Privacy Policy

Prism Writing LLC ("we", "us", "our", or "Prism Writing") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices. We are committed to transparency and operate in compliance with U.S. federal law, Arizona state law, the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). We are based in Pima County, Arizona.

This policy applies to all services operated under prismwriting.com, including our website, Knowledge Graph, newsletter, Round Table, educational content, and any associated APIs or mobile experiences.

About Our Service

Prism Writing provides free educational content, research articles, advanced search capabilities, newsletter subscriptions, an interactive Knowledge Graph, civic debate tools (the Round Table), and media resources. Most of our content is accessible without creating an account or providing personal information.

Information We Collect

Information You Provide Directly

• Comments and Feedback: When you submit comments on the Knowledge Graph or Round Table, you may optionally provide a name/alias and email address. Comments are public; email addresses are not displayed publicly.
• Account Information: If you create an account, we collect your name, email, and any optional profile details you provide (biography, profile picture, display name, location).
• Newsletter Subscriptions: When you subscribe to our newsletter, we collect your email address and optional demographic information to provide targeted content updates.
• Contact Form: When you contact us, we collect your name, email, and message content.
• Round Table Participation: Debate contributions, poll votes, fact-check submissions, and speaker queue entries.
• Education Progress: Quiz responses, learning path progress, and course completion data when you use our educational features.
• Content Submissions: Articles, media uploads, and other content you submit through our creator tools.
• Donations: Donations are processed through third-party platforms (GoFundMe, Buy Me a Coffee). We do not directly collect or store payment information.

Information Collected Automatically

• IP Address: We collect IP addresses to prevent abuse, track upvotes/comments (one per IP), and for security purposes.
• Usage Data: Pages visited, features used, interactions with the Knowledge Graph, search queries, and navigation patterns.
• Content Engagement Analytics: We track reading time, scroll depth, article completion rates, and search queries to understand content performance and improve recommendations. This data is aggregated and anonymized.
• Technical Data: Browser type and version, operating system, device type, screen resolution, language preferences, and basic diagnostics to improve site performance.
• Referral Data: The URL that referred you to our site and your general geographic region (country/state level, not precise location).
• Cookies and Local Storage: Essential cookies for authentication and session management. See the detailed Cookies section below.

Information We Do Not Collect

• We do not collect biometric data.
• We do not collect financial or payment card information directly (third-party processors handle donations).
• We do not collect precise geolocation data.
• We do not conduct facial recognition or voice analysis.
• We do not purchase data from data brokers or third parties.

Data Categories Summary

Legal Bases for Processing (GDPR Article 6)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

• Consent (Art. 6(1)(a)): Newsletter subscriptions, optional analytics, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Performance of a Contract (Art. 6(1)(b)): Account creation, content delivery, and access to platform features you have requested.
• Legitimate Interests (Art. 6(1)(f)): Security and abuse prevention, first-party analytics for content improvement, fraud detection, and maintaining platform integrity. We have conducted balancing tests to ensure our legitimate interests do not override your rights and freedoms.
• Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws, responding to lawful requests from public authorities, and tax/financial record-keeping obligations.

Where we rely on legitimate interests, you have the right to object. Contact us to exercise this right and we will cease processing unless we demonstrate compelling legitimate grounds.

How We Use Information

• Provide the Service: Display your comments, process upvotes, deliver content, operate the Knowledge Graph, and send newsletter updates.
• Content Recommendations: Use anonymized engagement data to recommend related articles and improve search relevance.
• Newsletter Personalization: Segment newsletter content based on subscriber interests and reading behavior to provide relevant updates.
• Communication: Respond to inquiries and send notifications when users engage with your comments (if you provided an email).
• Analytics: Generate aggregated, anonymized statistics about content performance, popular topics, and reading patterns to inform editorial decisions.
• Security: Prevent abuse, spam, and fraudulent activity. Enforce our Terms of Service.
• Improvement: Understand how users interact with our content to improve the experience.
• Education Tracking: Track learning progress, quiz results, and course completions to provide personalized learning experiences.
• Legal Compliance: Meet our legal obligations under applicable law.

What We Don't Do

• We do not sell your personal information. Ever. This applies under both CCPA and GDPR definitions of "sale."
• We do not use advertising or tracking cookies.
• We do not share your information with advertisers.
• We do not create profiles for targeted advertising.
• We do not engage in "sharing" of personal information as defined by the CCPA for cross-context behavioral advertising.
• We do not use your data for purposes incompatible with those disclosed in this policy.

Automated Decision-Making

We use limited automated processing in the following areas:

• Content Recommendations: Algorithmic suggestions based on reading history and topic preferences. These do not produce legal effects and you can ignore them.
• Spam and Abuse Detection: Automated filtering of comments and submissions using pattern matching and rate limiting to prevent abuse. Flagged content is reviewed by a human before permanent action is taken.
• Fact-Check Matching (Round Table): AI-assisted matching of debate claims against our source database. All fact-check results are labeled as AI-assisted and may be reviewed by editors.
• Search Relevance Ranking: Automated scoring of search results based on relevance, recency, and quality signals.

