Security at PromptRail

At Rest: All sensitive data, specifically your third-party API keys (e.g., OpenAI, Anthropic), are encrypted at rest using AES-256-GCM encryption. We use a dedicated key management strategy where encryption keys are stored separately from the data.

In Transit: All data transmitted between your client and our servers, and between our servers and LLM providers, is encrypted using TLS 1.2/1.3. We force HTTPS for all connections.

PromptRail uses Vercel, Render, and Supabase, leveraging their world-class security infrastructure.

• Frontend: Our dashboard is hosted on Vercel's global edge network, ensuring fast load times and DDoS protection.
• Backend API: Our core API runs on Render's secure containerized environment. We do not maintain physical servers.
• Database: Our database is managed by Supabase (PostgreSQL), which provides automated backups, point-in-time recovery, and strict access controls.

We use Supabase Auth for user authentication, which handles secure password hashing (bcrypt) and session management. We do not store user passwords in plain text.

Internally, access to production data is restricted to core team members on a strict need-to-know basis for debugging or maintenance purposes.

As a beta product, we are not yet SOC2 or ISO 27001 certified. We are working towards these certifications as we mature.

However, we design our systems with these standards in mind, implementing audit logging, least-privilege access, and encrypted storage from day one.