Legal

Privacy Policy

Last updated: June 5, 2026

This Privacy Policy explains how PRISM (operated by CIN Technologies SMC Pvt Ltd) collects and uses information when you visit our website, request access, use the PRISM web dashboard, or use the PRISM Windows desktop application.

PRISM is a business service for organizations that need controlled, auditable remote browser access. We collect the data needed to run that service securely and to give your administrators the tools to manage users, devices, and sessions. We do not claim that we collect no data.

Information we collect

Account and organization data

When your organization is onboarded, we store user account details such as name, email address, role, organization membership, account status, and sign-in activity (for example, last login time). Passwords are stored using industry-standard hashing on our servers; we do not store your plaintext password in our database.

Access requests

If you submit a signup or access request on our website, we collect the information you provide: full name, email, phone number, optional company name, target platform URL, and expected team size. This is used to review and respond to your request.

Device and client data

The PRISM desktop app registers each machine that connects to your organization. We retain a device identifier, binding to your user account, online/offline status, heartbeat activity, and limited system information you or your administrator may configure (such as operating system version, browser environment details, and screen resolution). Device records support access control, hardware blocks, and operational troubleshooting.

The desktop app may store a session token locally so you stay signed in, and may optionally remember your email address for convenience. Session tokens and sign-in state are required for the app to function.

Session and connection data

When users connect to managed remote browser sessions, we record operational data needed to run those sessions: session identifiers, connection and disconnection times, associated user and device, and network information such as IP address. Where available, we may derive approximate location labels (country, region, or city) from IP addresses for security and audit purposes.

Audit and activity logs

PRISM maintains audit logs of significant actions in the platform, including logins, administrative changes, device blocks, session controls, and other operator actions. These records may include timestamps, the acting user or operator, organization context, device or session references, IP address, and browser or client user-agent strings where applicable.

Website and communications

Our public website and web dashboard may process standard technical information (such as browser type, pages visited, and request timestamps) through normal web hosting and security operations. If you contact us by email, we retain the content of that correspondence and your contact details to provide support.

How we use information

  • Provide, operate, and maintain the PRISM service
  • Authenticate users and enforce organization policies
  • Bind access to approved devices and block unauthorized machines
  • Give administrators session management and access control capabilities
  • Maintain audit trails for security reviews and incident response
  • Process access requests, billing, and customer support
  • Send service-related notices (for example, onboarding or account updates)
  • Protect the platform against abuse, fraud, and unauthorized access

Who can see your data

Within your organization, administrators and team leads see data scoped to their role: users, devices, sessions, and logs for the teams they manage. Authorized PRISM staff may access data across organizations only for platform administration, support, and security. End users can see their own account and session experience. They do not receive other users' audit or connection history unless your organization's policies and role assignments allow it.

Retention

We retain operational, audit, and connection data for as long as your organization uses PRISM and as needed afterward for security, billing disputes, and legal compliance. Deleted users, devices, and organizations may be kept in a recoverable state for a period so incident reviews are possible; permanent removal is performed only through explicit administrative action.

Security

We use administrative, technical, and organizational measures appropriate to a business operations platform. Data in transit between clients and our services is protected using encrypted connections. Access to production systems is restricted to authorized personnel. No online service can guarantee absolute security; if you believe your account has been compromised, contact us immediately.

Service providers

We use trusted infrastructure and service providers for hosting, databases, email delivery, and related operations. Those providers process data on our behalf under contractual obligations and only as needed to deliver the service. We do not sell your personal information to third-party marketers.

Your choices

Organization administrators control which users and devices are permitted. If you are an end user, direct most access and correction requests to your employer or organization administrator. For questions about this policy, data handled by PRISM on behalf of your organization, or to exercise rights available in your jurisdiction, contact us at info@prism.com.pk.

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will change when we do. Continued use of PRISM after an update means you accept the revised policy, subject to any additional notice requirements in your jurisdiction.

Contact

CIN Technologies SMC Pvt Ltd (PRISM)
Email: info@prism.com.pk

Privacy PolicyRefund PolicyBack to home