Security & Compliance

Your security is our top priority. We employ industry-leading security measures and maintain the highest compliance standards to protect your data.

Enterprise-Grade Security

Protecting your data with the highest standards

Compliance Certifications

SOC 2 Type II

In Progress

Annual audit for security, availability, and confidentiality

ISO 27001

Planned 2025

Information security management system certification

GDPR Compliant

Active

Full compliance with EU data protection regulations

CCPA Compliant

Active

California Consumer Privacy Act compliance

PCI-DSS

Active

Payment processing through PCI-compliant provider (Paddle)

Security Measures

Data Encryption

AES-256 encryption for data at rest
TLS 1.2+ for data in transit
End-to-end encryption for sensitive communications
Encrypted database storage

Access Controls

Role-based access control (RBAC)
Multi-factor authentication (MFA)
Principle of least privilege
Regular access reviews and audits

Infrastructure Security

Secure cloud infrastructure
Network segmentation and firewalls
Intrusion detection and prevention systems
DDoS protection and mitigation

Monitoring & Logging

24/7 security monitoring
Comprehensive audit logging
Real-time anomaly detection
Security event alerting

Data Protection

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR):

Lawful basis for all processing activities
Data minimization and purpose limitation
Rights of access, rectification, erasure, and portability
Privacy by design and default
Data Protection Impact Assessments (DPIAs)
Records of processing activities
Data breach notification procedures

Data Residency

Control where your data is stored and processed:

Data centers in EU and US regions
Regional data processing options
Data localization support
Cross-border transfer safeguards (SCCs, DPF)
Data processing agreements (DPAs)
Regular data location audits

AI & Machine Learning Security

As an AI-powered platform, we take additional measures to secure AI-related data and operations:

Data Handling

• Prompts not used for model training (unless explicitly permitted)
• Separation of customer data
• Secure API communications with AI providers
• Data anonymization for analytics

AI Provider Security

• Trusted AI providers only (OpenAI, Anthropic)
• DPA in place with all AI providers
• Encrypted data transmission
• Regular security assessments

Security Incident Response

24/7 Security Operations

We maintain a dedicated security team and incident response procedures

Incident Response Process

Detection and identification of security events
Immediate containment and assessment
Investigation and evidence gathering
Notification to affected customers (within 72 hours)
Remediation and recovery procedures
Post-incident review and improvements

Contact for Security Issues

Security Team: security@promptassist.com

Emergency Hotline: Available to enterprise customers

Third-Party Security

We carefully select and monitor third-party service providers to ensure they meet our security standards:

Due Diligence

• Security questionnaires
• Certification verification
• Annual security reviews
• Contractual obligations

AI Providers

• OpenAI Enterprise
• Anthropic for Business
• SOC 2 compliance required
• Data processing agreements

Infrastructure

• SOC 2 certified providers
• ISO 27001 compliance
• Regular penetration testing
• Secure configuration baselines

Security Documentation

Available Documents

Data Processing Agreement (DPA)
Privacy Policy
Terms of Service
Security Whitepaper (Enterprise)
Penetration Test Reports (NDA)

Request Documentation

Enterprise customers can request additional security documentation under NDA:

Detailed security architecture
Penetration test results
Security policies and procedures
Compliance reports and certifications

Contact: security@promptassist.com

Questions About Security?

Our security team is available to answer your questions and provide additional documentation

Contact Security Team Contact Privacy Team

Security & Compliance

Compliance Certifications

Security Measures

Data Protection

AI & Machine Learning Security

Data Handling

AI Provider Security

Security Incident Response

Incident Response Process

Contact for Security Issues

Third-Party Security

Due Diligence

AI Providers

Infrastructure

Security Documentation

Questions About Security?

We Value Your Privacy