PRYSM Privacy Policy

Last updated: April 27, 2026

Overview

PRYSM ("we", "our", "the app") is a news aggregation app that clusters publicly available news articles from multiple sources to show you different perspectives on the same story. PRYSM does not require an account, sign-in, or profile creation.

This policy explains exactly what data we collect, why, where it goes, and how to remove it. If anything here is unclear, email prysmnews@gmail.com.

Data We Collect

1. Push notification data (only if you opt in)

When you enable push notifications, the app sends the following to our server so we can deliver notifications at the right time and in the right language:

Your Expo push token (a device-specific identifier issued by Expo, used by Apple Push Notification Service / Firebase Cloud Messaging to deliver notifications)
Your device platform (iOS or Android)
Your IANA timezone string (e.g. "Europe/Rome")
Your selected language and region preferences
Your notification preferences (breaking news on/off, morning brief on/off and hour, evening digest on/off and hour, hidden category list)

This data is automatically deleted after 90 days of inactivity (no app open). You can disable notifications at any time in Settings, or tap "delete my data" (see below) to remove the record sooner.

2. Android waitlist email (only if you submit it)

If you sign up for the Android launch waitlist on prysm.fyi, we store:

Your email address (kept until launch notification is sent)
Your IP address, truncated to 64 characters (used for spam/abuse prevention)
Your browser's user-agent string, truncated to 256 characters (same)
The timestamp of your signup

The IP address and user-agent are deleted after 365 days. The email is retained until we send the Android launch notification, after which you can request deletion.

3. Anonymous usage analytics (PostHog)

We use PostHog (EU-hosted, GDPR-compliant) to understand how the app is used so we can improve it. PostHog generates an anonymous device-scoped identifier — it is not tied to your name, email, or any account. We track:

App opens, screen views, button taps
The app version and build number you're running
Onboarding funnel events (e.g. which step you completed)
Aggregate timing data for performance monitoring

We do not send your name, email, push token, location, or any precise identifying information to PostHog.

4. Crash and error reports (Sentry)

If the app crashes or hits an error, we send Sentry a stack trace, the device model, OS version, app version, and a randomized session identifier. This helps us fix bugs you might encounter. No personal information is included.

5. Server-side anonymous metrics

Our API server records:

Anonymous daily active user counts via HyperLogLog (a probabilistic counting method that estimates uniques without storing individual IPs)
Daily request counts per endpoint, for operational monitoring

These statistics are retained for up to 90 days and then automatically deleted. We do not store individual IP addresses for analytics purposes.

6. Operational logs (third-party hosting)

The app's API runs on Vercel, the article-clustering worker runs on Railway, and our cache uses Upstash Redis. These providers retain short-lived server logs (typically including IP address and request path) as part of normal operations. We do not access these logs except for debugging incidents. See each provider's privacy policy for retention details.

Data Stored Only on Your Device

The following data never leaves your device. It lives in Expo AsyncStorage and is deleted when you uninstall the app:

Your bookmarks (saved stories)
Your read history (which topics you've opened)
Your preference learning data (which categories you tap or save more, used to personalize the "For You" feed)
Your selected skin / theme
Your hidden categories
Your selected outlets and regions
Your interface language
Onboarding flags

What We Do Not Collect

We do not collect your real name, physical address, phone number, or date of birth.
We do not access your contacts, photos, microphone, camera, or location (precise or coarse).
We do not use cookies, advertising trackers, or third-party advertising SDKs.
We do not sell, rent, or share your data with brokers, advertisers, or any third party for marketing.
We do not track you across other apps or websites.

Third-Party Services

To provide the service, PRYSM relies on the following processors. Each is bound by its own privacy policy, linked below:

Expo / Apple Push Notification Service / Firebase Cloud Messaging — push notification delivery
PostHog (EU) — anonymous product analytics — privacy
Sentry — crash and error reporting — privacy
Vercel — API hosting — privacy
Railway — clustering worker hosting — privacy
Upstash — Redis storage for cache, push tokens, and waitlist — privacy
Anthropic — clustering model. We send only article titles and URLs (no user data) — privacy

When you tap "Read Full Article", you leave the app and visit the original outlet's website, which has its own privacy policy.

Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases are:

Consent — for push notifications (you opt in) and for the Android waitlist (you submit your email)
Legitimate interest — for anonymous analytics, crash reporting, abuse prevention, and operational logs

Your Rights

Access / portability — Email us to request a copy of any data tied to your push token or waitlist email.
Deletion — Email prysmnews@gmail.com with the subject "Delete my data". For push notification data, include your push token (visible in app Settings → Debug). For waitlist data, include the email you signed up with. We will delete it within 30 days.
Disable analytics — Disable analytics by uninstalling the app (we do not currently offer an in-app opt-out toggle; this will be added in a future release).
Disable notifications — Toggle notifications off in app Settings or in your device's notification settings.
Withdraw consent — Uninstalling the app stops all data collection. Server-side data tied to inactive devices is auto-deleted after 90 days.

Data Retention Summary

Push notification record: 90 days of inactivity
Waitlist email: until launch notification, then on request
Waitlist IP / user-agent: 365 days
Anonymous server analytics: 90 days
Article cache: 6 hours (replaced on each refresh cycle)
On-device data: until you uninstall

Children's Privacy

PRYSM is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has submitted data, contact us and we will delete it.

International Transfers

PRYSM operates with EU-hosted analytics (PostHog EU) and Upstash Redis. Some processors (Sentry, Vercel, Railway, Anthropic) may store data in the United States. Where required, transfers rely on Standard Contractual Clauses (SCCs).

Changes to This Policy

We may update this policy as the app evolves. Material changes will be reflected in the "Last updated" date at the top. For significant changes that affect what data we collect, we will notify you in-app on next open.

Contact

Questions, deletion requests, or complaints: prysmnews@gmail.com.

We try to keep this policy in sync with the actual app behavior at all times. If you spot an inconsistency between what this policy says and what you observe the app doing, please email us — we will investigate and either update the policy or fix the behavior.