Privacy Policy

1. Introduction

Welcome to Prism ("the App", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, store, share, and protect your information when you use our mobile application.

By downloading, accessing, or using Prism, you agree to the terms outlined in this Privacy Policy. If you do not agree with our policies, please do not use the App.

2. Information We Collect

We collect the following categories of information:

2.1 Authentication Data

Email Address — Used to create and secure your account.
Password — Encrypted and stored securely; never accessible in plain text by our team.

2.2 Personal Profile Information

When you register, we collect:

First Name & Last Name — To personalize your experience.
Age — To provide age-appropriate symptom education and content.
Sex (Male or Female) — To support contextually relevant health education.
Preferred Language (English or Arabic) — To deliver the App experience in your chosen language.

2.3 Conversational Data

When you use the text or voice chat features:

Chat Messages — The content of messages you send to and receive from the AI assistant.
Conversation Titles — Automatically generated labels for your chat sessions based on your initial query.
Message Metadata — Timestamps and the language locale of each message.

2.4 Learnings Data

Through your interactions with the AI assistant, the following data may be automatically generated:

Health Terms — Key health-related terms extracted from your AI conversations by an automated background process to populate the "Your Learnings" part of your dashboard.
Educational Summaries — Brief educational descriptions summarizing the relevance of each extracted term.
Conversation References — Links between your learnings and the specific conversations they were derived from, enabling direct navigation back to the original discussion.

2.5 Voice Interaction Data

When you use the Voice Assistant feature:

Audio Streams — Real-time audio is processed via a WebRTC connection to provide voice-based interaction with the AI assistant. Audio is streamed in real time and is not permanently stored on our servers.

2.6 Technical & Diagnostic Data

Device Identifiers — Anonymous device identifiers used as fallback when no authenticated session exists.
Error Logs — In the event of app errors (e.g., authentication failures), we silently log technical error details (error code, timestamp, device context) to a secure database for debugging purposes. These logs never contain your password and are used exclusively by our development team to improve app reliability.

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Data Used
Account Creation & Authentication	Email, Password
Personalizing Your Experience	First Name, Last Name, Preferred Language
AI-Assisted Symptom Education	Chat Messages, Conversational Data
Generating Your Learnings Dashboard	Chat Messages (processed by automated AI extraction)
Voice-Based AI Interaction	Audio Streams (processed in real time)
App Reliability & Bug Fixes	Error Logs, Device Identifiers
Communication	Email (for password resets, account verification)

We do not use your data for:

Selling to third-party advertisers.
Behavioral advertising or ad targeting.
Any purpose unrelated to delivering and improving the Prism symptom education service.

4. How We Store & Protect Your Information

4.1 Data Storage

All user data is stored using Supabase, a secure cloud-hosted PostgreSQL database platform. Data is stored in data centers that employ industry-standard physical and digital security measures.

4.2 Security Measures

Encryption: Passwords are hashed and never stored in plain text. All data in transit is encrypted using TLS/SSL.
Row Level Security (RLS): Database policies ensure that each user can only access their own data. No user can view, modify, or delete another user's profile, chat history, or learnings.
Access Controls: Only authorized development personnel have access to backend systems, and all access is logged.

4.3 Data Retention

Your personal data is retained for as long as your account is active.
If you delete your account, all associated data (profile, chat history, learnings, and error logs) is permanently removed from our systems.
Error logs are retained for a maximum of 90 days for debugging purposes, after which they are automatically purged.

5. Third-Party AI Data Sharing

Prism uses third-party artificial intelligence services to power its features. Before you use any AI-powered feature, the App will ask for your explicit consent to share your data with these services. You may decline, but doing so will prevent you from using the associated features. The following sections describe exactly what data is shared, with whom, how it is collected, and for what purpose.

5.1 Google (Gemini API) — Text Chat

Who receives your data: Google LLC, via the Gemini 2.5 Flash API.

What data is sent:

The text content of your chat messages (what you type to the AI assistant).
Previous messages in the same conversation thread (to maintain conversational context).

How data is collected: When you send a text message in a chat conversation, the App transmits the above message content to Google's Gemini API in real time to generate the AI assistant's response. No personal profile data (such as your name, age, or sex) is sent.

Purpose: To generate educational responses about your symptoms.

Data protection: Google processes this data under their API terms of service. Data sent via the API is not used by Google to train their models. We require that Google provides the same or equal level of protection as described in this Privacy Policy.

