Prism

Privacy · Last updated May 12, 2026

What we collect, what we use it for, and what we never do.

Prism is an AI co-pilot for benefits consultants. Consultants upload plan documents, claims data, and carrier reports, then ask Prism to draft analyses. This page explains how that data is handled.

1 · Who we are

Prism is operated by Haun Lab (Chicago, Illinois). For any privacy question, write to taylor@haunlab.com. The product is in private beta with two consulting practices.

2 · What we collect

  • Authentication data. When you request a sign-in link, we store your email and a single-use magic-link token. After you sign in, an HMAC-signed session cookie is set in your browser. The session expires after 8 hours.
  • Client documents you upload. Plan documents (PDF), claims data (CSV), carrier reports. Stored in the Vault, scoped to the client engagement you upload them under.
  • Conversations and artifacts. Chat messages, workflow runs, and generated artifacts you create.
  • Audit log. Every upload, run, and export is written to an audit table: who, when, what action. Used for security review and our SOC 2 evidence trail.

We do not run third-party analytics, ad pixels, or session replay on this site or in the application.

3 · De-identification

This is the part we built first. When you upload a CSV that may contain member-level identifiers (names, SSNs, dates of birth, member IDs, addresses, phone numbers, ZIP codes, email addresses), Prism inspects the columns server-side, flags them, and shows you a diff. After you confirm, the identifying columns are stripped before the file is saved. The raw upload is discarded.

PDFs and plan-design files bypass this step because they are not expected to carry member-level PII. If you upload a PDF with embedded PII, it is treated as untrusted content but not auto-stripped.

Prism never sends raw member-level identifiers to the AI model. This is enforced in the upload pipeline before storage.

4 · Sub-processors

Prism is a small product running on a small stack. The vendors below process data on our behalf:

  • Anthropic. Claude (Sonnet 4.6, Opus 4.7, Haiku 4.5) for chat and workflow inference. Receives de-identified content only.
  • Google. Gemini 2.5 (Pro and Flash), wired in as a second AI provider for select use cases. Receives de-identified content only.
  • Voyage AI. Embedding and reranking for the published-benchmark retrieval layer. Operates on the industry corpus, not on customer documents.
  • Vercel. Hosts the application. Vercel Blob stores uploaded vault files.
  • Neon. Serverless PostgreSQL. Stores users, clients, vault metadata, artifacts, conversations, and the audit log.
  • Resend. Sends magic-link sign-in emails.
  • Doppler. Secret management. Holds API keys; does not see customer data.

None of these vendors train AI models on our traffic, per their published API terms. We will update this list when sub-processors change.

5 · How long we keep your data

  • Vault files. Kept until you delete them. Nothing auto-expires in v1.
  • Artifacts. Kept until you delete them. Versions are preserved via the parent-artifact chain so you can roll back.
  • Audit logs. Kept indefinitely. They are part of our security evidence.
  • Magic-link tokens. Single use; deleted on verification or after 15 minutes, whichever first.
  • Session cookies. Expire after 8 hours. HttpOnly, SameSite=lax.

6 · What we never do

  • We do not sell or rent your data.
  • We do not train AI models on your data.
  • We do not store raw member-level PII server-side after de-identification.
  • We do not share data with third parties beyond the sub-processors named above.

7 · Your rights

Write to taylor@haunlab.com to request:

  • A copy of any data we hold about you.
  • Deletion of your account and all associated data.
  • Correction of any inaccurate data.

We respond within 7 days.

8 · Cookies and security

We use a single HMAC-signed session cookie for sign-in. No tracking, advertising, or analytics cookies are used.

All traffic is HTTPS. Magic-link tokens are single-use. Magic-link requests are rate-limited per IP. Every state-changing API call requires a same-origin check (Origin header verification on top of SameSite=lax). The project is tracking toward SOC 2 Type II and uses OWASP ASVS Level 2 as a design target.

9 · Changes to this policy

When this policy changes, we update the date at the top. Material changes are emailed to allowlisted users before they take effect.

10 · Contact

taylor@haunlab.com. Haun Lab, Chicago, Illinois.