We do not use automated decision-making that produces legal or similarly significant effects on individuals. Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing. If you believe an automated decision has materially affected you, contact us and we will provide human review.

Information Sharing

We only share information in limited circumstances:

• Service Providers: Hosting (Vercel), database (Neon/PostgreSQL), email services (for newsletters), and authentication providers (Google OAuth), under strict confidentiality and data processing agreements.
• Legal Requirements: When required by law, court order, subpoena, or to protect rights, property, or safety.
• Public Content: Comments, debate contributions, and articles you post are publicly visible with your chosen display name.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email or prominent notice on our site before your information is subject to a different privacy policy.

We do not share personal information with any entity for monetary or other valuable consideration.

International Data Transfers

Prism Writing is based in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland to the United States, we rely on:

• Standard Contractual Clauses (SCCs): We use EU Commission-approved standard contractual clauses with our service providers to ensure adequate protection for transferred data.
• Adequacy Decisions: Where available, we rely on adequacy decisions issued by the European Commission.
• Supplementary Measures: We implement technical measures including encryption in transit and at rest, access controls, and data minimization to supplement transfer safeguards.

You may request a copy of the safeguards we use for international transfers by contacting us.

Data Retention Schedule

We retain data only as long as necessary for the purposes described in this policy. Below is our retention schedule:

Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

Additional Choices

• Comment Removal: You can request removal of comments you've posted.
• Newsletter Unsubscribe: You can unsubscribe from newsletters at any time using the unsubscribe link in each email or by contacting us.
• Analytics Opt-Out: While we use first-party analytics for content improvement, you can disable JavaScript or use browser privacy settings to limit tracking.
• Opt-Out of Non-Essential Communications: You can opt out of non-essential communications at any time.

We will respond to verified rights requests within 30 days (GDPR) or 45 days (CCPA). We will not discriminate against you for exercising any of these rights. To verify your identity, we may ask you to confirm information associated with your account.

Cookies and Local Storage

We use only essential cookies necessary for the operation of our service. Here is a detailed breakdown:

Essential Cookies (Strictly Necessary)

Local Storage

• Theme Preference: Your light/dark mode preference is stored in local storage to persist across sessions.
• Education Progress: Learning path progress may be cached in local storage for performance.

What We Do Not Use

• No third-party analytics cookies (no Google Analytics, no Facebook Pixel).
• No advertising or retargeting cookies.
• No cross-site tracking cookies.
• No fingerprinting techniques.

Because we only use strictly necessary cookies, we do not require a cookie consent banner under GDPR. However, we disclose all cookie usage here for full transparency.

Data Breach Notification Procedures

We take data security seriously. In the event of a personal data breach:

Detection and Assessment

• We maintain monitoring systems to detect unauthorized access or data exposure.
• Upon detection, our incident response team will assess the scope, affected data categories, and potential impact within 24 hours.

Notification Timeline

• Supervisory Authority (GDPR): We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals' rights and freedoms, as required by GDPR Article 33.
• Affected Individuals (GDPR): Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay (GDPR Article 34).
• Arizona Law: We will notify affected Arizona residents in accordance with A.R.S. Section 44-7501, which requires notification in the most expedient manner possible and without unreasonable delay.
• Other Jurisdictions: We will comply with breach notification requirements under all applicable state and federal laws.

Notification Content

Breach notifications will include:

• A description of the nature of the breach
• The categories of data affected
• The approximate number of individuals affected
• The likely consequences of the breach
• Measures we have taken or propose to take to address the breach
• Recommendations for protective steps you can take
• Contact information for our privacy team

Notification Methods

We will notify affected individuals via email (if we have your email address), prominent notice on our website, and, where required by law, via written letter.

Social Media Integration Privacy

Our site may include social sharing buttons and links to social media platforms. Please note:

• No Embedded Trackers: We use simple hyperlinks for social sharing rather than embedded social media widgets. This means social media platforms cannot track your visit to our site through our sharing buttons.
• Google OAuth: If you sign in with Google, we receive only your name, email address, and profile picture from Google. We do not access your Google contacts, calendar, or other Google data. You can revoke this access at any time in your Google account settings.
• No Social Login Tracking: We do not track or profile your social media activity. The OAuth connection is used solely for authentication convenience.
• External Links: When you click a link to an external social media platform, you leave our site and are subject to that platform's privacy policy.

Research Data Ethics

As a platform focused on research and education, we hold ourselves to high standards regarding data used in our content:

• Source Attribution: All research data presented in our articles, Knowledge Graph, and educational content is properly attributed to its source.
• No User Data in Research: We do not use individual user data in published research or articles. Any statistics we publish about platform usage are fully aggregated and anonymized.
• Knowledge Graph Data: The Knowledge Graph contains publicly available information organized for educational purposes. It does not contain personal user data.
• Editorial Independence: Our data practices do not influence editorial decisions. Content recommendations are based on topic relevance, not commercial interests.
• Open Methodology: Our verification and fact-checking methodologies are publicly documented. We do not use opaque algorithms that could introduce bias without accountability.
• Corrections: If research data in our content is found to be inaccurate, we issue corrections transparently and update affected Knowledge Graph nodes.

