Privacy Policy

Introduction

talw.media LLC ("talw.media," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use PRISM (Production Resource & Information System for Media).

By using PRISM, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use PRISM.

1. Information We Collect

1.1 Information You Provide Directly

Account Information

• Email address (required for account creation)
• Display name (optional)
• Profile avatar (optional)

Content You Create

• Screenplays, scripts, treatments, and outlines
• Annotations and comments
• Production and project information
• Organization and team settings

Feedback and Communications

• Feedback submissions (bug reports, feature requests)
• Support inquiries
• Survey responses

Payment Information

• Billing details are processed by Stripe; we do not store full credit card numbers
• Subscription status and plan type
• Transaction history

1.2 Information Collected Automatically

Device and Usage Information

• IP address
• Browser type and version (user agent)
• Device type and operating system
• Screen resolution
• Pages visited and features used
• Date and time of access
• Session duration

Activity Logs

• Actions performed within the Service (e.g., creating scripts, editing content)
• Resource access patterns
• Error logs and diagnostic data

1.3 Information from Third Parties

When you authenticate via Google or other OAuth providers, we receive:

• Email address
• Display name
• Profile picture URL
• Email verification status

We do not receive or store your OAuth provider password.

2. How We Use Your Information

2.1 Service Operation

• Provide, maintain, and improve PRISM
• Process your transactions and manage your account
• Store and display your content to you and authorized collaborators
• Enable collaborative features

2.2 AI Features

• Process your content through AI services when you use AI-assisted features
• Generate screenplay drafts, enhancements, and evaluations
• Provide character analysis and writing suggestions

2.3 Communication

• Send service-related notifications (e.g., password reset, account changes)
• Respond to your inquiries and support requests
• Send product updates and announcements (with opt-out option)

2.4 Security and Compliance

• Detect, prevent, and address fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

3. How We Share Your Information

3.1 With Your Consent

We share information when you direct us to, such as sharing content with collaborators you invite.

3.2 Service Providers

Provider	Purpose	Data Shared
Linode/Akamai	Cloud hosting and storage	All service data
Stripe	Payment processing	Billing information
Google OAuth	Authentication	Email, login events
AI Providers	AI features	Content you submit to AI features

3.3 Legal Requirements

We may disclose information if required by law or in response to court orders, government requests, or to protect our rights, privacy, safety, or property.

3.4 Business Transfers

If talw.media is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

4. Third-Party AI Services

4.1 AI Providers We Use

PRISM's AI features may be powered by:

• OpenAI (GPT models)
• Anthropic (Claude models)
• Google (Gemini models)

4.2 What Data Goes to AI Providers

When you use AI features, the following may be sent to AI providers:

• Screenplay content you submit for analysis or enhancement
• Context needed for the AI to provide relevant responses
• Your usage of BYOK (Bring Your Own Key) API credentials

4.3 AI Provider Data Practices

Each AI provider has its own privacy policy:

• OpenAI: openai.com/privacy
• Anthropic: anthropic.com/privacy
• Google: policies.google.com/privacy

4.4 Our Commitments

• We use commercial API tiers that do not train on your data
• We do not share your content with AI providers for model training
• AI-processed content is not stored by us beyond your session unless you save it

5. Data Retention

Data Type	Retention Period
Account information	Duration of account + 30 days after deletion
Content (screenplays, etc.)	Duration of account + 30 days after deletion
Activity logs	2 years
Payment records	7 years (legal requirement)
Support communications	3 years
Feedback submissions	5 years or until resolved

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access, principle of least privilege
• Authentication: Secure OAuth implementation, session management
• Infrastructure: Cloud hosting with SOC 2 certified providers
• Monitoring: Security logging and anomaly detection

Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery and take immediate steps to contain and remediate the breach.

7. Your Privacy Rights

Regardless of your location, you have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Data Portability: Export your content using PRISM's export features
• Opt-Out: Opt out of marketing communications and non-essential cookies

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know: Request disclosure of what personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out of Sale: We do not sell your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Submit CCPA requests to [email protected] with subject "CCPA Request".

9. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR:

• Access, Rectification, Erasure: Request copies, corrections, or deletion of your data
• Restriction and Portability: Limit processing or receive data in a structured format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent

Submit GDPR requests to [email protected] with subject "GDPR Request".

10. Cookies

Cookie Type	Purpose	Duration
Essential	Authentication, security, session management	Session
Functional	User preferences, settings	1 year
Analytics	Usage statistics, service improvement	2 years

Essential cookies are required for PRISM to function. You can manage other cookies through browser settings.

11. Children's Privacy

PRISM is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us at [email protected].

12. International Data Transfers

Your information is stored and processed in the United States on servers operated by Linode/Akamai. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and sending an email notification for significant changes. Your continued use of PRISM after changes become effective constitutes acceptance.

14. Contact Us

If you have questions about this Privacy Policy or our data practices:

talw.media LLC
Privacy Inquiries: [email protected]
Security Concerns: [email protected]

Last updated: January 19, 2026 | Version: 2026-01-19