PRISM by Prism Talent Group
PRISM by Prism Talent Group
Privacy Policy
Privacy Policy
Privacy Policy
Effective Date: June 23, 2026 • Last Updated: June 23, 2026
Effective Date: June 23, 2026 • Last Updated: June 23, 2026
Effective Date: June 23, 2026 • Last Updated: June 23, 2026
PRISM by Prism Talent Group
Effective Date: June 23, 2026
Last Updated: June 23, 2026
1. Introduction
Prism Talent Group (“Prism Talent Group,” “we,” “us,” or “our”) operates the PRISM Talent Group staffing platform, including the PRISM mobile application (the “App”), the web-based employee and client portals, and all related services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use our Services, and describes the rights you have with respect to your data.
By creating an account or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services and contact us to request deletion of any data we have collected.
This Privacy Policy applies to employees/workers, clients, and administrators.
Employees / Workers — individuals who register as workers seeking staffing placements
Clients — employer companies and their designated contacts
Administrators — Prism Talent Group internal staff
2. Information We Collect
We collect information you provide directly, information generated through your use of the Services, and information from third-party integrations.
2.1 Identity and Contact Information
Full legal name (first name, last name); email address; phone number; home address (street address, city, state, ZIP code); date of birth; gender; and profile photograph.
2.2 Employment and Tax Information
For employees/workers, we collect information necessary to process employment, payroll, and tax compliance, including Social Security Number (SSN), federal W-4 data, state DE-4 data where applicable, federal I-9 data, hire date and rehire date, payroll ID and payroll integration identifier, background check date and status, and work authorization expiration date.
2.3 Professional Information
Resume and work history; professional certifications; position applications and experience level; and interview notes recorded by Prism Talent Group staff.
2.4 Identity Documents
Government-issued photo identification, work authorization documents, and certification documents. We collect these documents to comply with federal I-9 employment eligibility requirements and to verify credentials.
2.5 Work Assignment and Schedule Data
Shift preferences, applications, confirmations, assigned events, venues, positions, work start and end times, meal break times, timesheet data, timesheet disputes, no-show and cancellation records, and sick pay requests and approvals.
2.6 Financial and Compensation Data
Pay rates, billing rates, markup rates, meal period premiums, sent-home guarantee hours and pay, sick pay accrual and approved amounts, and certification reimbursements.
2.7 Communications
In-app messages between employees and administrators, including shift-specific and timesheet-related context, notification preferences, and acknowledgment status.
2.8 Account and Security Data
Account credentials, cryptographic password hashes, session tokens, JWT authentication tokens, email verification tokens, password reset tokens and expiration timestamps, and Terms and Conditions acceptance and last-viewed timestamps.
2.9 Device and Technical Information
When you use the PRISM mobile application, we may collect push notification tokens, device platform, last-seen timestamp for device tokens, IP address, app version, and operating system version. We do not collect precise GPS location, Bluetooth identifiers, microphone data, camera data beyond photos you voluntarily upload, or contact lists.
2.10 Information Collected About Client Company Contacts
Company name, industry, operational details, contact name, phone number, email address, contact role, location and venue addresses, and operational notes.
3. How We Use Your Information
We use collected information to provide the Services, process payroll and tax compliance, secure accounts, support AI-assisted review, protect safety and platform integrity, comply with regulations, and deliver communications and notifications.
3.1 Providing the Services
Creating and managing accounts; matching workers to shifts and events; processing applications, confirmations, cancellations, timesheets, sick pay requests, and employment eligibility verification.
3.2 Payroll and Tax Compliance
Generating and maintaining payroll records; transmitting employment and earnings data to our payroll processor; ensuring compliance with federal and state withholding requirements; and fulfilling I-9 employment eligibility verification obligations.
3.3 Account Security and Authentication
Verifying identity, sending password reset emails, managing session tokens, preventing unauthorized access, and delivering push notifications about shifts and timesheets.
3.4 AI-Assisted Review
Profile photographs may be reviewed using Anthropic Claude to determine whether the image meets professional standards. Resumes and self-reported experience descriptions may be evaluated using AI services to assess relevant experience level for specific positions. You may request human review of any AI-assisted decision by contacting us using the information in Section 15.
