Data Protection Policy

1. Introduction

Prism Writing LLC is committed to protecting your personal data and respecting your privacy rights. This Data Protection Policy explains how we comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data Controller

Prism Writing LLC is the data controller responsible for your personal data. For data protection inquiries, contact us at:

• Email: privacy@prismwriting.com
• Address: Prism Writing LLC, 1000 E University Blvd PMB 342, Tucson, AZ 85719

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: When you subscribe to our newsletter or contact us
• Legitimate Interests: For website analytics and security
• Legal Obligation: To comply with laws and regulations
• Contract Performance: To provide services you request

4. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your personal data
• Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling

5. Your Rights Under CCPA (California Residents)

California residents have the right to:

• Know: What personal information we collect, use, disclose, and sell
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Non-Discrimination: Equal service and pricing regardless of privacy rights exercise

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in our Privacy Policy:

• Newsletter Subscriptions: Until you unsubscribe
• Contact Inquiries: 2 years from last contact
• Analytics Data: 26 months (Google Analytics default)
• Security Logs: 90 days

7. International Data Transfers

We use third-party services (like Google Analytics, Vercel hosting) that may process data outside the EEA. These services comply with GDPR through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Privacy Shield certification (where applicable)

8. Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for data in transit
• Encrypted databases and secure hosting
• Regular security audits and updates
• Access controls and authentication
• Incident response procedures

9. Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify supervisory authorities within 72 hours (GDPR requirement)
• Notify affected individuals without undue delay
• Provide details about the breach and remedial actions
• Document all breaches for regulatory compliance

10. Children's Privacy

Our website is not intended for children under 16 (GDPR) or 13 (COPPA). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. How to Exercise Your Rights

To exercise any of your data protection rights:

• Email us at: privacy@prismwriting.com
• Include your full name and email address
• Specify which right(s) you wish to exercise
• We will respond within 30 days (GDPR) or 45 days (CCPA)

12. Supervisory Authority

If you have concerns about our data processing practices, you have the right to lodge a complaint with a supervisory authority:

• EU Residents: Contact your national data protection authority
• UK Residents: Information Commissioner's Office (ICO)
• California Residents: California Attorney General's Office

13. Contact Information

For data protection inquiries or to exercise your rights:

14. Changes to This Policy

We may update this Data Protection Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or prominent website notice.