PRISM Privacy Policy

1. Who We Are

PRISM is operated by:

LGBTQiA Health (Pty) Ltd
Registered in South Africa
Based in Durban, KwaZulu-Natal

We are responsible for how your data is handled.

2. Our Privacy Philosophy (Straight Up)

We believe:

• You should not have to expose yourself to get support
• You should not be tracked for being human
• You should not be monetised for being vulnerable

So we:

• Collect as little data as possible
• Store it securely
• Never sell it
• Give you control

3. What Information We Collect

Information You Provide

Depending on how you use PRISM, this may include:

• Email address (for account access)
• Password (securely encrypted we can’t see it)
• Optional check-ins, reflections, or preferences
• Support or feedback messages you send us

You can use PRISM without sharing your real identity.

Automatically Collected Information

To keep PRISM working safely and smoothly, we may collect:

• Device type and operating system
• App usage events (e.g. feature interactions)
• IP address (used for security and abuse prevention)

We do not track you across other websites or apps.

4. What We Do NOT Collect

We do not:

• Require real names
• Collect sexual history
• Collect government ID numbers
• Track your location in real time
• Sell or broker personal data
• Build advertising profiles

PRISM is not an ad network. Ever.

5. How We Use Your Information

We use your information to:

• Provide and improve PRISM
• Maintain account security
• Personalise your experience within PRISM
• Respond to support requests
• Meet legal obligations where required

That’s it. No creepy extras.

6. AI & Your Data

PRISM uses AI systems to generate reflections and responses.

Important boundaries:

• AI does not know who you are
• AI does not have memory outside your account
• AI outputs are generated in-session

We do not train public AI models on identifiable user data

Your reflections stay yours.

7. Data Storage & Security

Your data is:

• Stored on secure, access-controlled infrastructure
• Encrypted where appropriate
• Accessible only to authorised systems and staff

No system is 100% invincible but we actively work to keep PRISM safe and up to date.

8. How Long We Keep Data

We keep your data:

• Only as long as your account exists
• Or as required by law

When you delete your account:

• Your personal data is permanently deleted
• This action cannot be undone

No shadow copies. No resurrection.

9. Your Rights (You’re in Control)

Under South African law (POPIA) and applicable global standards, you have the right to:

• Access your data
• Correct your data
• Delete your data
• Withdraw consent
• Ask questions about how your data is used

Most of this can be done directly inside PRISM.

10. Children & Minors

PRISM is intended for users 13 years and older.

We do not knowingly collect personal data from children under 13. If this happens accidentally, we will delete it promptly.

11. Third-Party Services

PRISM may use trusted third-party services for:

• Hosting
• Payments
• Security
• Analytics (privacy-respecting only)

These providers are contractually required to protect your data and comply with applicable laws.

12. Legal Disclosure

We may disclose information only if required by law, such as:

• A valid court order
• A lawful regulatory request

We do not volunteer user data.

13. Changes to This Policy

If we update this Privacy Policy:

• We’ll revise the “Last updated” date
• Material changes will be communicated where reasonable

Continuing to use PRISM means you accept the updated policy.