Skip to main content

Privacy Policy

Last updated: March 25, 2026

1. Information We Collect

Account Data: When you register, we collect your name, email address, and a hashed password. If you sign in via Google or GitHub, we receive your name, email, and profile image from those providers.

Documents: Markdown documents you create or import are stored in your browser (localStorage/IndexedDB) by default. If you opt into cloud sync (Pro plan), documents are encrypted and stored on our servers.

Usage Data: We collect anonymous usage metrics (page views, feature usage) to improve the product. No personally identifiable information is included.

API Keys: If you provide OpenAI, Anthropic, or other API keys for AI features, these are stored locally in your browser and optionally synced (encrypted) to your account. We never access or use your API keys.

2. How We Use Your Information

  • To provide and maintain the Prism MD service
  • To authenticate you and manage your account
  • To sync your settings and documents across devices (if enabled)
  • To process payments via Stripe (Pro plan)
  • To send transactional emails (password resets, account changes)
  • To improve the product based on aggregate usage patterns

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe — for payment processing (name, email)
  • Vercel — our hosting provider (server logs, IP addresses)
  • GitHub/Google — only if you use OAuth sign-in

4. Your Rights (GDPR/CCPA)

You have the right to:

  • Access — View all data we hold about you (Account Settings → Export Data)
  • Rectify — Update your personal information at any time
  • Delete — Delete your account and all associated data (Account Settings → Delete Account)
  • Export — Download your documents and account data
  • Withdraw consent — Opt out of cloud sync at any time

To exercise these rights, use the in-app settings or contact us at privacy@prismmd.app.

5. Cookies

We use only essential cookies for authentication (session tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Data Retention

Account data is retained until you delete your account. Documents stored locally persist in your browser until cleared. Cloud-synced documents are deleted within 30 days of account deletion.

7. Security

Passwords are hashed with bcrypt (12 rounds). All connections use HTTPS. Cloud documents are encrypted at rest. We follow security best practices including rate limiting, CSRF protection, and Content Security Policy headers.

8. Children

Prism MD is not directed at children under 13. We do not knowingly collect data from children under 13.

9. Changes

We may update this policy. Significant changes will be communicated via email or in-app notification.

10. Contact

Questions? Email us at privacy@prismmd.app.

← Back to Prism MD