Privacy

This page summarises what PRISM stores about you, why, and how to access or delete it. For the full operational policy see the POPIA notes in the repository.

What we store

• Your Microsoft Entra user ID and the email address from your Microsoft account.
• A salted hash of your IP address and your browser's user-agent string for each skill execution.
• The text outcome you typed and the names of the skills you ran.
• Files you attached to /execute, stored in Azure Blob Storage in your account's upload container.
• Token counts and execution duration for cost tracking.
• Web Vitals beacons (LCP, INP, CLS, FCP, TTFB) — page-level only, no query strings.

What we never store

• Your raw IP address.
• Passwords (Microsoft handles authentication; PRISM only sees the resulting session token).
• Model output text after the response finishes streaming — only metrics about it persist.
• Cookies for tracking or advertising. PRISM uses one session cookie from Auth.js, nothing else.

Retention

Execution history is kept for 24 months, then automatically deleted. Uploaded files in Blob Storage follow the same 24-month lifecycle.

Your rights (POPIA)

• Access: email [email protected] from the email address on your account; you'll receive a JSON export of your execution history within 30 days.
• Deletion: same address. We delete your rows from the executions table and your blobs in Azure Storage. The hashed IP cannot be reversed and is removed alongside the row.
• Correction: change your name or email in your Microsoft account; PRISM updates on next sign-in.

Where the data lives

PRISM runs on Microsoft Azure. The PostgreSQL database storing your execution history, the Blob Storage container for uploads, and the Azure OpenAI deployment that generates output are all in the region documented in the running deploy. Region choice is recorded in the architecture decision record at docs/adrs/0001-prism-prod-region.md.

Last updated: 2 May 2026.