3.5 Safety and Platform Integrity
Maintaining block lists, auditing actions via event logs, resolving disputes, and detecting or preventing fraudulent activity.
3.6 Regulatory Compliance
Retaining records as required by federal and state employment, tax, and labor laws, and responding to lawful requests from government authorities.
3.7 Communications and Notifications
Sending shift confirmations, reminders, updates, and notices of changes to Terms of Service or this Privacy Policy.
4. How We Share Your Information
We do not sell your personal information. We share your information only as described below.
4.1 With Client Companies (Employers)
When you are assigned to a shift for a client company, that client’s authorized users may see your first and last name, profile photograph, certifications relevant to the position, and timesheet records for shifts you work for them. Clients do not have access to your SSN, tax documents, pay rate, home address, or other sensitive personal information.
4.2 With Service Providers
We share data with service providers who process data on our behalf under written agreements, including Cloudflare R2 for secure cloud file storage, Anthropic for AI profile photo review, LiteLLM / OpenAI for AI position qualification review, ADP Run for payroll processing, SMTP email providers for transactional email, Neon for database hosting, and Railway for application hosting.
These providers are contractually required to use your data only as necessary to provide services to us and are prohibited from using it for their own purposes.
4.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or enforceable governmental request, including I-9 verification audits by the U.S. Department of Homeland Security.
4.4 Business Transfers
If Prism Talent Group is acquired, merges with another company, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5. Data Retention
We retain personal information for as long as your account is active, as needed to provide the Services, and as required by applicable law.
Account data is retained for the duration of your account and for a minimum of 7 years after termination to satisfy employment and tax record retention requirements. I-9 records are retained for the period required by law. Timesheet records are retained for a minimum of 3 years under the Fair Labor Standards Act. Most account data is soft-deleted to preserve audit trails. Push notification tokens are retained until revoked, invalid, or no longer needed. Uploaded files are retained for the duration of your account and the applicable legal retention period.
6. Data Security
We implement industry-standard technical and organizational measures to protect your personal information, including password hashing using PBKDF2, TLS transport security, access controls for sensitive data, hashed mobile refresh tokens, restricted file access through temporary presigned URLs, and access-controlled encrypted database infrastructure.
Despite these measures, no security system is impenetrable. If you believe your account has been compromised, contact us immediately.
Data Breach Notification: In the event of a security breach that affects your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law.
7. Your Rights and Choices
Depending on your location, you may have rights to access, portability, correction, deletion, restriction, objection, withdrawal of consent, and human review of AI-assisted decisions. To exercise these rights, contact us using the information in Section 15. We will respond within 30 days or the timeframe required by applicable law and may need to verify your identity before processing your request.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the CCPA and CPRA grant you additional rights. In the preceding 12 months, we may have collected identifiers, personal information under California law, characteristics of protected classifications, professional or employment-related information, and sensitive personal information.
We collect this information directly from you, through your use of the Services, and from our payroll processor. We use it to provide employment staffing services, process payroll, comply with applicable law, and maintain the security and integrity of the Services. We disclose personal information to service providers for operational purposes. We do not sell personal information and do not share personal information for cross-context behavioral advertising.
California residents may request to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and exercise rights without discrimination. Authorized agents may submit requests on your behalf with written authorization.
9. Nevada Privacy Rights
Nevada residents may opt out of the sale of their personal information. We do not currently sell personal information. If you have questions, contact us using the information in Section 15.
10. European and UK Users (GDPR / UK GDPR)
If you are located in the EEA or United Kingdom, we process your personal information on legal bases including contract performance, legal obligation, legitimate interests, consent, and special category data processing where required for employment and social security obligations.
Your personal information may be transferred to and processed in the United States and other countries where our service providers operate. Such transfers are subject to appropriate safeguards, including Standard Contractual Clauses where applicable. You also have the right to lodge a complaint with your local data protection authority. For GDPR-related inquiries, contact support@prismtalentgroup.com.
11. Children’s Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will take steps to delete the information.
12. Push Notifications
The PRISM mobile app may send push notifications related to shifts, timesheet submissions, application status, and account activity. You can manage push notification permissions through your device settings at any time. Disabling notifications does not delete your account or affect your ability to use the App, but you may miss time-sensitive communications.