Security

We implement reasonable technical and organizational measures to protect your information, including:

• HTTPS/TLS encryption for all connections
• Secure database hosting with encryption at rest (AES-256)
• Regular security reviews and dependency auditing
• Limited access to personal data on a need-to-know basis
• HttpOnly and Secure flags on all authentication cookies
• CSRF protection on all state-changing operations
• Rate limiting on API endpoints and form submissions
• Input validation and sanitization to prevent injection attacks
• Regular backups with encrypted storage

No system is completely secure. We continuously work to improve our security posture. If you discover a security vulnerability, please report it responsibly to Ariel@prismwriting.com.

Children's Privacy (COPPA Compliance)

Our service is not directed to children under 13 years of age, and we comply with the Children's Online Privacy Protection Act (COPPA).

Our Commitments

• We do not knowingly collect personal information from children under 13.
• We do not knowingly allow children under 13 to create accounts.
• Our registration process does not target or appeal to children under 13.
• We do not use any techniques designed to attract children (gamification aimed at minors, child-directed advertising, etc.).

Educational Content for Minors

While our educational content may be suitable for older students (ages 13 and above), we recommend that minors use the platform under parental or guardian supervision. Our education features that track progress require an account, which requires users to be at least 13 years old.

If We Learn of Underage Data Collection

If we learn that we have collected personal information from a child under 13 without verified parental consent:

• We will delete the information as quickly as possible.
• We will deactivate the associated account.
• We will notify the parent or guardian if contact information is available.

If you believe we have collected information from a child under 13, please contact us immediately at Ariel@prismwriting.com or call (520) 591-9667.

Users Ages 13-17

Users between 13 and 17 may use the platform, but we recommend parental awareness of their activity. For users in the EEA, the digital age of consent varies by country (generally 13-16). We comply with the applicable age requirements in each jurisdiction.

Third-Party Links and Services

Our site may contain links to external websites, including:

• Donation Platforms: GoFundMe and Buy Me a Coffee for processing contributions. These platforms have their own privacy policies and data practices.
• Source Links: Research articles, government databases, and news sources referenced in our content. We link to these for citation purposes.
• Authentication Providers: Google OAuth for sign-in. See the "Social Media Integration Privacy" section above.

We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.

Arizona-Specific Disclosures

As an Arizona-based company registered in Pima County, we comply with Arizona state privacy and data security laws:

• Data Breach Notification (A.R.S. Section 44-7501): If a security incident occurs that may have compromised your personal information, we will notify you in the most expedient manner possible and without unreasonable delay, consistent with law enforcement needs and measures necessary to determine the scope of the breach.
• Security Measures (A.R.S. Section 44-7501(B)): We implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information we hold.
• Data Disposal: When personal information is no longer needed, we dispose of it in a manner that renders it unreadable or undecipherable.

California-Specific Disclosures (CCPA/CPRA)

For California residents, the following additional disclosures apply under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Categories of Information Collected: Identifiers (name, email, IP address), internet activity (browsing history on our site, search queries), and inferences (content preferences based on reading patterns).
• Sale of Information: We have not sold personal information in the preceding 12 months and do not plan to do so.
• Sharing for Cross-Context Behavioral Advertising: We do not share personal information for cross-context behavioral advertising.
• Sensitive Personal Information: We do not collect or process sensitive personal information as defined by the CPRA.
• Financial Incentives: We do not offer financial incentives related to the collection, sale, or deletion of personal information.
• Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The agent must provide proof of authorization.
• Metrics: In the prior calendar year, we received 0 deletion requests, 0 access requests, and 0 opt-out requests. As our user base grows, we will update these metrics annually.

GDPR-Specific Disclosures (EEA, UK, Switzerland)

For users in the European Economic Area, United Kingdom, and Switzerland:

• Data Controller: Prism Writing LLC, Tucson, Arizona, USA is the data controller for your personal information.
• Data Protection Officer: For GDPR-related inquiries, contact our privacy team at Ariel@prismwriting.com.
• Legal Bases: See the "Legal Bases for Processing" section above.
• International Transfers: See the "International Data Transfers" section above.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement. A list of supervisory authorities is available at https://edpb.europa.eu.
• Data Protection Impact Assessments: We conduct DPIAs when introducing new processing activities that are likely to result in a high risk to individuals' rights and freedoms.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through:

• Updating the effective date at the top of this page
• A prominent notice on our website for material changes
• Email notification to registered users for significant changes to data practices

We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance. For material changes, we will seek renewed consent where required by applicable law.

Contact Us

For privacy-related questions, data subject requests, or complaints: