Security

Last updated: January 1, 2025

At PromptGear, security is our top priority. We implement industry-leading security measures to protect your data, projects, and personal information. This page outlines our security practices and the measures we take to keep your information safe.

Security Features

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Secure Infrastructure

Hosted on Cloudflare with DDoS protection, WAF, and global CDN for maximum security and performance.

Payment Security

Payments processed by Stripe, PCI DSS Level 1 certified. We never store your credit card details.

Authentication

Secure OAuth authentication via Google and GitHub. Session tokens with automatic expiration.

Data Protection

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure version of the Transport Layer Security protocol.

Encryption at Rest

Your data stored in our databases is encrypted using AES-256 encryption. This includes your projects, account information, and any generated content.

Data Isolation

Each user's data is logically isolated using Row Level Security (RLS) in our database. You can only access your own projects and data.

Infrastructure Security

Cloudflare

Our platform is protected by Cloudflare, providing DDoS mitigation, Web Application Firewall (WAF), and a global CDN. All traffic is routed through Cloudflare's secure network.

Supabase

Our database and authentication services are powered by Supabase, with automatic backups, point-in-time recovery, and enterprise-grade security. Data is stored in EU data centers.

Stripe

All payments are processed by Stripe, which is PCI DSS Level 1 certified - the highest level of payment security certification. We never see or store your full credit card number.

Application Security

  • Protection against XSS (Cross-Site Scripting) attacks
  • CSRF (Cross-Site Request Forgery) protection on all forms
  • SQL injection prevention through parameterized queries
  • Rate limiting to prevent abuse and brute force attacks
  • Content Security Policy (CSP) headers
  • Regular security audits and dependency updates

Compliance

GDPR Compliant

We comply with the General Data Protection Regulation (GDPR). You have full control over your data and can request access, correction, or deletion at any time.

EU Data Residency

Your data is stored in data centers located within the European Union, ensuring compliance with EU data protection requirements.

Report a Vulnerability

If you discover a security vulnerability, we encourage you to report it responsibly. Please email us with details of the vulnerability and we will respond promptly.

security@promptgear.dev

Your Security Best Practices

While we take extensive measures to protect your data, you can also help keep your account secure:

  • Use a strong, unique password for your account
  • Never share your login credentials with others
  • Log out when using shared or public computers
  • Keep your browser and operating system up to date
  • Be cautious of phishing emails claiming to be from PromptGear

Contact Us

If you have any questions about our security practices, please contact us:

Security Issues: security@promptgear.dev

General Inquiries: support@promptgear.dev

Privacy Policy: promptgear.dev/privacy