Privacy Policy

Introduction

Pryszm ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our approval management platform and related services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

We understand that as an approval management platform, we handle sensitive business information and personal data that requires the highest level of protection. This policy is designed to be transparent about our data practices and to ensure you understand your rights regarding your personal information.

Information We Collect

Information You Provide Directly

When you create an account and use our Service, we collect information that you provide directly to us. This includes your name, email address, job title, company information, and any profile details you choose to share. When you submit approval requests through our platform, we collect the content of those requests, including descriptions, supporting documents, comments, and any metadata associated with the approval workflow.

We also collect information when you communicate with us directly, such as when you contact our support team, participate in surveys, or provide feedback about our Service. This may include the content of your messages, support tickets, and any files or documents you share with us.

Information We Collect Automatically

Our Service automatically collects certain information about your device and usage patterns when you access our platform. This includes your IP address, browser type and version, operating system, device identifiers, and general location information based on your IP address. We also collect information about how you interact with our Service, including pages visited, features used, time spent on different sections, and the sequence of your actions.

We use cookies, web beacons, and similar tracking technologies to collect this information and to enhance your experience with our Service. These technologies help us remember your preferences, understand usage patterns, and improve the functionality of our platform.

Information from Third-Party Integrations

If you choose to connect our Service with third-party applications such as Slack, Microsoft Teams, or your company's single sign-on (SSO) system, we may receive information from those services. This typically includes your profile information from those platforms, such as your name, email address, and profile picture, as well as any information necessary to facilitate the integration.

When you use our API or webhook integrations, we may collect information about the requests made through these channels, including the source system, request parameters, and response data necessary to provide the Service.

How We Use Your Information

Core Service Functionality

We use your information primarily to provide, maintain, and improve our approval management platform. This includes processing your approval requests, routing them to appropriate approvers, maintaining audit trails, and facilitating communication between requesters and approvers. Your information enables us to create a seamless workflow experience and ensure that approvals are handled according to your organization's policies and procedures.

We also use your information to authenticate your identity, authorize access to different features based on your role, and maintain the security and integrity of our platform. This includes monitoring for suspicious activity, preventing unauthorized access, and ensuring that sensitive approval data is only accessible to authorized individuals.

Communication and Notifications

We use your contact information to send you notifications related to your approval requests and the Service. This includes email alerts when approval actions are required, status updates on requests you've submitted, and reminders about pending approvals. We may also send you important announcements about changes to our Service, security updates, and other information necessary for the proper functioning of your account.

You can control many of these communication preferences through your account settings, though some notifications may be necessary for the proper functioning of the Service and cannot be disabled.

Analytics and Service Improvement

We analyze usage patterns and user behavior to understand how our Service is being used and to identify areas for improvement. This helps us optimize the user experience, develop new features, and enhance the overall performance of our platform. We may use aggregated and anonymized data for research and development purposes, including creating benchmarks and best practices for approval workflows.

We also use information to troubleshoot technical issues, provide customer support, and ensure the reliability and security of our Service.

Information Sharing and Disclosure

Within Your Organization

Our Service is designed to facilitate approval workflows within your organization. As such, information about approval requests, their status, and related communications may be visible to other users within your organization based on their roles and permissions. This includes approvers who need to review requests, administrators who manage workflows, and users who need visibility into approval processes for their work.

We implement role-based access controls to ensure that users only see information that is relevant to their responsibilities. However, please be aware that information you submit through approval requests may be viewed by multiple individuals within your organization as part of the normal approval process.

Service Providers and Business Partners

We may share your information with trusted third-party service providers who assist us in operating our platform and delivering our Service. These providers may have access to your information only to perform specific tasks on our behalf and are contractually obligated to protect your information and use it only for the purposes we specify.

This includes cloud hosting providers, email service providers, analytics services, and customer support tools. We carefully vet all service providers and ensure they maintain appropriate security standards and privacy protections.

Legal Requirements and Business Transfers

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with legal obligations, protect and defend our rights or property, investigate potential violations of our terms of service, or protect the personal safety of users or the public.

