1. Who we are
PRISM ("we," "us," "our") is an AI-native services company. Our principal office is in Lagos, Nigeria. For privacy-related inquiries, you can reach us at contact@prismgroups.net.
2. What we collect
We collect three categories of information:
- Contact & engagement information. Name, email address, company name, role, and billing details you provide when you reach out or become a client.
- Engagement materials. Files, briefs, brand assets, or other content you share with us so we can deliver a specific piece of work. You control what you send us, and it's used only for your engagement.
- Site usage data. How visitors interact with this website — pages visited, general analytics, error logs. We collect this automatically.
3. How we use it
We use the information above to:
- Scope, deliver, and support the engagement you've asked us to do
- Send transactional communications (invoices, delivery updates, scheduling)
- Understand how this website is used, so we can improve it
- Communicate with you about your engagement or, if you opt in, updates about PRISM
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information. We do not use one client's materials or data to deliver work for another client.
4. Legal bases
Where GDPR or similar regimes apply, we rely on the following legal bases:
- Contract. To deliver the engagement you've asked us to perform.
- Legitimate interest. To secure our systems, prevent fraud, and improve our work.
- Consent. For marketing communications, where required.
- Legal obligation. Where we're required by law to retain or disclose information.
5. Sharing
We share information in limited cases:
- With infrastructure and tooling providers who support our delivery work (under confidentiality obligations)
- With payment processors (limited to billing data)
- Where required by law, valid legal process, or to protect rights and safety
If PRISM is ever involved in a merger or acquisition, your information may transfer to the new entity, but the privacy commitments in this policy continue to apply.
6. Retention
We retain client information for as long as needed to deliver and support the engagement, plus a reasonable period afterward for records and any follow-on work. Engagement materials are deleted or returned on request once an engagement concludes, except where we're required to retain something by law (for example, financial records).
7. Your rights
Depending on your jurisdiction, you have rights including:
- Access — request a copy of the personal data we hold
- Correction — ask us to fix inaccuracies
- Deletion — ask us to delete your information
- Portability — receive a machine-readable export
- Objection — object to certain processing
- Withdraw consent — where processing is based on consent
To exercise any of these, email contact@prismgroups.net. We respond within 30 days.
8. International transfers
Information may be processed in regions other than where you're located. Where we transfer EU/UK personal data outside those regions, we use Standard Contractual Clauses or other lawful transfer mechanisms.
9. Security
We use encrypted storage and transmission, restricted access to client materials, and standard security practices appropriate to a small services team. No system is perfectly secure; we work to make ours as close to that as is realistic, and we'll tell you plainly if that ever changes materially.
10. Children
Our services are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have, contact us and we'll delete it.
11. Changes
We may update this policy. Material changes are announced by email to active clients, or posted here, at least 30 days before they take effect.
12. Contact
For privacy questions: contact@prismgroups.net.