Information about security guidelines, measures, certifications, reports, and plans
Relentless dedication to security should be the core design principle for every software product, and as such, we make it our #1 priority to keep your data safe and secure.
In the following, you can find general information about everything that is related to security of PROMPTMETHEUS systems and services.
Detailed system information and security reports are available for business customers only. You can request the PROMPTMETHEUS Security Report and specific system information here:
Request Security Report
How we keep your data safe
In order to develop secure software, we adhere – to the best of our knowledge and ability – to industry best practices and rely on established, well-maintained software frameworks like Django and Nuxt, which have various security measures built-in.
The following state-of-the-art methods and procedures are employed to increase system safety:
Data is always encrypted when transmitted over the internet (HTTPS).
All passwords are encrypted and never stored in clear-text.
This really is a no-brainer, but nevertheless not a given in the industry. Wherever possible, we keep open-source software packages that our systems rely on up-to-date.
Software we deploy is subjected to automated unit- and end-to-end testing pipelines in every deployment cycle to ensure functionality, security, and access control.
Reports and certifications
We are working on establishing Gold Standard security in terms of reporting and certification.
Availability of all PROMPTMETHEUS systems is monitored by Uptime Robot. Admins get notified about downtime within 5 minutes of occurrence and can respond accordingly.
Current status and 90-day history are publicly available on the system status page.
Data Privacy and -Processing
Logs and Backups
Detailed information about access logs, error logs, source code- and database backups is available in the Security Document.
Detailed information about internal and external penetration testing is available in the Security Document.
Security of 3rd-party services
The overall security of a system is only as good as its weakest link. Therefore, we work exclusively with established 3rd-party services who take security as seriously as we do.
Here is the list of relevant 3rd-party service providers that we rely on, together with their respective certifications and security information.
We use GitHub to store all of our source code.
GitHub is the industry leader for source code management and SOC 1/2, CSA, GDPR, ISO 27100, ISO 27701, and ISO 27018 compliant. For more information, please visit their security page.
We use DigitalOcean as cloud service provider for our database and backend services.
DigitalOcean is a trusted industry player and SOC 2/3, CSA, GDPR, and CBPR compliant. Digital Ocean also features built-in DDoS protection for all droplets. For more information, please visit their security page.
We use Vercel as DNS- and cloud service provider for all PROMPTMETHEUS frontends.
We use Stripe as our payment provider and only store Stripe customer-, subscription-, and product IDs in our databases for maximum security. All sensitive payment information like billing address, credit card details, etc. are stored exclusively on secure and battle-tested Stripe infrastructure.
Stripe is the industry leader for payments infrastructure, PCI Level 1 certified, and SOC 1/2 compliant. For more information, please visit their security page.
LLM APIs and service providers
The business model of "LLM as a service" is quite new and the industry is still in the process of establishing the standards and best practices.
By using the PROMPTMETHEUS platform you are subject to the same security risks that you would incur if you would interact with the providers' APIs directly.
If you, despite all our efforts, discover any vulnerabilities in our systems, please report them confidentially at firstname.lastname@example.org and do not disclose them to the public.
Note that there is currently no bounty program and we can unfortunately not compensate you for your investigations and reporting.
Questions and suggestions
If you have any questions about the above security details or want to make any suggestions, please don't hesitate to get in touch under email@example.com.