13. Third-Party Links and Services
The Services may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to third-party sites. We encourage you to review the privacy policies of any third-party services you access.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will update the Last Updated date, notify you by email at least 14 days before the change takes effect, and display a prominent notice in the App.
Your continued use of the Services after the effective date of the revised policy constitutes acceptance of the changes. If you do not agree, discontinue use of the Services and request account deletion.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to report a privacy concern, please contact us:
Prism Talent Group
Privacy and Compliance
Email: support@prismtalentgroup.com
For urgent account security concerns, please email the above address with “URGENT” in the subject line. We aim to respond to all privacy inquiries within 30 calendar days.
Appendix A: Summary of Personal Data Collected
Identity: name, email, phone, address, DOB, SSN — account management, payroll, and I-9 compliance.
Tax documents: W-4, DE-4, I-9 form data — federal and state payroll tax compliance.
Identity documents: driver’s license, passport, work permit — I-9 employment eligibility verification.
Professional: resume, certifications, experience — shift matching and position qualification.
Work data: shifts, timesheets, assignments — core staffing service delivery.
Financial: pay rates, sick pay, reimbursements — payroll and compensation.
Communications: in-app messages — operational coordination.
Device data: push token and device platform — push notifications.
Profile media: photograph — professional identification and AI review.
This Privacy Policy was prepared for the PRISM application operated by Prism Talent Group. It is intended to comply with requirements of the Apple App Store, Google Play Store, GDPR, CCPA/CPRA, and applicable U.S. federal and state law. It does not constitute legal advice. Consult qualified legal counsel to ensure compliance with all requirements applicable to your specific situation.
PRISM by Prism Talent Group
Effective Date: June 23, 2026
Last Updated: June 23, 2026
1. Introduction
Prism Talent Group (“Prism Talent Group,” “we,” “us,” or “our”) operates the PRISM Talent Group staffing platform, including the PRISM mobile application (the “App”), the web-based employee and client portals, and all related services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use our Services, and describes the rights you have with respect to your data.
By creating an account or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services and contact us to request deletion of any data we have collected.
This Privacy Policy applies to employees/workers, clients, and administrators.
Employees / Workers — individuals who register as workers seeking staffing placements
Clients — employer companies and their designated contacts
Administrators — Prism Talent Group internal staff
2. Information We Collect
We collect information you provide directly, information generated through your use of the Services, and information from third-party integrations.
2.1 Identity and Contact Information
Full legal name (first name, last name); email address; phone number; home address (street address, city, state, ZIP code); date of birth; gender; and profile photograph.
2.2 Employment and Tax Information
For employees/workers, we collect information necessary to process employment, payroll, and tax compliance, including Social Security Number (SSN), federal W-4 data, state DE-4 data where applicable, federal I-9 data, hire date and rehire date, payroll ID and payroll integration identifier, background check date and status, and work authorization expiration date.
2.3 Professional Information
Resume and work history; professional certifications; position applications and experience level; and interview notes recorded by Prism Talent Group staff.
2.4 Identity Documents
Government-issued photo identification, work authorization documents, and certification documents. We collect these documents to comply with federal I-9 employment eligibility requirements and to verify credentials.
2.5 Work Assignment and Schedule Data
Shift preferences, applications, confirmations, assigned events, venues, positions, work start and end times, meal break times, timesheet data, timesheet disputes, no-show and cancellation records, and sick pay requests and approvals.
2.6 Financial and Compensation Data
Pay rates, billing rates, markup rates, meal period premiums, sent-home guarantee hours and pay, sick pay accrual and approved amounts, and certification reimbursements.
2.7 Communications
In-app messages between employees and administrators, including shift-specific and timesheet-related context, notification preferences, and acknowledgment status.
2.8 Account and Security Data
Account credentials, cryptographic password hashes, session tokens, JWT authentication tokens, email verification tokens, password reset tokens and expiration timestamps, and Terms and Conditions acceptance and last-viewed timestamps.
2.9 Device and Technical Information
When you use the PRISM mobile application, we may collect push notification tokens, device platform, last-seen timestamp for device tokens, IP address, app version, and operating system version. We do not collect precise GPS location, Bluetooth identifiers, microphone data, camera data beyond photos you voluntarily upload, or contact lists.
