes acceptance of the updated policy.
14. Contact Us
For privacy-related questions or to exercise your rights, contact us at:
This privacy policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.