Privacy policy.

What We Collect

When you use Athena (our AI strategic advisor)

Everything you type goes to Anthropic's Claude API. That's how AI works. Your questions, our responses, the full conversation. Anthropic processes it according to their terms. We also store anonymous conversation transcripts on our servers to improve Athena's responses and understand what visitors are curious about. Conversations that reach a meaningful length may be automatically analysed for insights. No personal identifiers are attached unless you provide them.

When you email yourself a conversation

If you choose to receive your conversation via email, we send you a copy and keep a record of your email address along with the conversation. This helps us follow up if you have questions and understand what topics matter to visitors.

When you contact us

Email address, name, whatever context you provide. We store this in our email system (Google Workspace). We use it to respond to you. That's it.

When you enquire about products

Name, email, company, what you're trying to solve. Same as above. Stored in email. Used to assess fit and respond.

When you become a client

Payment details (processed by Stripe, we never see your full card number), usage data (what tools you use, how often, credit consumption), any work you create in the tools.

When you use the diagnostics

Diagnostic tools don't use AI and don't require an account. If you choose to email your results, we store that email address and the results. Otherwise, your data isn't saved.

Cookies and Analytics

We use Google Analytics to understand how visitors interact with the site: which pages are visited, how long people stay, and where traffic comes from. Google Analytics only loads after you accept cookies via our consent banner. If you decline, no analytics cookies are set and no browsing data is collected.

We implement Google Consent Mode v2. By default, all storage is denied. When you accept cookies, analytics storage is granted. We do not use advertising cookies, retargeting, or personalised ads. No Facebook Pixel. No third-party tracking.

We also use functional cookies for authentication (Clerk) and payment processing (Stripe). These are strictly necessary for the service to work. They don't track you across the web.

We don't sell data. We don't share it with advertisers. We're not in the data business.

How We Use It

We use your data to:

• Respond to your enquiries
• Provide the services you paid for
• Improve our products based on usage patterns
• Send service updates (downtime, new features, billing issues)
• Enforce our terms (capacity limits, acceptable use)

We don't use your data to:

• Train AI models (your work stays yours)
• Market to you endlessly (we'll email about service stuff, not sales)
• Build profiles for advertising
• Sell to third parties

Who Sees It

Your data lives in three places:

Our team

The people who need to see it to help you. Support requests, account issues, product feedback.

Service providers

• Anthropic (Claude API for Athena and Lab tools)
• Clerk (authentication for member accounts)
• Google (email hosting and analytics, with your consent)
• Stripe (payment processing)
• Vercel (hosting infrastructure)

These companies have their own privacy policies. We chose them because they're serious about security. But read their terms if you want to know what they do.

Nobody else

We don't sell data. We don't trade it. We don't give it to marketing platforms. If law enforcement shows up with a valid warrant, we'll comply. Otherwise, your data stays with us.

Why Anthropic

Athena runs on Claude, built by Anthropic. We chose them deliberately.

What Anthropic does with your conversations

When you chat with Athena, your messages are processed by Anthropic's API. By default, Anthropic does not train their models on API data. Your conversations aren't feeding the machine. They process your request, generate a response, and that's it.

Anthropic may retain API inputs and outputs for up to 30 days for trust and safety purposes (detecting abuse, preventing harm). After that, it's deleted. Full details in their privacy policy.

Why we chose them

Anthropic leads in AI safety research. They built Constitutional AI, a method for training models to be helpful, harmless, and honest. While others in the AI race optimise for capability alone, Anthropic optimises for capability with responsibility.

Their models are consistently ranked among the most capable while maintaining strong safety guardrails. Claude won't help with harmful requests, manipulate users, or pretend to be something it's not. That matters when we're putting it in front of our visitors.

We pay for API access. That means we're the customer, not the product. Anthropic's business model is selling AI services, not monetising user data.

More info: anthropic.com/privacy

How Long We Keep It

• Contact enquiries: Until we respond, then archived. Deleted after 2 years unless you become a client.
• Active client data: As long as you're a client, plus 7 years for accounting/legal requirements.
• Usage logs: 90 days for debugging, then deleted.
• Chat with Athena: Anonymous transcripts stored indefinitely for service improvement. Conversations with 6+ messages may be automatically analysed for insights. Emailed conversations (with your email address) retained for 2 years.
• Anthropic: Their retention policies also apply to data processed by Claude.

Your Rights (GDPR)

If you're in the EU/UK, you have rights:

• Access: Ask what data we have on you. We'll send it within 30 days.
• Correction: Wrong email? Outdated info? Tell us. We'll fix it.
• Deletion: Want us to delete everything? We will, except what we legally must keep.
• Portability: Want your data in a usable format? We'll export it.
• Object: Don't want us processing your data for a specific purpose? Say so.
• Complain: Think we're breaking the rules? Contact your data protection authority.

To exercise these rights, email: privacy@prismaticalab.com

Security

We use industry-standard security:

• HTTPS everywhere (encrypted connections)
• Secure hosting infrastructure (Vercel)
• API keys rotated regularly
• Access controls (only authorised team members see client data)
• Regular security audits

Perfect security doesn't exist. If something goes wrong, we'll tell you immediately.

Changes to This Policy

We might update this. When we do, we'll change the date at the top. Major changes? We'll email active clients.

Questions?

Email: privacy@prismaticalab.com

Prismatica Labs Ltd
Company Number: 15595850
Registered Office: 48 Pembroke Road, London, England, W8 6NU