2.10 Information Collected About Client Company Contacts
Company name, industry, operational details, contact name, phone number, email address, contact role, location and venue addresses, and operational notes.
3. How We Use Your Information
We use collected information to provide the Services, process payroll and tax compliance, secure accounts, support AI-assisted review, protect safety and platform integrity, comply with regulations, and deliver communications and notifications.
3.1 Providing the Services
Creating and managing accounts; matching workers to shifts and events; processing applications, confirmations, cancellations, timesheets, sick pay requests, and employment eligibility verification.
3.2 Payroll and Tax Compliance
Generating and maintaining payroll records; transmitting employment and earnings data to our payroll processor; ensuring compliance with federal and state withholding requirements; and fulfilling I-9 employment eligibility verification obligations.
3.3 Account Security and Authentication
Verifying identity, sending password reset emails, managing session tokens, preventing unauthorized access, and delivering push notifications about shifts and timesheets.
3.4 AI-Assisted Review
Profile photographs may be reviewed using Anthropic Claude to determine whether the image meets professional standards. Resumes and self-reported experience descriptions may be evaluated using AI services to assess relevant experience level for specific positions. You may request human review of any AI-assisted decision by contacting us using the information in Section 15.
3.5 Safety and Platform Integrity
Maintaining block lists, auditing actions via event logs, resolving disputes, and detecting or preventing fraudulent activity.
3.6 Regulatory Compliance
Retaining records as required by federal and state employment, tax, and labor laws, and responding to lawful requests from government authorities.
3.7 Communications and Notifications
Sending shift confirmations, reminders, updates, and notices of changes to Terms of Service or this Privacy Policy.
4. How We Share Your Information
We do not sell your personal information. We share your information only as described below.
4.1 With Client Companies (Employers)
When you are assigned to a shift for a client company, that client’s authorized users may see your first and last name, profile photograph, certifications relevant to the position, and timesheet records for shifts you work for them. Clients do not have access to your SSN, tax documents, pay rate, home address, or other sensitive personal information.
4.2 With Service Providers
We share data with service providers who process data on our behalf under written agreements, including Cloudflare R2 for secure cloud file storage, Anthropic for AI profile photo review, LiteLLM / OpenAI for AI position qualification review, ADP Run for payroll processing, SMTP email providers for transactional email, Neon for database hosting, and Railway for application hosting.
These providers are contractually required to use your data only as necessary to provide services to us and are prohibited from using it for their own purposes.
4.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or enforceable governmental request, including I-9 verification audits by the U.S. Department of Homeland Security.
4.4 Business Transfers
If Prism Talent Group is acquired, merges with another company, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5. Data Retention
We retain personal information for as long as your account is active, as needed to provide the Services, and as required by applicable law.
Account data is retained for the duration of your account and for a minimum of 7 years after termination to satisfy employment and tax record retention requirements. I-9 records are retained for the period required by law. Timesheet records are retained for a minimum of 3 years under the Fair Labor Standards Act. Most account data is soft-deleted to preserve audit trails. Push notification tokens are retained until revoked, invalid, or no longer needed. Uploaded files are retained for the duration of your account and the applicable legal retention period.
6. Data Security
We implement industry-standard technical and organizational measures to protect your personal information, including password hashing using PBKDF2, TLS transport security, access controls for sensitive data, hashed mobile refresh tokens, restricted file access through temporary presigned URLs, and access-controlled encrypted database infrastructure.
Despite these measures, no security system is impenetrable. If you believe your account has been compromised, contact us immediately.
Data Breach Notification: In the event of a security breach that affects your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law.
7. Your Rights and Choices
Depending on your location, you may have rights to access, portability, correction, deletion, restriction, objection, withdrawal of consent, and human review of AI-assisted decisions. To exercise these rights, contact us using the information in Section 15. We will respond within 30 days or the timeframe required by applicable law and may need to verify your identity before processing your request.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the CCPA and CPRA grant you additional rights. In the preceding 12 months, we may have collected identifiers, personal information under California law, characteristics of protected classifications, professional or employment-related information, and sensitive personal information.