In the event of a merger, acquisition, or sale of all or a portion of our business, your information may be transferred to the acquiring entity. We will provide notice of such transfers and any choices you may have regarding your information.

With Your Consent

We may share your information with third parties when we have your explicit consent to do so. This might include integrations with other business tools that you specifically request or approve.

Data Security and Protection

Technical Safeguards

We implement comprehensive security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data both in transit and at rest, secure authentication protocols, and regular security assessments of our systems and infrastructure.

Our platform uses industry-standard encryption protocols (TLS 1.2 or higher) for all data transmission, and sensitive data is encrypted using AES-256 encryption when stored in our databases. We maintain secure access controls and authentication mechanisms, including support for multi-factor authentication and single sign-on integration.

Organizational Safeguards

Access to your information within our organization is strictly limited to employees and contractors who need it to provide our Service. All personnel with access to user data undergo background checks and receive regular training on privacy and security best practices. We maintain strict confidentiality agreements with all team members and regularly review access permissions to ensure they remain appropriate.

We also maintain incident response procedures to quickly address any potential security breaches and have established protocols for notifying affected users and relevant authorities in accordance with applicable law.

Infrastructure Security

Our Service is hosted on secure cloud infrastructure with reputable providers that maintain SOC 2 Type II compliance and other relevant security certifications. We regularly monitor our systems for vulnerabilities and apply security updates promptly. Our infrastructure includes redundancy and backup systems to ensure data availability and protection against data loss.

Data Retention and Deletion

Retention Periods

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. For approval request data, we typically retain information for the duration of your subscription plus an additional period to ensure compliance with audit requirements and legal obligations.

Account information and profile data are retained while your account remains active. If you delete your account, we will remove your personal information within a reasonable timeframe, though some information may be retained for longer periods if required for legal compliance, dispute resolution, or legitimate business purposes.

Data Deletion Rights

You have the right to request deletion of your personal information, subject to certain exceptions for legal compliance and legitimate business interests. When you request deletion, we will remove your information from our active systems while retaining only what is necessary for legal or regulatory compliance.

For approval request data, deletion may be subject to your organization's data retention policies and regulatory requirements. We work with organization administrators to ensure that data deletion requests are handled appropriately while maintaining compliance with applicable audit and regulatory requirements.

Your Privacy Rights and Choices

Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of this information in a structured, commonly used format. You can request this information through your account settings or by contacting our support team.

We also provide tools within our Service that allow you to view and export your approval request history and related data, giving you ongoing access to information about your use of the platform.

Correction and Updates

You can update your personal information at any time through your account settings. This includes your profile information, contact preferences, and notification settings. If you notice any inaccuracies in your information or if your circumstances change, we encourage you to update your profile to ensure our records remain current.

For information that cannot be updated directly through your account, you can contact our support team for assistance with corrections or updates.

Communication Preferences

You can control many of your communication preferences through your account settings, including the types of notifications you receive and the methods by which you receive them. While some communications are necessary for the proper functioning of our Service, you can opt out of marketing communications and non-essential notifications.

International Data Transfers

Our Service may involve the transfer of your information to countries other than your country of residence, including the United States where our primary servers are located. These countries may have different data protection laws than your country of residence.

When we transfer personal information internationally, we implement appropriate safeguards to ensure your information receives adequate protection. This may include using standard contractual clauses approved by relevant data protection authorities, ensuring our service providers have appropriate certifications, or relying on other legally recognized transfer mechanisms.

We are committed to ensuring that international transfers of your information are conducted in compliance with applicable privacy laws and regulations.

Children's Privacy

Our Service is not intended for use by individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us so that we can take appropriate action to remove the information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will notify you by email or through our Service before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Service after any changes to this policy will constitute your acceptance of such changes.

Contact Us

If you have any questions about this Privacy Policy, our data practices, or your rights regarding your personal information, please contact us at:

Email: founders@pryszm.com

We are committed to addressing your privacy concerns and will respond to your inquiries in a timely manner. If you are not satisfied with our response, you may have the right to file a complaint with your local data protection authority.