01 Overview
This Privacy Policy describes how Prism collects, uses, and protects information when you use the Prism Discord bot and Dashboard at prism.officialchaos.com. We are committed to a minimal-data philosophy: we only store what is strictly necessary to operate the service.
02 Data We Collect
| Data | Why Stored | How Stored |
|---|---|---|
| Discord User ID | Session authentication and permission scoping | Plaintext (non-sensitive identifier) |
| Discord Guild ID | Scoping platform connections per server | Plaintext (non-sensitive identifier) |
| OAuth Access Tokens | Publishing to platforms on your behalf | AES-256-GCM encrypted at rest |
| OAuth Refresh Tokens | Maintaining long-lived connections | AES-256-GCM encrypted at rest |
| Minds Username | Required by Minds API for authentication | AES-256-GCM encrypted at rest |
| Nostr Public Key | Derived locally from nsec; stored for status display | Plaintext (public key — not a secret) |
| Mirror Channel ID | Routing publish logs to your Discord channel | Plaintext (non-sensitive identifier) |
| Guild Permission Roles | Controlling which roles can use Prism | Plaintext JSON in guild_permissions table |
| Session Data | Maintaining logged-in state in Dashboard | Server-side sessions via connect-pg-simple |
03 What We Do Not Store
- Message content — processed in memory at publish time, immediately discarded
- Social handles — derived live from each platform's API; not persisted
- Post history or analytics — Prism does not log what you posted or when
- Nostr private keys (nsec) — used only in-browser; never transmitted to our servers
- Payment details — handled entirely by Stripe; we receive no card data
04 How Data Is Used
We use data exclusively to provide the Prism service. OAuth tokens are decrypted in memory at publish time only. We do not use your data for advertising, profiling, or AI model training.
05 Storage & Encryption
- Algorithm: AES-256-GCM
- IV: 12-byte randomly generated per token
- Auth tag: 128-bit
- Keys: Environment variables only — never written to disk or database
Database: Hosted on dedicated infrastructure. Access restricted to the application process only.
06 Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Discord | Authentication and bot platform | Discord OAuth flow |
| Stripe | Payment processing | Billing info only — no card data received by us |
| Groq / Ollama | AI content rewriting | Message text sent for transformation only |
| Neynar | Farcaster managed signers | Farcaster signer approval flow |
| Social platforms | Publishing content | OAuth token used to authenticate per publish action |
We do not sell, rent, or share your data with any third party for marketing purposes.
07 Data Retention
- On disconnecting a platform — associated token deleted immediately
- On removing the bot — guild data purged within 30 days
- On deletion request — all data deleted within 30 days of verified request
Session data expires after 24 hours of inactivity.
08 Your Rights
Request a copy of the data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to processing in certain circumstances
Request your data in a machine-readable format
Request restriction while a dispute is resolved
Email legal@prism.officialchaos.com — we respond within 30 days.
09 Children's Privacy
Prism is not directed at children under 13. We do not knowingly collect data from children. Contact legal@prism.officialchaos.com if you believe a child has provided data.
10 Changes to This Policy
Material changes will be reflected in the "Last updated" date above. Continued use after changes constitutes acceptance.
11 Contact
See also: Terms of Service