Home Features About Create Trip Open App
Legal

Privacy Policy

How we collect, use, and protect your information.

Last updated: March 17, 2026

1. Who We Are

Prism ("Prism," "we," "us," or "our") is a collaborative travel planning platform operated from Pennsylvania, United States. If Prism is operated by a legal entity, that entity is the data controller for purposes of this policy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, applications, and related services (collectively, the "Service").

For privacy-related questions or requests, contact us at [email protected] .

2. Information We Collect

We collect the following categories of information:

Information you provide directly:

  • Account information: Your name, email address, and profile details provided during sign-up or authentication.
  • Trip content: Flights, accommodations, activities, itineraries, expenses, chat messages, votes, and other trip details you add to Prism.
  • Invitee information: Email addresses of people you invite to trips or to the platform.
  • Account registration: Your email address when you create an account.
  • Support communications: Messages and information you provide when you contact us.

Information collected automatically:

  • Device and browser data: Browser type, operating system, and device identifiers.
  • Log data: IP address, access times, pages visited, and referring URLs.
  • Authentication and session data: Session tokens and authentication state used to keep you logged in.
  • Analytics events: Interactions with features and pages, used to understand how the Service is used.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Authenticate users and manage sessions.
  • Support collaboration and sharing within trip groups.
  • Send transactional emails, including invitations, one-time passcodes, and trip notifications.
  • Send product announcements where permitted.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Enforce our Terms of Service and protect against misuse of the Service.
  • Debug errors, monitor outages, and improve performance.
  • Improve features and the overall user experience.
  • Comply with legal obligations.

4. Collaborative Features and Shared Data

Prism is a collaborative platform. You should understand how your information may be visible to others:

  • Trip content you add (flights, stays, activities, chat messages, votes, and expenses) is visible to other members of that trip.
  • When you invite someone to a trip, they may see your name, profile information, and trip details.
  • You should not upload sensitive personal information such as passport numbers, government IDs, financial account numbers, or payment card information unless the Service explicitly supports such data. Prism is not responsible for information voluntarily shared with other trip members.
  • Information shared within a trip workspace may be visible to all members of that workspace and should not be considered private.
  • If you share booking references, personal travel details, or other information with collaborators, that is your choice. Prism is not responsible for how other trip members use information you share.

5. Information Sharing

We do not sell personal information for monetary compensation. We do not use third-party advertising cookies at this time. We may share information with service providers as described below.

  • Infrastructure providers: We use Cloudflare for hosting, content delivery, data storage, and edge computing. Your data is processed in accordance with their privacy practices.
  • Communications providers: We use third-party email services to send transactional emails such as invitations, login codes, and notifications.
  • Travel data providers: We may query third-party travel APIs to retrieve flight, accommodation, and location data on your behalf.
  • Analytics providers: We may use internal or third-party analytics tools to understand usage, improve performance, and maintain the reliability of the Service.
  • Error monitoring and security: We use error-tracking and monitoring services to detect and resolve issues, and to protect against fraud and abuse.
  • AI providers: We may use third-party AI services to provide features such as trip suggestions or content summarization. When we do, we share only the minimum data necessary.
  • Booking and referral links: We may include links to third-party booking providers or travel services. If you follow these links, those providers may collect information according to their own privacy policies.
  • Legal and compliance: We may disclose information if required by law, legal process, or government request, or to protect the rights, safety, or property of Prism, our users, or the public.
  • Business transfers: If Prism is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We retain your information as follows:

  • Account and trip data: Retained for as long as your account is active or as needed to provide the Service.
  • Account data: Retained for as long as your account is active or until you request deletion.
  • Log and analytics data: Retained for a limited period for debugging, security, and performance purposes.
  • Support communications: Retained as long as necessary to resolve your request and for our records.
  • Backups: Data may persist in backups for a limited period after deletion.

Deleted data may remain in backup systems for a limited period until those backups are overwritten. When information is no longer needed for any of these purposes, we delete or anonymize it, subject to backup retention cycles and legal obligations.

7. Data Storage and Security

Your data is stored using Cloudflare's global infrastructure. We protect your information using:

  • Encryption in transit (TLS/HTTPS).
  • Access controls limiting who can access production data.
  • Authentication protections including secure, HttpOnly session cookies.
  • Reasonable administrative and technical safeguards.

No method of transmission or storage is 100% secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

Prism uses Cloudflare and other service providers with globally distributed infrastructure. Your data may be processed in countries other than your own, including the United States. By using the Service, you acknowledge that your information may be transferred to and processed in these locations.

9. Your Rights

Depending on your location, your rights may include:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request deletion of your account and associated data.
  • Opt-out of marketing: Unsubscribe from non-essential communications at any time.
  • Account closure: Request that we close your account.
  • Portability: Where applicable, request your data in a portable format.
  • Objection or restriction: Where applicable, object to or request restriction of certain processing.

To exercise any of these rights, contact us at [email protected] . We will not discriminate against you for exercising your privacy rights.

Residents of certain U.S. states may have additional rights under applicable privacy laws, including the right to request access, deletion, or correction of personal information.

10. Cookies and Similar Technologies

Prism uses the following types of cookies and similar technologies:

  • Essential and authentication cookies: Required to log you in and maintain your session. These cannot be disabled.
  • Security cookies: Used for CSRF protection and to detect unauthorized access.
  • Preference cookies: Used to remember your settings, such as your theme preference (light or dark mode).
  • Analytics: We may use analytics tools that collect IP address, browser type, device information, and usage data to help us understand how the Service is used. These analytics are optional and only turn on after you choose "Allow analytics" in Prism's cookie consent banner. Prism does not store your name or profile details in analytics records. We do not use third-party advertising cookies or tracking pixels at this time.

You can review or change this optional analytics choice at any time.

11. Children's Privacy

Prism is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected] .

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. Continued use of Prism after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or your data, contact us at [email protected] .