5.2 OpenAI — Voice Assistant

Who receives your data: OpenAI, L.L.C., via the OpenAI Realtime API.

What data is sent:

Real-time audio streams of your voice input during Voice Assistant sessions.
Conversational context from the active voice session.

How data is collected: When you initiate a Voice Assistant session, the App establishes a WebRTC connection that streams your voice audio to OpenAI's Realtime API. Audio is processed in real time and is not permanently stored by us or by OpenAI. No personal profile data (such as your name, age, or sex) is sent.

Purpose: To provide real-time voice-based symptom education and conversational health guidance.

Data protection: OpenAI processes this data under their API data usage policies. Data sent via the API is not used by OpenAI to train their models. We require that OpenAI provides the same or equal level of protection as described in this Privacy Policy.

5.3 OpenAI — Automated Learning Extraction

Who receives your data: OpenAI, L.L.C., via the GPT-4o-mini API.

What data is sent:

The text content of the AI assistant's responses from your chat conversations.

How data is collected: After the AI assistant generates a response in a text chat conversation, a Supabase Edge Function automatically sends the assistant's message content to OpenAI's GPT-4o-mini model. This is a server-side process that runs automatically in the background.

Purpose: To extract key health terms and educational summaries from conversation content and populate your personal "Your Learnings" dashboard.

Data protection: OpenAI processes this data under their API data usage policies. Data sent via the API is not used by OpenAI to train their models. We require that OpenAI provides the same or equal level of protection as described in this Privacy Policy.

5.4 Your Consent

By creating a Prism account and agreeing to the Terms of Use, you expressly consent to the sharing of your data with the third-party AI providers described above. You can withdraw your consent at any time by deleting your account, which will permanently remove all your data.

6. AI-Assisted Conversations & Quality Review

6.1 AI Processing

Your chat messages are processed by third-party AI systems (as described in Section 5) to provide symptom education and health-related information. The AI uses your conversation content to generate relevant educational guidance.

6.2 Automated Learning Extraction

When the AI assistant responds to your messages, an automated background process (as described in Section 5.3) analyzes the assistant's responses to extract key health terms and educational summaries. These are stored in your personal "Your Learnings" dashboard. This process is fully automated and does not involve human review of individual messages.

6.3 Quality Review

Your conversations with the AI assistant may be reviewed by our team to ensure the quality, safety, and accuracy of the AI's outputs. This review process is conducted to:

Improve the AI's educational capabilities.
Identify and correct potentially inaccurate responses.
Ensure content quality standards are upheld.

Conversations used for quality review are anonymized where possible. They are never shared with third parties for commercial purposes.

6.4 Important Limitation

The AI assistant provides educational information about symptoms only. It does not provide medical diagnoses, prescriptions, or treatment plans. Always consult a licensed healthcare professional for medical advice.

7. Other Sharing of Information

Apart from the third-party AI services described in Section 5, we do not sell, rent, or trade your personal information. We may share your information only in the following additional circumstances:

Recipient	Purpose	Data Shared
Supabase (Infrastructure Provider)	Database hosting and authentication	All stored data (encrypted at rest and in transit)
Law Enforcement / Legal Authorities	Compliance with legal obligations	As required by applicable law

We require all third-party service providers to maintain appropriate security measures and to process your data only for the purposes we specify, providing the same or equal level of protection as described in this Privacy Policy.

8. Your Rights & Choices

You have the following rights regarding your personal data:

8.1 Access & Portability

You can view your profile information, chat history, and learnings at any time within the App.

8.2 Correction

You can update your personal profile information (name, age, sex, language) through the Edit Profile screen at any time.

8.3 Deletion

You can permanently delete your account and all associated data by using the Delete Account option in the App's Settings screen. This action is irreversible and will:

Remove your user profile from our database.
Delete all your chat conversations and learnings.
Remove your authentication record entirely.
Sign you out of the App permanently.

8.4 Language Preference

You can change your preferred language between English and Arabic at any time through the App's Settings.

8.5 Withdraw Consent

You may stop using the App at any time. If you wish to withdraw consent for data processing entirely, you may delete your account as described above.

9. Children's Privacy

Prism is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will promptly delete that information.

10. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence where our infrastructure providers operate. In all cases, we ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

Update the "Last Updated" date at the top of this document.
Notify you through the App if the changes are material.

Your continued use of Prism after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: hamdhanb8@gmail.com

Subject Line: Privacy Policy Inquiry — Prism