Prism
Take Full Prism

Legal

Privacy policy

This policy explains what we collect, why we collect it, and the rights you have over your data. It covers takeprism.com and the Prism assessment product.

Last updated: 22 April 2026. Draft, pending legal review.

1. Data controller

Prism is the data controller for personal data collected through takeprism.com. For any privacy question, contact support@takeprism.com.

2. Data we collect

  • Your email address, when you submit it for results or account access.
  • University affiliation, if you choose to join a Uni League.
  • Quiz responses, timings, and the derived cognitive scores.
  • UTM parameters and referring URL, for attribution.
  • Your IP address, for fraud prevention and rate limiting.
  • Browser and device metadata needed to serve the site.

3. How we use it

  • Scoring your Prism profile and delivering your results.
  • Operating the service, including login, payments, and support.
  • Aggregate analytics to improve the assessment and the site.
  • Sending transactional emails tied to your account and purchases.
  • Preventing abuse, including automated taking of the test.

4. Lawful basis

We rely on contract as the lawful basis for the paid tier, including checkout, payment, and delivery of your full profile. We rely on legitimate interests for the free tier, for site security, and for product analytics that do not build profiles of individual users. Where we rely on consent, for example for marketing email, you can withdraw it at any time.

5. Where data is stored

Core application data is stored in Supabase, hosted in the EU region. Payments are processed by Stripe. Transactional email is handled by Loops. Each of these vendors acts as a processor under our instructions and is bound by its own data processing terms.

6. Cookies

We use functional cookies only. These keep you signed in, remember your session, and let checkout work. We do not run third-party advertising trackers on the marketing site. Where we use analytics cookies, they are configured to avoid tracking across sites.

7. Your rights

Under UK GDPR you have the right to access, correct, delete, or port your personal data, and to object to processing. To exercise any of these, email support@takeprism.com from the address tied to your account. We respond within 30 days.

8. Deletion

You can request deletion of your account and associated quiz data at any time. We keep a minimal record of transactions for legal and accounting purposes, as required by UK law. Aggregate, non-identifiable data may be retained to support research and product development.

9. Governing law

This policy is governed by UK GDPR and the Data Protection Act 2018. Disputes are subject to the jurisdiction of the courts of England and Wales, unless local law grants you stronger rights.

10. Complaints

If you believe we have mishandled your data, we would like to hear about it first at support@takeprism.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.