We collect this information directly from you, through your use of the Services, and from our payroll processor. We use it to provide employment staffing services, process payroll, comply with applicable law, and maintain the security and integrity of the Services. We disclose personal information to service providers for operational purposes. We do not sell personal information and do not share personal information for cross-context behavioral advertising.
California residents may request to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and exercise rights without discrimination. Authorized agents may submit requests on your behalf with written authorization.
9. Nevada Privacy Rights
Nevada residents may opt out of the sale of their personal information. We do not currently sell personal information. If you have questions, contact us using the information in Section 15.
10. European and UK Users (GDPR / UK GDPR)
If you are located in the EEA or United Kingdom, we process your personal information on legal bases including contract performance, legal obligation, legitimate interests, consent, and special category data processing where required for employment and social security obligations.
Your personal information may be transferred to and processed in the United States and other countries where our service providers operate. Such transfers are subject to appropriate safeguards, including Standard Contractual Clauses where applicable. You also have the right to lodge a complaint with your local data protection authority. For GDPR-related inquiries, contact support@prismtalentgroup.com.
11. Children’s Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will take steps to delete the information.
12. Push Notifications
The PRISM mobile app may send push notifications related to shifts, timesheet submissions, application status, and account activity. You can manage push notification permissions through your device settings at any time. Disabling notifications does not delete your account or affect your ability to use the App, but you may miss time-sensitive communications.
13. Third-Party Links and Services
The Services may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to third-party sites. We encourage you to review the privacy policies of any third-party services you access.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will update the Last Updated date, notify you by email at least 14 days before the change takes effect, and display a prominent notice in the App.
Your continued use of the Services after the effective date of the revised policy constitutes acceptance of the changes. If you do not agree, discontinue use of the Services and request account deletion.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to report a privacy concern, please contact us:
Prism Talent Group
Privacy and Compliance
Email: support@prismtalentgroup.com
For urgent account security concerns, please email the above address with “URGENT” in the subject line. We aim to respond to all privacy inquiries within 30 calendar days.
Appendix A: Summary of Personal Data Collected
Identity: name, email, phone, address, DOB, SSN — account management, payroll, and I-9 compliance.
Tax documents: W-4, DE-4, I-9 form data — federal and state payroll tax compliance.
Identity documents: driver’s license, passport, work permit — I-9 employment eligibility verification.
Professional: resume, certifications, experience — shift matching and position qualification.
Work data: shifts, timesheets, assignments — core staffing service delivery.
Financial: pay rates, sick pay, reimbursements — payroll and compensation.
Communications: in-app messages — operational coordination.
Device data: push token and device platform — push notifications.
Profile media: photograph — professional identification and AI review.
This Privacy Policy was prepared for the PRISM application operated by Prism Talent Group. It is intended to comply with requirements of the Apple App Store, Google Play Store, GDPR, CCPA/CPRA, and applicable U.S. federal and state law. It does not constitute legal advice. Consult qualified legal counsel to ensure compliance with all requirements applicable to your specific situation.
PRISM by Prism Talent Group
Effective Date: June 23, 2026
Last Updated: June 23, 2026
1. Introduction
Prism Talent Group (“Prism Talent Group,” “we,” “us,” or “our”) operates the PRISM Talent Group staffing platform, including the PRISM mobile application (the “App”), the web-based employee and client portals, and all related services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use our Services, and describes the rights you have with respect to your data.
By creating an account or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services and contact us to request deletion of any data we have collected.
This Privacy Policy applies to employees/workers, clients, and administrators.
Employees / Workers — individuals who register as workers seeking staffing placements
Clients — employer companies and their designated contacts
Administrators — Prism Talent Group internal staff
2. Information We Collect
We collect information you provide directly, information generated through your use of the Services, and information from third-party integrations.
2.1 Identity and Contact Information
Full legal name (first name, last name); email address; phone number; home address (street address, city, state, ZIP code); date of birth; gender; and profile photograph.
2.2 Employment and Tax Information
For employees/workers, we collect information necessary to process employment, payroll, and tax compliance, including Social Security Number (SSN), federal W-4 data, state DE-4 data where applicable, federal I-9 data, hire date and rehire date, payroll ID and payroll integration identifier, background check date and status, and work authorization expiration date.
