PRESTIGE Start $1 Trial
LEGAL DOC 02

Privacy Policy.

Effective: January 15, 2026 Last updated: May 14, 2026 Version: 2.3

Plain English: We collect what we need to run the Platform — nothing more. We don't sell your data. We disclose every third-party processor by name. You can request deletion at any time.

§1What information we collect

We collect three categories of information:

1.1Information you provide directly

  • Account: first name, last name, email, phone, password (hashed via bcrypt);
  • Billing: payment card data (tokenized via Stripe — we never store raw card numbers), billing address, tax ID for brokers earning over $600/year;
  • Profile: photo, bio, social links you choose to add;
  • User Content: documents you generate, notes you create, files you upload, messages you send through the Platform.

1.2Information collected automatically

  • Device & browser: IP address, user agent, screen dimensions, language;
  • Usage: pages visited, Engines activated, features clicked, session duration;
  • Performance: error logs, latency metrics, crash reports.

1.3Information from third parties

  • Credit data through iSoftpull when you authorize bureau pulls (FICO + VantageScore from Experian, Equifax, TransUnion);
  • Banking transaction data through Plaid when you authorize an account link;
  • Identity verification through Persona for higher-tier KYC.

§2How we use it

We use your information to:

  • Provide, maintain, and secure the Platform;
  • Process payments and manage subscriptions;
  • Send transactional emails (receipts, password resets, security alerts);
  • Send product updates and marketing — only with your opt-in consent;
  • Generate aggregated, de-identified analytics;
  • Detect fraud, abuse, and Acceptable Use Policy violations;
  • Comply with legal obligations (subpoenas, regulatory requests, tax reporting).

§3How we share information

We share data only with the following categories of recipients, and only as needed.

3.1Service providers (sub-processors)

Each is contractually bound to use your data only to provide services to Prestige.

  • Stripe, Inc. — payment processing, PCI-DSS Level 1;
  • Supabase, Inc. — primary database, hosted in US-East;
  • Vercel, Inc. — application hosting, CDN, edge logging;
  • PostHog, Inc. — first-party product analytics;
  • Resend, Inc. — transactional email delivery;
  • iSoftpull — credit data API;
  • Plaid, Inc. — banking transaction data;
  • Persona Identities, Inc. — KYC and identity verification;
  • Anonyome Labs (Iris) — identity theft monitoring partner benefit;
  • Tango Card, Inc. — rewards fulfillment.

3.2Legal compliance

We may disclose information when required by law (subpoena, court order, regulatory inquiry) or when we reasonably believe disclosure is necessary to protect rights, property, or safety.

3.3Business transfers

If Prestige is acquired, merged, or reorganized, your data may transfer to the successor entity, subject to this Privacy Policy.

3.4What we don't do

We don't sell your data. We don't share it with data brokers or ad networks. We don't use your User Content to train any model — ours, partners', or otherwise.

§4Cookies & tracking

We use cookies and similar technologies for authentication, security, preferences, and first-party analytics. Full details, including the specific cookies set and their purposes, are in the Cookie Policy.

§5Data retention

  • Active account data — retained while your account is active;
  • Billing records — 7 years for tax compliance;
  • Marketing data — deleted within 30 days of unsubscribe;
  • Closed accounts — anonymized within 90 days; full deletion on written request;
  • Backups — purged on a 60-day rolling basis.

§6Your rights

6.1California (CCPA/CPRA)

If you are a California resident, you have the right to know, delete, correct, and opt out of "sales" (we don't sell, but you may submit the request). Submit requests at privacy@prestigeecosystem.com. We respond within 45 days.

6.2European Union (GDPR)

If you are in the EU/EEA, you have rights of access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is contract performance (account & billing), legitimate interest (security & fraud), and consent (marketing).

6.3All other states

We extend access and deletion rights to all members regardless of residence. Email privacy@prestigeecosystem.com.

§7Children's data

The Platform is not directed to children under 18. We do not knowingly collect data from minors. If we learn we have collected data from a child under 18, we will delete it. Parents/guardians may report concerns to privacy@prestigeecosystem.com.

§8Security measures

  • TLS 1.3 everywhere, HSTS preloaded;
  • AES-256 at rest for sensitive fields (Postgres column encryption);
  • Passwords hashed with bcrypt (12 rounds);
  • TOTP-based 2FA available, enforced for admin tier;
  • Quarterly third-party security audit;
  • Vulnerability disclosure program at security@prestigeecosystem.com.

No system is fully secure. In the event of a breach, we will notify affected users within 72 hours as required by applicable law.

§9International transfers

The Platform is operated from the United States. If you access it from outside the US, your data is transferred to and processed in the US. For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) for the transfer.

§10Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

§11Contact

Privacy questions, data requests, or breach reports:

  • Email: privacy@prestigeecosystem.com
  • EU Representative: contact privacy@prestigeecosystem.com for current EU rep details
  • Mail: Prestige Ecosystem Inc., Attn: Privacy Officer, [Mailing Address], United States
← PreviousTerms of Service Next →Earnings Disclaimer

Last reviewed by counsel: May 14, 2026

Contact for legal questions: legal@prestigeecosystem.com