PrismApp — Privacy Policy

Effective Date: 8 September 2025 | Last Updated: 9 April 2026

1. Introduction

1.1 Plain Language

We believe privacy policies should be readable. This document uses plain English to explain how PrismApp handles your data.

Where you read “PrismApp,” “we,” “us,” or “prism-appolice.in” it refers to the secure communication application and all related services provided at https://prism-appolice.in for Andhra Pradesh Police personnel, including:

The PrismApp iOS and Android applications
The PrismApp web client
Secure Matrix-based communication services
Emergency response coordination systems

1.2 Scope

This policy covers personal data processed by PrismApp. It does not cover third-party Matrix servers, external identity servers, or Matrix federation beyond authorised servers.

1.3 Data Controller

The Data Controller for your data is:

PrismApp — Andhra Pradesh Police
Email: admin@prism-appolice.in
Phone: 08632340471 (Office) | +91-8523817999 (Mobile)
Address: Andhra Pradesh Police Headquarters, Mangalagiri, Guntur District, Andhra Pradesh, India – 522503

2. Data We Collect

2.1 Information You Provide

Data Type	Purpose	Linked to Identity
Officer ID / Badge Number	Authentication and accountability	Yes
Email Address	Account recovery, notifications	Yes
User ID (Matrix ID)	Messaging identity, app functionality	Yes
Profile Information (name, photo)	Display in conversations	Yes
Department and Rank	Routing and authorisation	Yes
Photos, Videos, and Files	Sent as message attachments when you choose	No
Audio Data	Voice messages you record and send	No
Contacts	Finding other users (only when you grant permission)	No

2.2 Information Collected Automatically

Data Type	Purpose	Linked to Identity
Device ID	End-to-end encryption key management, multi-device support	Yes
IP Address and Connection Logs	Security, abuse prevention	Yes
Crash Data	Identifying and fixing bugs	No
Performance Data	Improving app reliability	No
Other Diagnostic Data	Troubleshooting technical issues	Yes

2.3 Location Data

PrismApp requests location access only when you actively share your location in a conversation. Location data is:

End-to-end encrypted and visible only to conversation participants
Used for emergency response coordination and officer safety
Not collected in the background unless you explicitly enable live location sharing
Retained for 90 days unless part of an ongoing investigation

2.4 Camera and Microphone

PrismApp accesses your camera and microphone only when you initiate photo/video capture, voice messages, or voice/video calls. Media is encrypted before transmission.

2.5 Biometric Data (Face ID / Touch ID)

If you enable App Lock, PrismApp uses Face ID or Touch ID to secure access. Biometric data is processed entirely on your device by iOS and is never sent to our servers.

2.6 Analytics and Tracking

PrismApp does not use cross-app tracking. Analytics collection is disabled in the current deployment. If analytics are enabled in a future update, you will be asked for explicit consent before any data is collected.

3. Legal Basis for Processing

Official Authority: Processing necessary for law enforcement functions
Public Task: Processing necessary for police operations and public safety
Legitimate Interest: Maintaining secure communications for law enforcement
Consent: For optional features like location sharing and analytics (if enabled)

4. End-to-End Encryption

All messages, calls, and shared media in PrismApp are protected by end-to-end encryption. This means:

Only you and your intended recipients can read message content
Our servers cannot access the content of encrypted messages
Each device has unique encryption keys
Encryption is always on and cannot be disabled

5. Data Retention

Data Type	Retention Period
Encrypted Message Content	Per AP Police records policy
Connection Logs	365 days for security and audit
Location Data	90 days unless part of ongoing investigation
Authentication Logs	2 years for security compliance
Crash/Diagnostic Data	90 days

6. Data Sharing

6.1 Internal Sharing

Data may be shared with supervising officers, investigation teams, emergency response coordinators, and IT security as authorised by department hierarchy.

6.2 External Sharing

Data is shared externally only when required by court order, necessary for inter-agency law enforcement cooperation, or essential for public safety in emergencies.

6.3 Third-Party Services

PrismApp uses the following infrastructure:

Matrix Protocol: Open-standard messaging (self-hosted at matrix-appolice.in)
Apple Push Notification Service: To deliver notifications to your iOS device (Apple receives only a device token, not message content)

7. Your Rights

You have the right to:

Access your personal data
Correct inaccurate information
Request deletion (subject to legal retention requirements)
Object to processing in certain circumstances
Data portability for personal-use data

To exercise these rights, contact: admin@prism-appolice.in

8. Data Security

End-to-end encryption for all communications
Multi-factor authentication support
Regular security audits
Isolated network infrastructure
24/7 security monitoring
App Lock with biometric authentication

9. Children’s Privacy

PrismApp is intended for authorised Andhra Pradesh Police personnel only. We do not knowingly collect information from anyone under 18 years of age.

10. Changes to This Policy

Significant changes will be communicated through PrismApp and official channels.

Document History:

8 September 2025: Initial policy
9 April 2026: Rebranded to PrismApp; updated data collection practices to match App Store requirements