PRISM
Legal

Privacy Policy

How PRISM collects, uses, and protects information.

Last updated: July 2026

1. Who we are

PRISM ("we," "us," "our") is an AI-native services company. Our principal office is in Lagos, Nigeria. For privacy-related inquiries, you can reach us at contact@prismgroups.net.

2. What we collect

We collect three categories of information:

  • Contact & engagement information. Name, email address, company name, role, and billing details you provide when you reach out or become a client.
  • Engagement materials. Files, briefs, brand assets, or other content you share with us so we can deliver a specific piece of work. You control what you send us, and it's used only for your engagement.
  • Site usage data. How visitors interact with this website — pages visited, general analytics, error logs. We collect this automatically.

3. How we use it

We use the information above to:

  • Scope, deliver, and support the engagement you've asked us to do
  • Send transactional communications (invoices, delivery updates, scheduling)
  • Understand how this website is used, so we can improve it
  • Communicate with you about your engagement or, if you opt in, updates about PRISM
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information. We do not use one client's materials or data to deliver work for another client.

4. Legal bases

Where GDPR or similar regimes apply, we rely on the following legal bases:

  • Contract. To deliver the engagement you've asked us to perform.
  • Legitimate interest. To secure our systems, prevent fraud, and improve our work.
  • Consent. For marketing communications, where required.
  • Legal obligation. Where we're required by law to retain or disclose information.

5. Sharing

We share information in limited cases:

  • With infrastructure and tooling providers who support our delivery work (under confidentiality obligations)
  • With payment processors (limited to billing data)
  • Where required by law, valid legal process, or to protect rights and safety

If PRISM is ever involved in a merger or acquisition, your information may transfer to the new entity, but the privacy commitments in this policy continue to apply.

6. Retention

We retain client information for as long as needed to deliver and support the engagement, plus a reasonable period afterward for records and any follow-on work. Engagement materials are deleted or returned on request once an engagement concludes, except where we're required to retain something by law (for example, financial records).

7. Your rights

Depending on your jurisdiction, you have rights including:

  • Access — request a copy of the personal data we hold
  • Correction — ask us to fix inaccuracies
  • Deletion — ask us to delete your information
  • Portability — receive a machine-readable export
  • Objection — object to certain processing
  • Withdraw consent — where processing is based on consent

To exercise any of these, email contact@prismgroups.net. We respond within 30 days.

8. International transfers

Information may be processed in regions other than where you're located. Where we transfer EU/UK personal data outside those regions, we use Standard Contractual Clauses or other lawful transfer mechanisms.

9. Security

We use encrypted storage and transmission, restricted access to client materials, and standard security practices appropriate to a small services team. No system is perfectly secure; we work to make ours as close to that as is realistic, and we'll tell you plainly if that ever changes materially.

10. Children

Our services are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have, contact us and we'll delete it.

11. Changes

We may update this policy. Material changes are announced by email to active clients, or posted here, at least 30 days before they take effect.

12. Contact

For privacy questions: contact@prismgroups.net.