Data Sharing with Third Parties

prisma does not sell your personal information to third-party marketers. However, we do share your data with certain third parties in order to operate our service and fulfill the purposes described above. We ensure that any third party receiving personal data has a legitimate need for it and is obligated to protect it under privacy agreements. The categories of third parties with whom we share data are:

• Prospective Employers or Educational Institutions – A core feature of prisma is to match test-takers with potential opportunities. If you use prisma as a candidate (for jobs, internships, school admissions, etc.), your test results and contact information (email) may be shared with partner employers or organizations who are interested in candidates with your profile. This sharing is purpose-limited – the employers can use your data only to evaluate you for opportunities and to contact you regarding such opportunities. We will only share this data in accordance with the purpose of prisma’s services (connecting users with opportunities) and not for unrelated purposes. By taking a prisma test intended for career/educational opportunities, you consent to have your results made available to participating employers or institutions. These third parties could be located globally, so your data might be accessed from countries worldwide (since our service is global). Rest assured, any such transfers are made under confidentiality and data protection obligations.
• Payment Processors (for Employers): If you are an employer or other paying customer of prisma’s services, we will share the necessary billing information with third-party payment processors to facilitate payment transactions. This may include your name (or company name), contact details, and payment details (such as credit card information). For example, if an employer purchases a subscription or pays to access candidate results, the payment details will be handled by a certified payment processing company (e.g., credit card processor or bank). prisma itself does not store full financial information like credit card numbers; such data is transmitted directly to our payment processor in a secure way. The payment processors are contractually obligated to use this data only for processing the payment and to comply with applicable data protection and security standards.
• AI Analysis Service Providers – We use external artificial intelligence services to help analyze test responses and improve our platform’s feedback. Specifically, we may send portions of user data (such as your anonymized test answers or other relevant information) to AI-based processing services including OpenAI, Google Cloud AI, Anthropic, and xAI. These providers assist us in scoring tests, identifying patterns, or providing more nuanced analysis of free-text answers. When we share data with these AI companies, it is done solely for the purpose of analysis on our behalf – they act as our data processing partners. They are not permitted to use your personal data for their own purposes (such as training their general AI models) beyond what is necessary to deliver the analysis service to prisma. We ensure there are data processing agreements or terms in place with each such provider to protect your information. Please be aware that these AI providers may operate in the United States or other countries, so this is another form of international transfer of data. We only share the minimum data necessary (for example, your test answer text for analysis) and take steps to pseudonymize or anonymize data where feasible.
• Service providers – In addition to the above, we may share data with other trusted service providers who assist us in operating prisma. For instance, this could include cloud hosting (as noted, AWS), email delivery services (for sending verification emails or reports), or customer support tools. Each such provider only receives information as needed to perform their function and must protect it under strict confidentiality and security obligations. We maintain a list of key sub-processors and can provide more details upon request.

We do not share your personal data with any third parties except as outlined in this policy, unless we have your explicit consent or are required by law to do so. In all cases of data sharing, we remain accountable for your data and comply with the transparency and purpose limitation principles of Israeli law (meaning we only share for the purposes you have been informed about)

Minors Using prisma

prisma is intended for users of all ages, and minors (under 18 years old) are allowed to use the site and take tests. However, if you are a minor, you must review this Agreement with a parent or legal guardian. While the Israeli Privacy Protection Law currently does not have special provisions specifically for children's data, under general Israeli law minors usually cannot enter into binding agreements or provide consent for services without parental approval. By using prisma as a minor, we assume that you have obtained consent from your parent or guardian to do so. We encourage parents/guardians to supervise their children’s use of prisma and to contact us if they have any concerns about a minor’s personal data. We do not knowingly collect personal data from children under 13 without parental consent, and our platform is not directed at very young children. If you believe we have collected information from a child under 13 without consent, please contact us immediately so we can delete it.

If you are under 18, review with a parent/guardian. By agreeing, you confirm parental consent.

Your Rights and Choices

• Right of Access – You have the right to request a copy of the personal data we hold about you. This includes your profile information and any test results associated with your account. We will provide this information in a reasonable time frame as required by law.
• Right of Correction: – If any of your personal data is incorrect or outdated (for example, if you wish to update your email address), you have the right to request that we correct or update it. You can also update some information directly through your account settings (e.g., changing your email or other profile details).
• Deletion – You have the ability to delete your prisma account at any time. Deleting your account will erase your personal information and test results from our active databases. We will also instruct any third-party processors to delete your data, unless we are required to retain it for legal reasons. Israeli privacy law now includes certain deletion rights for individuals, and we honor deletion requests in good faith. Please note: once deleted, your test results and data cannot be recovered, so be sure you truly wish to delete your account before doing so.
• Right to Withdraw Consent – In cases where we rely on your consent to process data (such as using your data for connecting with employers or for AI analysis), you have the right to withdraw that consent. For example, if you previously agreed to share your results with employers but have changed your mind, you can contact us to deactivate that feature or delete your data. Withdrawal of consent will not affect the lawfulness of any processing done prior to withdrawal.
• Right to Object (Opt-Out) – If we ever engage in direct marketing or if you object to a specific data processing activity, you may have the right to object. (For instance, if in the future prisma were to send newsletters, you could opt out of those.) Currently, we do not send promotional communications without consent, so this is generally not applicable unless you have opted in.

