Privacy Policy

Last updated: 2026-05-12

1. Who we are

Prismix (operated at prismix.dev, "we", "us") tracks the live status of 48 AI services and forwards alerts to its users. This policy explains what we collect, why, and the choices you have. Contact: /contact.

2. Data we collect

2.1 Account data (when you sign in)

• Email address you use to sign in and to receive transactional email (sign-in codes, status alerts, digests, tier-change notifications).
• An opaque user identifier we generate and use as a key in our own storage.
• If you sign in with GitHub: your GitHub user id, public login, and avatar URL. We never see your GitHub access token after the OAuth handshake — it is stored AES-GCM-encrypted with you as the AAD scope so only you can decrypt it.
• Optional profile data you fill in: username, display name, bio.

2.2 Alert + digest preferences

• The services you star (so we know which transitions to notify you about).
• Additional email destinations you add for alerts (Pro). Each carries an optional per-destination service filter and theme override.
• Webhook URLs you add (Pro). Discord / Slack / generic.
• Digest schedule: opt-in flags, timezone (IANA), hour-of-day, target email, theme.

2.3 Operational data

• IP address — held transiently for rate-limiting (up to 60 seconds in KV) and not persisted to logs.
• Last-active timestamp on your user record, updated at most once per minute while you are browsing signed in.
• Ko-fi customer email + transaction id, when you pay for Pro. Stored on the Ko-fi side; we only retain the most recent transaction id for 90 days to deduplicate webhook retries.

2.4 What we do NOT collect

• Browsing history, third-party cookies, or fingerprints.
• Demographics or geography.
• Any content of the AI tools you use — Prismix only monitors the providers' public status feeds; we have no visibility into your prompts or API traffic.

3. How we use it

• Provide the service — render your dashboard, send alerts when your starred services flip state, send digests at your chosen time + timezone.
• Send transactional email — sign-in code, alert, digest, tier-change notification, email-confirmation for additional destinations.
• Secure the service — rate-limit, idempotency markers, abuse defence.
• Billing — Ko-fi handles all card data. We never see it. We only know whether your subscription is active.

We do not use your data to train AI models, sell it, or share it with advertisers.

4. Subprocessors

• Cloudflare — hosting (Pages, KV, Workers, Workers Cache). Global edge. Privacy-preserving Web Analytics (no cookies, no fingerprint).
• Resend — transactional email delivery (sign-in, alerts, digests, tier-change). US. Recipient address + email content are passed to Resend for sending.
• Ko-fi — optional Pro membership payments. UK. We receive a webhook with payer email + transaction metadata; card data never reaches us.
• GitHub — only if you sign in with GitHub. Standard OAuth scopes (read:user, user:email). Your access token stays encrypted-at-rest.

5. Retention

• Account data + preferences: until you delete the account.
• Encrypted GitHub OAuth token: until you disconnect or delete the account.
• Rate-limit counters: 60 seconds.
• Sign-in code: 15 minutes (or until consumed).
• Session token: 30-day rolling lifetime, refreshed on each authenticated request.
• Alert idempotency markers (so a flapping service doesn't carpet-bomb your inbox): 7 days.
• Digest send markers (so a retried cron doesn't double-fire): 3 days (daily) / 14 days (weekly).
• Ko-fi transaction-id dedupe markers: 90 days.
• Pending Ko-fi upgrades (for payments made before an account exists): 30 days.

6. Your rights (GDPR / CCPA)

• Access — every piece of data we hold on you is visible inside the app: /profile, /alerts, /admin (if you are an admin).
• Deletion — /profile → "Delete account" schedules a soft delete with a 30-day grace period. You can recover during that window by signing back in. After 30 days a daily sweeper hard-wipes every Prismix-stored datum tied to your id.
• Rectification — edit any field directly in /profile, or reach out via /contact.
• Objection / portability — /contact; we respond within 30 days.
• Unsubscribe — every marketing-shaped email (alerts, digests) carries an RFC 8058 one-click unsubscribe header AND a footer link. The link uses an HMAC-signed token so it works without you signing in.

7. Security

See our security overview for technical details. Vulnerability reports: /contact with the "Security report" topic.

8. Cookies & local storage

We use the minimum needed to run sign-in + your preferences:

• prismix_session — HttpOnly, Secure cookie set after you sign in. Identifies your authenticated session. 30-day rolling lifetime; cleared on sign-out or account deletion.
• locale cookie — set only if you explicitly pick a language via the ?lang= URL parameter. Remembers your choice.
• theme in localStorage — your light / dark preference. Client-side only; never transmitted.

No analytics cookies, no advertising cookies, no fingerprinting. Clearing them logs you out and resets your theme preference — nothing else.

9. Children

Prismix is not directed to children under 16. If we learn we have collected such data, we will delete it.

10. Changes

We will post any material change to this page and update the "Last updated" date. Continued use constitutes acceptance.