// legal

Privacy Policy

PrismForge turns your text prompts into editable CAD geometry. To do that, some of your data — your prompt, your design context, and your account details — travels to our servers and our AI provider. This page explains exactly what we collect, why, who it's shared with, and the rights you have over it.

Effective: 20 June 2026 Last updated: 20 June 2026 Governing law: India

The short version

We collect what we need to run the service: your account details, the prompts and design context you submit, and your billing records. We do not sell your data or use it for advertising.

Your prompts, reference images, and a snapshot of your scene are sent to our AI provider, Anthropic, to generate geometry. Your account email is never sent to Anthropic.

Payments run through Razorpay. We never see or store your full card number — only the last four digits and a one-way fingerprint used to prevent fraud.

You can ask us to access or delete your data anytime at contact@prismforge.co.in.

Contents

  1. Who we are
  2. Data we collect
  3. How we use your data
  4. AI processing & your prompts
  5. Sharing & sub-processors
  6. International transfers
  7. How long we keep data
  8. How we protect data
  9. Your rights
  10. Fraud & abuse prevention
  11. Cookies & local storage
  12. Children
  13. Changes to this policy
  14. Contact & grievances

01Who we are

PrismForge is operated by Vivek Trivedi, an individual based in India trading under the brand name "PrismForge" ("PrismForge", "we", "us", or "our"). PrismForge is not an incorporated company. For the purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), we are the Data Fiduciary for the personal data described in this policy.

This policy applies to the PrismForge website at prismforge.co.in and to the PrismForge plugins for AutoCAD, Blender, Rhino, and Grasshopper (together, the "Service").

You can reach us at any time at contact@prismforge.co.in.

02Data we collect

We collect only what we need to run the Service. The categories below reflect what the Service actually does.

a. Account & identity

  • Your email address and username.
  • Your password, stored only as a salted one-way hash — we never store or see your plaintext password.
  • Account timestamps (when created, last updated) and account status.

b. Content you create with the Service

  • The text prompts you submit to generate or edit geometry.
  • Reference images you optionally upload to guide a generation.
  • A snapshot of your viewport (a rendered image of your drawing or scene) captured when you run a generation, so the AI can see the current state of your work.
  • Scene/drawing context — structural metadata such as object and layer names, object counts, locations, drawing extents, and units. This describes the shape of your work, not the design files themselves.
  • The names/identifiers of objects you have selected, when you ask the Service to edit them.
  • The generated output (the geometry instructions and scripts) and quality scores returned to you.
What stays on your machine: Your actual CAD files (.dwg, .blend, .3dm, etc.) are never uploaded. We only receive the prompt, the optional reference image, the viewport snapshot, and the structural context above.

c. Payment & billing

  • Records of your purchases: order ID, payment ID, amount, currency, payment status, and timestamps.
  • Your subscription/credit state and a history of credit debits and credits.
  • For fraud prevention only: the last four digits, card network, and issuer of the instrument used, plus a one-way fingerprint. We never receive or store your full card number, CVV, or UPI PIN — those are handled entirely by Razorpay.

d. Usage, device & technical data

  • A hashed version of your IP address (salted SHA-256 — we do not store your raw IP), your browser/plugin user-agent, and referring page.
  • Website analytics: pages viewed, pricing views, checkout funnel events, and a random first-party session identifier.
  • Job and pipeline telemetry: job started/completed/failed events, processing stages, refinement iterations, and quality scores. These let us debug failures and improve generation quality.
  • Operational logs and audit records (e.g. an action taken on your account) for security and troubleshooting.

03How we use your data

  • To provide the Service — authenticate you, generate and refine geometry from your prompts, and return results.
  • To process payments and manage your credit balance and subscription.
  • To maintain and improve the Service — diagnose errors, measure generation quality, and improve our pipeline.
  • To prevent fraud and abuse — including detecting free-trial farming (see section 10).
  • To communicate with you — transactional emails such as account confirmation and support replies.
  • To comply with law — including tax, accounting, and lawful requests.

Our legal basis under the DPDP Act is your consent (given when you create an account and submit prompts) and our need to perform the service you have requested. We do not use your data for advertising, and we do not sell your personal data.

04AI processing & your prompts

PrismForge generates geometry using large language and vision models provided by Anthropic (the Claude API). To do this, the following are transmitted to Anthropic for processing:

  • Your text prompt and any feedback you give during refinement.
  • Your reference image and viewport snapshot, if present.
  • Your scene/drawing context and selected-object names.

Your account email and payment details are never sent to Anthropic. Anthropic processes this content to return geometry and acts as our processor for that purpose. Anthropic's handling of API data is governed by their own commercial terms; as of this policy's date, content submitted through Anthropic's commercial API is not used to train their models.

