Trust
Security
How we protect the service, what we publish for your finance or legal colleagues, and how to reach us.
Encryption
Traffic is protected via TLS (supporting 1.3). Data at rest is stored on encrypted volumes (AES-256) managed by cloud providers.
Access security
No direct database access is permitted without MFA-protected credentials through infrastructure dashboards.
Development integrity
GitHub is used for secure source control and CI/CD only; production monitoring is handled via Vercel and Sentry.
Availability
Automated, vendor-managed snapshots occur on a rolling 30-day retention cycle to ensure business continuity.
Sign-in & authentication
Accounts use Clerk: email sign-in (and optional social providers if we enable them), with multi-factor authentication available according to your team's settings in Clerk. There is no separate “dance company IT” requirement—your administrators and staff use the same sign-in flow as any other Prima customer.
Institutions & transparency
State theaters, public companies, and other funded institutions often need clear documentation for procurement, data protection, or board review. We publish:
- Privacy Policy (including retention and rights)
- Terms of Service
- Subprocessor list (who hosts data and processes what)
- Data Processing Agreement (controller/processor framing for GDPR-style questions)
If your institution needs a short call or a PDF packet for a specific form, email support@theprima.app— we're used to working with small administrative teams, not a corporate IT department.
Security contacts & incidents
Report vulnerabilities or suspected security incidents (including suspected unauthorized access to Prima) to security@theprima.app. Include a short description, affected organization or subdomain if known, and whether the issue is actively exploitable. We read this inbox regularly and will acknowledge receipt when we can; please allow for weekends and holidays.
Product, billing, and general support: support@theprima.app.
We investigate credible reports in good faith. This page is not a formal bug bounty program; if you need a written disclosure or coordination process for your organization, say so in your email.
For subprocessors and processing terms, see our Privacy Policy, Subprocessor List, and Data Processing Agreement.