To exercise any of these rights, you can contact us at nadav.prisma@gmail.com or use the account settings available on the platform (for account deletion, a self-service option is available). We may need to verify your identity before fulfilling certain requests (for your security). We will respond to your request within a reasonable timeframe and in accordance with applicable law. In Israel, failing to honor access or correction rights can lead to significant penalties, so we take your rights seriously and have processes in place to address them.

Data Retention and Deletion

We retain your personal data only for as long as it is needed to fulfill the purposes described in this Agreement, unless a longer retention period is required or permitted by law. In practice, this means:

• While active – If you have a prisma account, we will keep your information until you delete your account or it has been inactive for an extended period (we may anonymize or delete accounts that have been dormant for a long time, with prior notice).
• Upon deletion – If you delete your account or request deletion, we will promptly remove or anonymize your personal data from our systems (typically within 30 days, barring unforeseen technical delays). We may keep minimal information as necessary to document that your deletion request was fulfilled or to comply with legal obligations (e.g. transaction records for payments, if any, which we must retain for accounting/tax).
• Third-party copies – Data that has been shared with third parties (employers who already received your profile, or AI processors) will be either deleted or minimized according to our agreements with those parties. For instance, if an employer downloaded your test report before you deleted your account, we cannot force deletion from the employer’s systems, but that employer is contractually required to use your data only for the intended purpose and to protect it. Similarly, data sent to AI analysis services is not stored long-term by those services under our agreements (they process it in real-time and do not retain identifiable info).

We also periodically review and delete or anonymize data that is no longer needed. For example, if we ever collect log data or backups, we ensure these are purged regularly so personal info isn't kept indefinitely. Our goal is data minimization – we keep the least amount of personal data necessary and no longer

Data Security

Protecting your information is extremely important to us. We implement appropriate technical and organizational security measures to guard your personal data against unauthorized access, loss, or misuse. These measures include, for example:

• Encryption – We use encryption to protect data in transit (SSL/TLS for our website and APIs) and at rest (stored data on AWS is encrypted). This means your data is encoded to prevent unauthorized reading
• Access controls – Personal data is accessible only by authorized personnel who need it to perform their job (principle of least privilege). We restrict access to the production databases and require strong authentication for any such access.
• Monitoring and Auditing – Our systems are monitored for security events, and we keep logs of access to personal databases. Regular audits and reviews are conducted to ensure compliance with our security policies.
• Vendor Security – When we work with third-party service providers (like AWS, or AI processors), we choose reputable companies that have strong security practices. As required by Amendment 13, we have data processing agreements in place that obligate these processors to maintain strict data security standards. We also vet their practices and may request security certifications or reports to ensure your data is handled safely.
• Training and Policies – Our team is trained in data privacy and security. We maintain internal policies to ensure that we handle user data in compliance with the law and this Agreement. Any breach of data security is taken seriously and, if required, we will notify affected users and authorities in accordance with applicable laws.

While we strive to protect your data, no system can be 100% secure. However, we follow industry best practices and Israeli Data Security Regulations (5777–2017) to minimize risks. In the unlikely event of a data breach that poses a risk to your privacy, we will inform you and the regulators as required by law.

Global Service and Compliance

prisma is a global service. We provide our platform to users around the world. Our primary regulatory jurisdiction is Israel, and we comply with Israel’s Privacy Protection Law and regulations. Because we serve users globally, we also aim to respect key principles of other major data protection laws (such as the EU’s GDPR) when applicable. This means you’ll find many familiar privacy protections in our policy, like transparency about data use, ability to delete data, and requiring consent for certain data sharing, which are consistent with global standards.

If you are accessing prisma from outside Israel, note that your information will be processed as described (in Israel and the US). We consider the privacy regulations of the region you are in, to the extent they apply to us. For example, if you are an EU resident, our transfers of your data to Israel and the US are governed by measures that satisfy EU requirements (Israel is recognized as having adequate data protection, and for US transfers we implement safeguards as noted above). If you are in a jurisdiction with specific privacy rights or requirements (such as California or other regions), we aim to fulfill those as well — please contact us if you have any concerns.

Third-Party Websites

Our website may contain links to third-party websites or services (for example, an employer’s site). This Agreement does not cover those external sites. If you follow a link to a third-party site, please be aware that those sites have their own privacy policies and we do not accept responsibility for their content or practices. We encourage you to read the privacy policies of any website or service you visit via links from prisma.

Changes to This Agreement

We may update this User Agreement and Privacy Policy from time to time to reflect changes in our practices or for legal reasons. If we make material changes, we will notify users by email or by posting a prominent notice on our site prior to the change becoming effective. The "last updated" date at the top of the policy will indicate when the latest changes were made. Please review this Agreement periodically to stay informed about how we protect your information. Continued use of prisma after any changes constitutes acceptance of the updated terms.

Contact Us

If you have any questions, concerns, or requests regarding this Agreement or your personal data, please contact us at:

Email: nadav.prisma@gmail.com
Address:box 221 Bet Hashita 1080100

We are here to help and will respond to your inquiry as soon as possible. Users in Israel also have the right to contact the Privacy Protection Authority (PPA) if they believe their rights have been violated, but we encourage you to reach out to us first so we can address your concerns directly. Thank you for reading our User Agreement and Privacy Policy. By using prisma, you trust us with your personal information – we take that responsibility seriously and are committed to handling your data with care, transparency, and in compliance with Amendment 13 and all applicable privacy laws.