Security

Enterprise-grade protection for your AI governance data.

AES-256 EncryptionTLS 1.2/1.3SOC2 Ready Architecture

Data encryption

At rest: All captured AI interactions, audit logs, and organization data are encrypted using AES-256-GCM encryption.

In transit: All data transmitted between the browser extension and our servers is encrypted using TLS 1.2/1.3. We enforce HTTPS for all connections.

PII detection & protection

Our PII detection engine automatically scans all captured prompts for sensitive information:

  • • Social Security Numbers (SSN)
  • • Credit card and financial account numbers
  • • Email addresses and phone numbers
  • • API keys and secrets
  • • Custom patterns (Enterprise)

Detected PII is flagged for review and can be automatically redacted or blocked (Enterprise) before reaching AI platforms.

Complete audit trail

Every AI interaction is logged with full context for compliance and security investigations:

  • Who: User identity with timestamp
  • What: Complete prompt and response content
  • Where: AI platform and session context
  • Flags: PII detection results and risk indicators

Audit logs are immutable and retained according to your configured retention policy (30-365 days or custom).

Infrastructure

PromptRail runs on world-class cloud infrastructure with built-in security:

  • Frontend: Vercel's global edge network with automatic DDoS protection
  • Backend: Render's secure containerized environment with automatic scaling
  • Database: Managed PostgreSQL on Supabase with automated backups
  • Region: US-based data centers with EU option for Enterprise

Access control

  • Role-Based Access: Owner, Admin, Editor, and Viewer roles with granular permissions
  • Secure Authentication: Industry-standard password hashing and secure session management
  • SSO Integration: SAML and OIDC support for Okta, Azure AD, and Google Workspace (Enterprise)

Browser extension security

Our Chrome extension is designed with security and privacy in mind:

  • Minimal Permissions: Only requests permissions necessary for AI platform capture
  • Local Processing: PII detection runs locally before data leaves the browser
  • Selective Capture: Only monitors approved AI platforms, not general browsing

Compliance

As an early-stage product, we are not yet SOC2 or ISO 27001 certified. However, we design our systems with these standards in mind:

  • SOC2: Architecture designed for SOC2 compliance—working towards certification
  • GDPR: Compliant data handling practices with DPA available on request
  • HIPAA: BAA available for Enterprise customers upon request

PromptRail generates compliance-ready reports to help demonstrate AI governance controls to your auditors.

Security questions?

Our team is available to discuss your specific requirements or schedule a security review.

Contact security team