Privacy, in plain language.

Where your data lives

No Prism server, no Prism account.

We have no backend that stores your passwords, your emails, or anything tied to who you are. There is nothing to sign up for. We have no way to read, recover, or sell your data because we never receive it in the first place.

Your vault stays on your device.

Your entries live in a single encrypted file inside Prism's local storage area. There is no unencrypted copy kept anywhere — not on disk, not in a cache, not in a hidden temporary folder. When the app is closed, the key needed to read the file is gone too.

Cloud sync is optional.

Prism is fully functional offline. If you choose to enable Google Drive sync, the same encrypted file is uploaded — never an unencrypted copy. Google Drive is the only sync provider today; we may add others later, and they will follow the same rule.

Encryption

Locked on your device.

Strong, modern encryption runs entirely on your computer or phone. Without your master password, the vault file is indistinguishable from random noise — the same algorithms used to protect classified communications and financial transactions.

Your master password is the key.

It never leaves your device. We cannot reset it, recover it, override it, or hand it over under any circumstances. Even while the vault is unlocked, the derived encryption key lives only in protected memory and is wiped the moment the vault closes.

Personal data

No tracking or analytics in the app.

No usage statistics. No crash reports. No identifiers. Not even anonymized. We do not run a metrics pipeline because we do not have a backend to send anything to. (This marketing website is covered separately below — unlike the app, it can use anonymous analytics, but only with your consent.)

Buying the mobile app.

The paid iOS and Android apps are sold through the Apple App Store and Google Play. Those stores process the payment and know a purchase happened — Prism does not. We never receive your name, your card, or any billing detail; the app simply unlocks on a device that owns it.

Three kinds of network requests, all opt-in.

• Cloud sync — uploading and downloading the encrypted vault file to your own Google Drive.
• Site icons — fetching favicons so your entries are easier to recognize visually.
• Breach checking — comparing your passwords against the Have I Been Pwned database.

How breach checking protects you.

Prism computes a hash of your password locally, then sends only the first 5 characters of that hash to Have I Been Pwned. The service returns every breached hash that starts with those characters, and Prism finishes the comparison on your device. Your actual password — and even your full hash — never leaves the machine.

Clipboard.

When you copy a password, it goes through your operating system's clipboard like any other text. If you enable "Clear clipboard" in Settings, Prism wipes it 30 seconds later — but only if it still holds the value Prism put there. We do not want to erase something you copied afterward by accident.

Site icons.

Prism fetches favicons either directly from the site or, as a fallback, from Google's public favicon service. Cached icons are stored alongside the vault and are not encrypted — they are public artwork, not your data.

Cloud sync (Google Drive)

How sync works.

Every time you save a change, Prism re-encrypts your vault on this device and uploads the resulting file to a private folder in your Drive. Other devices, when unlocked, pull the latest file from the same folder and decrypt it locally with the master password you typed there. Your master password is never transmitted.

Locked to its own folder.

Prism uses Google's app-private folder scope (appDataFolder). The rest of your Drive is off-limits to Prism — we cannot list, read, or write files outside the folder we created. The folder is hidden from Drive's normal interface on purpose, so you can't accidentally rename, share, or delete your own vault.

Checking the file is there.

You can verify the file exists at drive.google.com → Settings → Manage apps → Prism. That panel shows the hidden app data Prism stores and its current size.

Disconnecting from Drive.

In Prism's Settings → Sync & backup, choose "Disconnect" to remove this device's access. Other devices that you've connected continue syncing. To fully revoke Prism's access to your Drive across all devices, go to myaccount.google.com → Security → Third-party apps and remove Prism there.

This website

The app and this website are separate.

Everything above is about the Prism app, which collects nothing. This section is about the marketing website you are reading right now — the one and only place Prism uses any analytics, and only if you allow it.

Optional, anonymous analytics.

If you agree, we use Microsoft Clarity to understand how this website is used — which pages get read, where visitors get stuck — so we can make it clearer. The data is aggregated and anonymised: it is never tied to your identity, and your vault, your master password, and anything inside the app are never involved. The app never loads it.

It stays optional — and you can change your mind.

Analytics is off until you choose "Accept all" on the small consent banner; decline and nothing is loaded at all. You can withdraw your consent at any time using the button below, which clears the related cookies and stops any further measurement.

If you spot a mismatch

Email us at contact@prism-security-manager.com. Anything you observe in the app that contradicts what is written above is a bug we want to fix.

If we materially change how Prism handles your data, we will update this page and bump the version number at the top. You will see the changes the next time you visit.