Prismatic NexusPrivacy
This page explains, in clear terms, how sign-in works and what data we process.
Login / Sign‑in
Sign‑in is handled via a third‑party provider (e.g., Google) using OAuth. With your consent, the provider shares basic account information with us (e.g., name, email, profile image, provider ID). The flow is managed by our auth service (NextAuth). Your password is never shared with us.
We use this information to identify you, manage access (e.g., roles such as admin/tester), and keep you signed in across sessions.
What data we process
- Account data from the sign‑in provider: display name, email address, profile image, provider ID
- Internal profile data: role (e.g., admin/tester/member), optional feature/approval flags
- Session data: session token/ID, expiry, technical metadata
- Log data: IP address and user agent may briefly appear in server logs (operations/security)
- Analytics/performance: aggregated usage and performance metrics (e.g., Vercel Analytics/Speed Insights)
Cookies & storage
- Authentication: NextAuth session cookies to keep you signed in
- Preferences: optional local settings (e.g., UI flags) stored in your browser
- Retention: sessions expire automatically; logs are rotated regularly
Purposes & legal basis
- Providing the service, sign‑in/account management
- Operations, security, abuse and error prevention
- Performance analysis and service improvements (aggregated)
Sharing & processors
We do not sell personal data. We use service providers for hosting, delivery, and analytics who may act as processors. Data is processed as needed to provide the service. We disclose data only where legally required or to enforce claims.
Your rights
- Access, rectification, deletion, restriction of processing
- Objection to processing in particular situations
- Data portability (where applicable)
- Withdrawal of consent with effect for the future
To exercise your rights, contact: prismatic.incorporated@gmail.com
Last updated: 10/22/2025