Privacy Policy
Last updated: 14 May 2026
1. Who We Are
PRISM ("we", "us", "our") is an AI-powered light novel translation service. This policy explains what personal data we collect, why, and how you can control it.
2. Data We Collect
| Data | Why | Stored |
|---|---|---|
| Email address | Account creation, login | Our database |
| Password (hashed) | Authentication | PBKDF2 hash only |
| Session token | Keep you logged in | localStorage + DB |
| Device ID | Per-device usage quotas | localStorage + DB |
| Uploaded text | Translation processing | Our database |
| Translation output | Display your library | Our database |
| Google API key (optional) | Use your own Gemini quota | Encrypted at rest (AES-128) |
| IP address | Rate limiting, abuse prevention | Server logs (temporary) |
| Payment reference | Premium verification | Razorpay (not us) |
3. How We Use Your Data
- To provide and operate the translation service.
- To enforce usage quotas and prevent abuse.
- To send password reset emails when you request them.
- We do not sell your data to third parties.
- We do not use your uploaded text to train AI models.
4. Third-Party Services
- Google Gemini API — Your uploaded text is sent to Google's API for translation. See Google's AI usage policy.
- Razorpay — Payment processing. We receive only a payment reference ID, not your card details. See Razorpay's Privacy Policy.
5. Cookies & Local Storage
We use localStorage (not cookies) to store your session token and device ID. No tracking cookies are used. No third-party advertising pixels are present.
6. Data Retention
- Session tokens expire after 30 days.
- Your account data is retained until you delete your account.
- Uploaded text and translations are deleted when you delete the associated project or your account.
7. Your Rights (GDPR / CCPA)
You have the right to:
- Access — Request a copy of your data.
- Rectification — Correct inaccurate data.
- Erasure — Delete your account and all data via Settings → Delete Account, or by emailing us.
- Portability — Request your data in a machine-readable format.
- Object — Object to processing of your data.
To exercise any right, email ayushgargofficial24@gmail.com. We will respond within 30 days.
8. Security
Passwords are hashed with PBKDF2-HMAC-SHA256 (200,000 iterations). User-provided API keys are encrypted with AES-128 Fernet. Sessions use 64-character cryptographically random tokens. All traffic is served over HTTPS in production.
9. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy. We will notify registered users of material changes by email. Continued use of the Service after changes constitutes acceptance.
11. Contact
For privacy questions or data requests: ayushgargofficial24@gmail.com