Security & Trust
SafePrompt is a security product. Here is our security posture, data handling practices, and how to report issues.
Data Handling
What we store
- •Request metadata: timestamp, API key hash, validation result (safe/unsafe), threat categories, processing time
- •For blocked prompts only: prompt text and source IP are stored temporarily for network intelligence
- •Safe prompts: prompt text is never stored — only the result is logged
Retention & deletion
- •Blocked prompt text: automatically deleted after 24 hours
- •IP addresses: automatically deleted after 24 hours
- •After 24 hours: only cryptographic hashes (SHA-256) remain for network intelligence — no personally identifiable information
- •Account data: deleted within 30 days of account deletion request
Data in transit & at rest
- ✓All API traffic uses TLS 1.2+ (HTTPS enforced)
- ✓Database encrypted at rest (AES-256)
- ✓API keys are stored as hashed values — we cannot retrieve your plaintext key
Infrastructure
- •API: Deployed on Vercel serverless functions (AWS us-east-1)
- •Database: Supabase (PostgreSQL), hosted on AWS
- •Frontend: Cloudflare Pages (global CDN)
- •Isolation: Each customer's data is scoped to their API key — no cross-customer data access
- •Uptime SLA: 99.9% for Starter and Business plans
Privacy Compliance
GDPR
- ✓Prompt text and IP addresses deleted within 24 hours
- ✓Data export available on request from your dashboard
- ✓Account and data deletion available from dashboard settings
- ✓Data Processing Agreement (DPA) available on request — email privacy@safeprompt.dev
CCPA
- ✓Right to know: request a copy of your data from dashboard
- ✓Right to delete: delete your account and all associated data from dashboard settings
- ✓We do not sell personal information
Compliance roadmap
- ◎SOC 2 Type 1: planned as user base grows
- ✓GDPR/CCPA: compliant (24h data deletion, export, DPA)
Performance
| Metric | Value |
|---|---|
| Detection accuracy | Above 95% |
| False positive rate | Under 3% |
| Average response time | Sub-second (most requests under 100ms) |
| Pattern detection (Layer 1) | <5ms |
| Uptime (trailing 90 days) | 99.9%+ |
Responsible Disclosure
If you discover a security vulnerability in SafePrompt, please report it responsibly. We commit to:
- ✓Acknowledge your report within 48 hours
- ✓Provide an estimated fix timeline within 7 days
- ✓Credit you in the fix announcement (if desired)
- ✓Not pursue legal action against good-faith researchers
Report vulnerabilities to: security@safeprompt.dev
For non-security issues, use support@safeprompt.dev or GitHub Issues.
Contact
- Security issues: security@safeprompt.dev
- Privacy / GDPR / DPA: privacy@safeprompt.dev
- General support: support@safeprompt.dev
- Company: SafePrompt / Reboot Media, Inc., Irvine, California