Privacy Policy
Policy Statement
This Privacy Policy explains how information about you is collected, used and disclosed by Prisma AI Corporation Pte Ltd.
and any of its subsidiaries or affiliated companies (collectively, "Prisma AI Corporation Pte Ltd," "we" or "us")
when you access or use our websites, or any subscription-based offerings, or services (collectively, the “Services”),
or when you otherwise interact with us.
Prisma AI provides Cognitive Visual AI / Computer Vision solutions that involve the processing of biometric, visual,
and behavioral data. This Privacy Policy outlines how we collect, use, disclose, and protect information. We are
committed to compliance with the EU General Data Protection Regulation (GDPR), the India Digital Personal Data Protection Act, 2023 (DPDP Act),
and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
1. Information We Collect
- Identity Data: Name, organization, designation, contact details.
- Authentication Data: Username, password, facial biometric for login via Veri5 solution.
- Financial Data: Billing and payment details.
- HR/Employee Data: HR, payroll, and statutory records.
- Customer Data: Images, videos, and facial/behavioral data provided by clients after consent.
- Automatically Collected Data: IP address, device ID, cookies, analytics logs.
2. Lawful Basis for Processing
- Consent – For biometric/face login.
- Contract – To deliver subscribed services.
- Legitimate Interests – Security, fraud prevention, service improvement.
- Legal Obligation – Tax, HR, and compliance.
3. How We Use the Information
- Enable face-based authentication and secure logins for investors and potential customers.
- Provide, maintain, and improve AI products/services.
- Host and secure document repositories for investors and clients.
- Monitor anomalies, fraud prevention, and enforce compliance.
- Customer support, service updates, and compliance audits.
4. Sharing of Information
- Service Providers – IT, hosting, support, auditors.
- Business Transfers – Mergers or acquisitions.
- Legal Authorities – When required by law.
- Aggregated Data – De-identified analytics for service improvement.
5. Data Retention
- Authentication data retained for subscription terms as per contractual obligation or when consent is revoked.
- Client data retained only for contract term.
- HR/finance records retained as per applicable statutory compliance and laws.
- Analytics/cookies data retained for 12–24 months.
6. Security Practices and Procedures
- AES-256 encryption and TLS protocols.
- Role-based access control and logging.
- Multi-factor authentication for admins.
- Regular audits, penetration testing, vulnerability assessment and monitoring.
- ISO 27001 (ISMS) and ISO 42001 (AI Management) certified practices.
7. International Transfers
Data transfers outside India/EU protected by Standard Contractual Clauses (SCCs) or adequacy decisions.
8. Rights of Users
- Right to access, rectify, erase, restrict, or object.
- Right to withdraw consent (where applicable).
- Right to data portability.
- Right to complain with supervisory authorities.
9. Cookies & Tracking
- We use cookies and analytics for functionality and service improvement.
- Users may disable cookies via browser settings.
10. Children’s Data
We do not knowingly collect data from children under 13 globally or 16 in the EU/India without parental consent.
11. Governance & Accountability
- Prisma AI follows ISO 27001 (ISMS) and ISO 42001 (AI Management) standards.
- Privacy impact assessments conducted for all major deployments.
- Regular training for staff handling personal data.
12. Contact & Grievance Redressal
Grievance Officer / Data Protection Officer
Email: contact@prisma.ai
13. Changes to Policy
Policy may be revised periodically with updates posted on our website. Continued use of services constitutes acceptance of revised terms.
