Account Information

• Your email address (provided by Google OAuth)
• Your name (provided by Google OAuth)
• Google refresh token (encrypted and used only for Gmail API access)

Email Data Processing

• Email metadata: sender, subject, date
• Extracted action items and tasks from email content
• AI-generated summaries of actionable items
• Reminder preferences and schedules you set

What We DON'T Store

• Full email body content
• Email attachments
• Emails marked as spam or trash
• Personal emails without actionable content

We use your information solely to provide the Prism service:

• Monitor your Gmail inbox for new emails (via Google Push Notifications)
• Extract action items, tasks, and deadlines from emails
• Send you reminders for important tasks
• Display your action items in the Prism dashboard
• Improve our AI task extraction accuracy

Prism uses the Gmail API with read-only access to:

• Scope: https://www.googleapis.com/auth/gmail.readonly
• Read email messages and metadata
• Receive push notifications when new emails arrive
• Access only emails in your inbox (not spam or trash)

Important: We cannot and will never:

• Send emails on your behalf
• Delete or modify your emails
• Access your Google Drive, Calendar, or other Google services
• Share your Gmail access with third parties

• Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
• Encryption at Rest: Your data is encrypted in AWS DynamoDB using AES-256 encryption
• Secure Authentication: We use OAuth 2.0 with Google, never storing your Google password
• Infrastructure: Hosted on AWS with enterprise-grade security and compliance
• Access Controls: Strict access controls and audit logging for all data access

• Action Items: Retained until you mark them complete or delete them
• Completed Tasks: Retained for 30 days for your reference, then automatically deleted
• Email Metadata: Retained for 7 days for processing, then deleted
• Account Deletion: All your data is permanently deleted within 24 hours of account deletion

You can request immediate deletion of all your data by emailing prism.privacy@lab1908.com

You have complete control over your data:

• Access: View all data we have about you in your dashboard
• Correction: Edit or update your action items at any time
• Deletion: Delete individual items or your entire account
• Portability: Export your action items in JSON or CSV format
• Revoke Access: Disconnect Prism from your Google account at any time via Google Account settings

We use the following third-party services:

• Google OAuth & Gmail API: For authentication and email access
• Amazon Web Services (AWS): For hosting and data storage
• AWS Bedrock (Claude AI): For analyzing emails and extracting action items
• Vercel: For hosting our web application

These services are carefully selected for their security and privacy standards. We never share your personal data with any other third parties.

Prism is designed for parents and adults managing family responsibilities. We do not knowingly collect information from children under 13. If you believe we have inadvertently collected information from a child, please contact us immediately.

We may update this privacy policy from time to time. We will notify you of any material changes by email and update the "Last updated" date above. Your continued use of Prism after changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy or how we handle your data:

• Email: prism.privacy@lab1908.com
• Address: Lab 1908 LLC
  1908 Selby Ave., Saint Paul, MN 55104