2.3 Professional Information
Resume and work history; professional certifications; position applications and experience level; and interview notes recorded by Prism Talent Group staff.
2.4 Identity Documents
Government-issued photo identification, work authorization documents, and certification documents. We collect these documents to comply with federal I-9 employment eligibility requirements and to verify credentials.
2.5 Work Assignment and Schedule Data
Shift preferences, applications, confirmations, assigned events, venues, positions, work start and end times, meal break times, timesheet data, timesheet disputes, no-show and cancellation records, and sick pay requests and approvals.
2.6 Financial and Compensation Data
Pay rates, billing rates, markup rates, meal period premiums, sent-home guarantee hours and pay, sick pay accrual and approved amounts, and certification reimbursements.
2.7 Communications
In-app messages between employees and administrators, including shift-specific and timesheet-related context, notification preferences, and acknowledgment status.
2.8 Account and Security Data
Account credentials, cryptographic password hashes, session tokens, JWT authentication tokens, email verification tokens, password reset tokens and expiration timestamps, and Terms and Conditions acceptance and last-viewed timestamps.
2.9 Device and Technical Information
When you use the PRISM mobile application, we may collect push notification tokens, device platform, last-seen timestamp for device tokens, IP address, app version, and operating system version. We do not collect precise GPS location, Bluetooth identifiers, microphone data, camera data beyond photos you voluntarily upload, or contact lists.
2.10 Information Collected About Client Company Contacts
Company name, industry, operational details, contact name, phone number, email address, contact role, location and venue addresses, and operational notes.
3. How We Use Your Information
We use collected information to provide the Services, process payroll and tax compliance, secure accounts, support AI-assisted review, protect safety and platform integrity, comply with regulations, and deliver communications and notifications.
3.1 Providing the Services
Creating and managing accounts; matching workers to shifts and events; processing applications, confirmations, cancellations, timesheets, sick pay requests, and employment eligibility verification.
3.2 Payroll and Tax Compliance
Generating and maintaining payroll records; transmitting employment and earnings data to our payroll processor; ensuring compliance with federal and state withholding requirements; and fulfilling I-9 employment eligibility verification obligations.
3.3 Account Security and Authentication
Verifying identity, sending password reset emails, managing session tokens, preventing unauthorized access, and delivering push notifications about shifts and timesheets.
3.4 AI-Assisted Review
Profile photographs may be reviewed using Anthropic Claude to determine whether the image meets professional standards. Resumes and self-reported experience descriptions may be evaluated using AI services to assess relevant experience level for specific positions. You may request human review of any AI-assisted decision by contacting us using the information in Section 15.
3.5 Safety and Platform Integrity
Maintaining block lists, auditing actions via event logs, resolving disputes, and detecting or preventing fraudulent activity.
3.6 Regulatory Compliance
Retaining records as required by federal and state employment, tax, and labor laws, and responding to lawful requests from government authorities.
3.7 Communications and Notifications
Sending shift confirmations, reminders, updates, and notices of changes to Terms of Service or this Privacy Policy.
4. How We Share Your Information
We do not sell your personal information. We share your information only as described below.
4.1 With Client Companies (Employers)
When you are assigned to a shift for a client company, that client’s authorized users may see your first and last name, profile photograph, certifications relevant to the position, and timesheet records for shifts you work for them. Clients do not have access to your SSN, tax documents, pay rate, home address, or other sensitive personal information.
4.2 With Service Providers
We share data with service providers who process data on our behalf under written agreements, including Cloudflare R2 for secure cloud file storage, Anthropic for AI profile photo review, LiteLLM / OpenAI for AI position qualification review, ADP Run for payroll processing, SMTP email providers for transactional email, Neon for database hosting, and Railway for application hosting.
These providers are contractually required to use your data only as necessary to provide services to us and are prohibited from using it for their own purposes.
4.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or enforceable governmental request, including I-9 verification audits by the U.S. Department of Homeland Security.
4.4 Business Transfers
If Prism Talent Group is acquired, merges with another company, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5. Data Retention
We retain personal information for as long as your account is active, as needed to provide the Services, and as required by applicable law.
