Privacy Policy

Last updated: 2026-05-18

1. Who we are

Prismix (operated at prismix.dev, "we", "us") tracks the live status of 77 AI services, aggregates AI news from 71 curated publishers, and forwards alerts + digests to its users. This policy explains what we collect, why, and the choices you have. Contact: /contact.

This policy distinguishes between three audiences. Anonymous visitors can read every public surface (status, news listings, individual articles, RSS feeds, the public REST API) without an account; we store nothing tied to them beyond transient rate-limit counters keyed on IP. Signed-in free accounts get a stable identity for stars, likes, comments, subscriptions, and email alerts on their starred services. Pro members add extra alert destinations, digest emails, comment reactions, and a higher API rate limit. Where the data we collect differs by tier we say so explicitly.

2. Data we collect

2.1 Account data (when you sign in)

• Email address you use to sign in and to receive transactional email (sign-in codes, status alerts, digests, tier-change notifications).
• An opaque user identifier we generate and use as a key in our own storage.
• If you sign in with GitHub: your GitHub user id, public login, and avatar URL. We never see your GitHub access token after the OAuth handshake — it is stored AES-GCM-encrypted with you as the AAD scope so only you can decrypt it.
• Optional profile data you fill in: username, display name, bio.

2.2 Status alert + digest preferences (signed-in)

• The services you star (so we know which transitions to notify you about).
• Additional email destinations you add for alerts (Pro). Each carries an optional per-destination service filter and theme override.
• Webhook URLs you add (Pro). Discord / Slack / generic. Hostnames + per-destination secrets are stored alongside.
• Digest schedule: opt-in flags, timezone (IANA), hour-of-day, target email, theme.
• Quiet hours (Pro) — a do-not-disturb time window that wraps midnight if needed.

2.3 News engagement (signed-in)

• Source subscriptions + tag subscriptions you toggle on /news or in the first-visit wizard. Drives the For You ranker and the optional instant-publish email (Pro).
• Articles you ♥ liked, 💬 commented on, or × dismissed. The dismiss list is a soft signal (sinks the article in your For You ranker, never hides it from anyone else).
• Per-user affinity scores — a small map of source-id → score and tag → score, updated each time you like/comment/dismiss/subscribe. Capped at top-50 per dim. Used only to rank your own For You feed; never shared, never exported.
• Comments you post: body text, post timestamp, optional edit timestamp, soft-delete marker if you remove the comment. Author name + avatar are snapshotted at post time so the thread reads consistently if you later rename. Comment reactions you place (curated 6-emoji set) are stored as a per-(user, article) map of which reactions you placed on which comments.
• Reports you file on other users' comments (Pro abuse-reporting feature). The reported comment id is stored against your account so the UI hides the Report button after you flag a row.

2.4 Operational data

• IP address — held transiently for rate-limiting (up to 60 seconds in KV) and not persisted to logs.
• Last-active timestamp on your user record, updated at most once per minute while you are browsing signed in.
• Ko-fi customer email + transaction id, when you pay for Pro. Stored on the Ko-fi side; we only retain the most recent transaction id for 90 days to deduplicate webhook retries.
• For anonymous visitors: no per-user record exists. We may keep transient short-TTL counters keyed on truncated IP for rate-limiting and a hashed device-agnostic visit counter (Cloudflare Web Analytics, cookieless) for aggregate traffic stats.

2.5 What we do NOT collect

• Browsing history outside Prismix, third-party cookies, or fingerprints.
• Precise location data. Country-level breakdown of aggregate traffic comes from Cloudflare's edge headers — never linked to a user.
• Any content of the AI tools you use — Prismix only monitors the providers' public status feeds; we have no visibility into your prompts or API traffic against them.
• Training data for AI models. Your comments, likes, reactions, and affinity scores are never used to train anything — neither ours nor a third party's.

3. How we use it

• Provide the service — render your dashboard + news feed, rank your For You tab, send alerts when your starred services flip state, send digests + new-article notifications at your chosen time + timezone.
• Send transactional email — sign-in code, status alert, digest, tier-change notification, email-confirmation for additional destinations, comment-reply notification.
• Display public content — your comments, likes, and reactions appear under each article with your display-name + avatar. Anonymous visitors can read comments but cannot post.
• Secure the service — rate-limit, idempotency markers, comment-report aggregation, abuse defence.
• Billing — Ko-fi handles all card data. We never see it. We only know whether your subscription is active.

We do not use your data to train AI models, sell it, or share it with advertisers.

4. Subprocessors

• Cloudflare — hosting (Pages, KV, Workers, Workers Cache). Global edge. Privacy-preserving Web Analytics (no cookies, no fingerprint).
• Resend — transactional email delivery (sign-in, alerts, digests, tier-change). US. Recipient address + email content are passed to Resend for sending.
• Ko-fi — optional Pro membership payments. UK. We receive a webhook with payer email + transaction metadata; card data never reaches us.
• GitHub — only if you sign in with GitHub. Standard OAuth scopes (read:user, user:email). Your access token stays encrypted-at-rest.

5. Retention

• Account data + preferences: until you delete the account.
• Encrypted GitHub OAuth token: until you disconnect or delete the account.
• Comments, likes, reactions: kept until you delete them OR delete the account. Soft-deleted comment rows are retained for 30 days for audit + abuse-trail purposes, then hard-wiped by the daily sweeper.
• Per-user affinity scores: refreshed continuously; the full map is wiped on account deletion.
• Rate-limit counters: 60 seconds.
• Sign-in code: 15 minutes (or until consumed).
• Session token: 30-day rolling lifetime, refreshed on each authenticated request.
• Alert idempotency markers (so a flapping service doesn't carpet-bomb your inbox): 7 days.
• News-publish notification markers (one per (user, article)): 90 days.
• Digest send markers (so a retried cron doesn't double-fire): 3 days (daily) / 14 days (weekly).
• Ko-fi transaction-id dedupe markers: 90 days.
• Pending Ko-fi upgrades (for payments made before an account exists): 30 days.

6. Your rights (GDPR / CCPA)

• Access — every piece of data we hold on you is visible inside the app: /profile, /alerts, /admin (if you are an admin).
• Deletion — /profile → "Delete account" schedules a soft delete with a 30-day grace period. You can recover during that window by signing back in. After 30 days a daily sweeper hard-wipes every Prismix-stored datum tied to your id.
• Rectification — edit any field directly in /profile, or reach out via /contact.
• Objection / portability — /contact; we respond within 30 days.
• Unsubscribe — every marketing-shaped email (alerts, digests) carries an RFC 8058 one-click unsubscribe header AND a footer link. The link uses an HMAC-signed token so it works without you signing in.

7. Security

See our security overview for technical details. Vulnerability reports: /contact with the "Security report" topic.

8. Cookies & local storage

We use the minimum needed to run sign-in + your preferences:

• prismix_session — HttpOnly, Secure cookie set after you sign in. Identifies your authenticated session. 30-day rolling lifetime; cleared on sign-out or account deletion.
• locale cookie — set only if you explicitly pick a language via the ?lang= URL parameter. Remembers your choice.
• theme in localStorage — your light / dark preference. Client-side only; never transmitted.

No analytics cookies, no advertising cookies, no fingerprinting. Clearing them logs you out and resets your theme preference — nothing else.

9. Children

Prismix is not directed to children under 16. If we learn we have collected such data, we will delete it.

10. Changes

We will post any material change to this page and update the "Last updated" date. Continued use constitutes acceptance.