If you do not want your prompts or design context processed by a third-party AI provider, please do not use the Service, as this processing is essential to how it works.

05Sharing & sub-processors

We do not sell your data. We share it only with the service providers ("sub-processors") needed to run PrismForge, each handling a limited slice:

ProviderPurposeData sharedLocation
Anthropic AI inference — generating and evaluating geometry Prompts, reference images, viewport snapshots, scene context, selected-object names USA
Razorpay Payment processing & subscriptions Email, amount, currency, user ID; card/UPI details entered by you go directly to Razorpay India
Amazon Web Services (AWS) Hosting, database (RDS PostgreSQL), and cache for the backend All account, billing, generation, and telemetry data at rest Region we operate in (data stored on AWS infrastructure)
Vercel Hosting the website and plugin downloads Connection metadata: IP address, user-agent, referrer, session USA / global edge
Resend Sending transactional email Your email address and the message contents USA

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety, and security of our users and the Service.

06International transfers

Some of our sub-processors (notably Anthropic, Vercel, and Resend) operate outside India, primarily in the United States. This means your data may be transferred to and processed in countries other than your own. We share data with these providers only to the extent needed to deliver the Service, and only with providers that maintain recognised security and data-protection practices. By using the Service, you consent to these transfers.

07How long we keep data

We keep personal data only as long as we need it for the purposes above:

DataRetention
Account informationWhile your account is active, and up to 90 days after you ask us to delete it.
Prompts, generation history & outputsWhile your account is active, so you can see your usage history. Deleted on account deletion or on request.
Payment & billing recordsUp to 8 years, as required by Indian tax and accounting law, even after account closure.
Analytics & telemetryUp to 24 months in identifiable form, after which it is aggregated or anonymised.
Fraud-prevention signals (hashed IP, instrument fingerprints)Up to 24 months.

08How we protect data

  • All traffic between the plugins, the website, and our servers is encrypted in transit over HTTPS/TLS.
  • Passwords are stored only as salted one-way hashes (PBKDF2 via ASP.NET Identity).
  • We never store full card numbers, CVV, or UPI PINs — those are handled by Razorpay, a PCI-DSS-compliant payment provider.
  • IP addresses used for analytics and abuse-prevention are stored only as salted hashes, not in raw form.
  • Access to production systems is restricted to the operator.

No method of transmission or storage is perfectly secure. While we work to protect your data, we cannot guarantee absolute security. If a personal-data breach occurs, we will act in line with our obligations under the DPDP Act.

09Your rights

Under the DPDP Act, you have the right to:

  • Access a summary of the personal data we hold about you and how it is processed.
  • Correct or update inaccurate or incomplete data.
  • Erase your data, subject to legal retention requirements (e.g. billing records).
  • Withdraw consent at any time (this may mean you can no longer use the Service).
  • Nominate another individual to exercise your rights in case of death or incapacity.
  • Grievance redressal — raise a complaint with us, and escalate to the Data Protection Board of India if unresolved.

To exercise any of these rights, email contact@prismforge.co.in. We will respond within a reasonable period and may need to verify your identity first.

10Fraud & abuse prevention

PrismForge offers a limited number of free generations to new accounts. To stop a single person from creating many throwaway accounts to abuse the free tier, we use a small set of privacy-preserving signals:

  • We track how many trial accounts are created from the same hashed IP address over time (we never store the raw IP).
  • When a payment is made, we store a one-way fingerprint of the payment instrument (derived from non-sensitive fields like the last four digits, network, and issuer) to detect the same instrument being reused across many accounts. This fingerprint cannot be reversed into your card number.

These signals are used solely to detect and prevent abuse, and are retained as described in section 7.

11Cookies & local storage

We keep this minimal:

  • A first-party session identifier for website analytics. We do not use third-party advertising or tracking cookies.
  • After you sign in, the plugin and website store an authentication token to keep you logged in. The desktop plugins hold this in memory or local add-on preferences. You can clear it by logging out.

12Children

The Service is intended for users aged 18 and over and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

13Changes to this policy

We may update this policy as the Service evolves or as the law changes. When we make material changes, we will update the "Last updated" date at the top of this page. Significant changes may also be communicated by email. Continued use of the Service after an update means you accept the revised policy.

14Contact & grievances

For any privacy question, data-rights request, or grievance, contact our Grievance Officer:

  • Grievance Officer: Vivek Trivedi
  • Email: contact@prismforge.co.in
  • On behalf of: PrismForge (operated by Vivek Trivedi), India

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India under the DPDP Act.