Privacy Policy

PrismAMS is operated by PrismAMS LLC (“PrismAMS,” “we,” “our,” or “us”). PrismAMS is a multi-tenant management platform for insurance agencies, wealth and financial practices, and professional associations, together with its modules — including CRM, accounting, document management, the CallIntel calling integration, and optional bank-account connections.

This Privacy Policy explains what data the platform collects, how we use it, how long we retain it, how we protect it, and the rights you have over it. It applies to every PrismAMS product and workspace.

We collect and process the following categories of data:

• Account information. Your name, email address, and organization name, collected at sign-up through our authentication provider (Clerk).
• Agency operational data. The records your team manages in the platform — clients, contacts, policies, claims, documents, tasks, and related business data. This data belongs to your organization; we process it solely to provide the platform to you.
• Integration credentials. API keys, tokens, and passwords for the third-party systems you connect (VoIP, agency management, and carrier systems). These are encrypted at rest using AES-256-GCM.
• Call and communication data. Where you use the CallIntel calling integration: call metadata, AI-generated call transcriptions and summaries, and SMS metadata, received via webhooks from your VoIP provider.
• Financial account data. Where you choose to connect a bank or financial account, the account details, balances, and transactions described in the Financial Account Connections section below.
• Billing information. Subscription and payment details, processed by Stripe. We do not store full card numbers on our systems.
• Usage data. Aggregate metrics about how your organization uses the platform, used to power dashboards and improve the Service.

We use your data exclusively to provide and operate the PrismAMS platform for you:

• Managing your agency's clients, policies, and operational records
• Syncing call activity, transcriptions, and communications to your workspace
• Powering reconciliation, budgeting, and reporting features
• Processing your subscription billing
• Sending service notifications, support responses, and system alerts
• Producing analytics and dashboards within your organization

We do not sell your data. We do not share it with third parties for their own marketing, and we do not use it for advertising or any purpose other than providing the Service to you.

PrismAMS offers an optional feature that connects your bank and financial accounts to your workspace so that balances and transactions can flow into reconciliation, budgeting, and expense and reimbursement tracking. This connection is made through Stripe Financial Connections.

When you link an account, you authenticate directly with your financial institution through Stripe’s secure, hosted flow. PrismAMS never receives, sees, or stores your banking login credentials — that authentication happens entirely between you, Stripe, and your financial institution.

Through an authorized connection, we receive and store:

• Account identifying details — institution name, account name and type, and the last four digits of the account number
• Account balances
• Transaction history — amounts, descriptions, dates, and status

We use this information solely to provide the reconciliation, budgeting, and expense-tracking features inside your workspace. We do not sell it, we do not share it with third parties for their own purposes, and we do not use it for advertising or any unrelated purpose.

You may disconnect any linked account at any time from within the platform. Disconnecting stops any further retrieval of data from that account, and you may request deletion of the data already synced. Stripe processes this connection as our service provider; Stripe’s handling of the data is also governed by Stripe’s Privacy Policy.

We retain data only as long as needed to provide the Service:

• Account and operational data is retained for the life of your account. When an account is deleted, its records, credentials, and settings are permanently removed by cascading database deletion.
• Call transcriptions and communication PII handled by the CallIntel integration are purged promptly after they have been synced to your workspace, with a 30-day hard maximum as an absolute safety net.
• Financial account data is retained while the account remains linked. When you disconnect an account or close your workspace, the associated data is removed.

• Credentials. All third-party credentials are encrypted at rest using AES-256-GCM with unique initialization vectors.
• Data in transit. All communication uses TLS/HTTPS encryption, with HSTS enforced.
• Tenant isolation. Each organization’s data is isolated at the database layer through row-level security, so one workspace can never read another’s data.
• Authentication. User authentication is provided by Clerk, which supports multi-factor authentication and session management.
• Webhook security. Inbound webhooks are verified using cryptographic signatures and are rate-limited.
• Audit logging. Data access and administrative actions are logged with timestamps and user identification for compliance and incident investigation.

We rely on the following service providers to operate the platform. Each maintains its own security program and privacy policy:

• Clerk (clerk.com) — authentication and user management
• Neon (neon.tech) — PostgreSQL database hosting
• Vercel (vercel.com) — application hosting and edge network
• Stripe (stripe.com) — subscription payments and, where you enable it, Financial Connections bank-account linking
• Anthropic (anthropic.com) — AI processing for summaries and intelligence features
• Resend (resend.com) — transactional email delivery

Third-party systems you choose to connect — your VoIP provider, agency management system, or carriers — are configured by you and are not PrismAMS sub-processors.

PrismAMS uses only the essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking pixels, or cross-site tracking, and we do not participate in data-broker networks.

• Access. You may request a copy of the data associated with your account.
• Correction. You may update your account information at any time.
• Deletion. You may request deletion of your account and all associated data, which is then permanently and irrecoverably removed.
• Portability. You may request an export of your data in a machine-readable format.
• Revocation. You may disconnect any linked system — VoIP, agency management, carrier, or financial account — at any time.

To exercise any of these rights, contact us at support@prismams.com. We will respond within 30 days.

In the event of a data breach affecting your personal information, we will notify affected customers within 72 hours of discovery by email, with details of the breach, the data involved, the steps taken to mitigate it, and recommended actions.

We may update this Privacy Policy from time to time. We will notify active customers of material changes by email at least 30 days before they take effect. The effective date at the top of this page indicates when the policy was last revised.

For privacy-related inquiries, data requests, or concerns, contact PrismAMS LLC at support@prismams.com.