← Back to Prism

Privacy Policy

Last updated: March 6, 2026

1. Introduction

Prism ("we", "our", or "the Service") is operated by Brightway AI. This Privacy Policy explains how we collect, use, store, and share your information when you use Prism to track AI API costs and developer tool subscriptions.

2. Information We Collect

Account information

When you sign in with Google, we receive your name, email address, and profile picture from your Google account.

Google user data

With your explicit consent, we access your Gmail messages using the gmail.readonly scope. We scan for invoice and billing emails from developer tools and cloud services to extract cost data (vendor name, amount, billing period). We do not read, store, or process emails unrelated to billing and invoicing.

API integration data

When you connect AI provider API keys (e.g. OpenAI, Anthropic), we use those keys to fetch usage and cost data from the respective provider APIs. We store the usage records (model, tokens, cost, date) but never store your full API keys — only a masked hint for display purposes.

Payment information

Billing is handled by Stripe. We do not store credit card numbers or payment details. We store your Stripe customer ID to manage your subscription.

3. How We Use Your Information

  • Display your AI API costs, usage trends, and subscription spending in your dashboard
  • Generate cost-saving insights and alerts based on your usage patterns
  • Authenticate your identity and manage your account
  • Process your subscription payments through Stripe
  • Send transactional emails related to your account (e.g. billing alerts)

We do not use your data for advertising, sell your data to third parties, or train machine learning models on your personal data.

4. Google API Services — Limited Use Disclosure

Prism's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Gmail data to extract invoice and billing information for your cost-tracking dashboard
  • We do not transfer Gmail data to third parties except as necessary to provide the Service (e.g. database hosting)
  • We do not use Gmail data for advertising or to build user profiles for advertising
  • Humans do not read your email content unless you explicitly grant permission for support purposes, or as required by law

5. Data Storage and Security

Your data is stored in a secured database. All connections use TLS encryption in transit. Google OAuth refresh tokens are encrypted at rest. We retain your data for as long as your account is active. API usage records are retained for up to 24 months to enable historical trend analysis.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for their own purposes. We share data only with:

  • Stripe — for payment processing
  • Infrastructure providers — our hosting and database providers process data on our behalf under strict confidentiality agreements
  • Legal compliance — if required by law, regulation, or valid legal process

7. Data Retention and Deletion

You can delete your account and all associated data at any time from your Settings page. Upon account deletion, we permanently remove your personal data, API usage records, invoice data, and Google OAuth tokens within 30 days. Anonymized, aggregated data may be retained for analytics.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Delete your account and all associated data
  • Revoke Google OAuth access at any time via your Google Account permissions
  • Export your data

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at privacy@brightwayai.com.