Account data is retained for the duration of your account and for a minimum of 7 years after termination to satisfy employment and tax record retention requirements. I-9 records are retained for the period required by law. Timesheet records are retained for a minimum of 3 years under the Fair Labor Standards Act. Most account data is soft-deleted to preserve audit trails. Push notification tokens are retained until revoked, invalid, or no longer needed. Uploaded files are retained for the duration of your account and the applicable legal retention period.
6. Data Security
We implement industry-standard technical and organizational measures to protect your personal information, including password hashing using PBKDF2, TLS transport security, access controls for sensitive data, hashed mobile refresh tokens, restricted file access through temporary presigned URLs, and access-controlled encrypted database infrastructure.
Despite these measures, no security system is impenetrable. If you believe your account has been compromised, contact us immediately.
Data Breach Notification: In the event of a security breach that affects your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law.
7. Your Rights and Choices
Depending on your location, you may have rights to access, portability, correction, deletion, restriction, objection, withdrawal of consent, and human review of AI-assisted decisions. To exercise these rights, contact us using the information in Section 15. We will respond within 30 days or the timeframe required by applicable law and may need to verify your identity before processing your request.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the CCPA and CPRA grant you additional rights. In the preceding 12 months, we may have collected identifiers, personal information under California law, characteristics of protected classifications, professional or employment-related information, and sensitive personal information.
We collect this information directly from you, through your use of the Services, and from our payroll processor. We use it to provide employment staffing services, process payroll, comply with applicable law, and maintain the security and integrity of the Services. We disclose personal information to service providers for operational purposes. We do not sell personal information and do not share personal information for cross-context behavioral advertising.
California residents may request to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and exercise rights without discrimination. Authorized agents may submit requests on your behalf with written authorization.
9. Nevada Privacy Rights
Nevada residents may opt out of the sale of their personal information. We do not currently sell personal information. If you have questions, contact us using the information in Section 15.
10. European and UK Users (GDPR / UK GDPR)
If you are located in the EEA or United Kingdom, we process your personal information on legal bases including contract performance, legal obligation, legitimate interests, consent, and special category data processing where required for employment and social security obligations.
Your personal information may be transferred to and processed in the United States and other countries where our service providers operate. Such transfers are subject to appropriate safeguards, including Standard Contractual Clauses where applicable. You also have the right to lodge a complaint with your local data protection authority. For GDPR-related inquiries, contact support@prismtalentgroup.com.
11. Children’s Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will take steps to delete the information.
12. Push Notifications
The PRISM mobile app may send push notifications related to shifts, timesheet submissions, application status, and account activity. You can manage push notification permissions through your device settings at any time. Disabling notifications does not delete your account or affect your ability to use the App, but you may miss time-sensitive communications.
13. Third-Party Links and Services
The Services may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to third-party sites. We encourage you to review the privacy policies of any third-party services you access.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will update the Last Updated date, notify you by email at least 14 days before the change takes effect, and display a prominent notice in the App.
Your continued use of the Services after the effective date of the revised policy constitutes acceptance of the changes. If you do not agree, discontinue use of the Services and request account deletion.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to report a privacy concern, please contact us:
Prism Talent Group
Privacy and Compliance
Email: support@prismtalentgroup.com
For urgent account security concerns, please email the above address with “URGENT” in the subject line. We aim to respond to all privacy inquiries within 30 calendar days.
Appendix A: Summary of Personal Data Collected
Identity: name, email, phone, address, DOB, SSN — account management, payroll, and I-9 compliance.
Tax documents: W-4, DE-4, I-9 form data — federal and state payroll tax compliance.
Identity documents: driver’s license, passport, work permit — I-9 employment eligibility verification.
Professional: resume, certifications, experience — shift matching and position qualification.
Work data: shifts, timesheets, assignments — core staffing service delivery.
Financial: pay rates, sick pay, reimbursements — payroll and compensation.
Communications: in-app messages — operational coordination.
Device data: push token and device platform — push notifications.
Profile media: photograph — professional identification and AI review.
This Privacy Policy was prepared for the PRISM application operated by Prism Talent Group. It is intended to comply with requirements of the Apple App Store, Google Play Store, GDPR, CCPA/CPRA, and applicable U.S. federal and state law. It does not constitute legal advice. Consult qualified legal counsel to ensure compliance with all requirements applicable to your specific situation.