Prompt and Plai logo

Security & Trust

At Prompt and Plai, protecting your data is our top priority. We implement industry-standard security practices to keep your information safe.

Our platform is built from the ground up with security in mind. From encrypted communications to isolated cloud infrastructure, every layer of our stack is designed to protect your data and ensure compliance with modern security standards.

Data Encryption

All data in transit uses TLS 1.2+ enforced by Google Cloud. Sensitive material — client credentials, secret variables, auth-profile cookies, API keys — is encrypted at rest with AES-256-GCM (authenticated encryption) before being stored. In production the platform refuses to start if the encryption key isn't configured, so secrets can never be written in plaintext.

Cloud Infrastructure

Hosted on Google Cloud (Cloud Run for compute, Cloud SQL for the database). Each service runs in an isolated container, auto-scales independently, and is locked to its own service account with least-privilege IAM. Data is stored in southamerica-west1 (Chile) for LATAM data residency.

Database & Backups

PostgreSQL on Cloud SQL with daily automated backups and Cloud SQL Auth Proxy (Unix-socket connectivity, no public IP). Multi-tenant data is logically separated by organization_id and every query is scoped at the API layer — there is no shared row that crosses organizations.

Authentication & Sessions

JWT-based authentication. Access tokens live 1 hour; refresh tokens 24 hours (kept short to limit replay risk). Short-lived 5-minute media tokens — execution-scoped — are used for video, screenshot and SSE URLs so the long-lived login JWT never travels in browser query strings or referer headers. Google OAuth 2.0 is supported for SSO. Passwords are hashed with Argon2id.

Multi-Tenant Isolation & RBAC

Every API endpoint resolves the caller's organization context first and scopes every database read and write to that organization. Cross-tenant access is impossible by construction — even an attempted lookup of another organization's resource returns 404. On top of that, role-based access control (Viewer / Member / Admin / Owner) gates mutations.

Service-to-Service Authentication

Internal AI services (LLM orchestration, code-doc bridge, execution runner) are private and require a shared X-Internal-Auth secret on every call between them. The runner additionally receives an ephemeral token bound to a single execution ID — even if the token leaks, it cannot pivot to another execution or organization.

Cost & Abuse Protection

Built-in protection against runaway costs and abuse: per-organization rate limits, per-plan resource quotas (active projects, monthly runs, parallel threads), wall-clock caps on agent runs, and automatic rejection of runs that would exceed the org's monthly budget. A trial account cannot consume more than its hard caps regardless of intent.

Privacy, Audit & Compliance

Every mutating action is recorded in an audit log with the actor, organization and timestamp. We follow data minimization — only what's needed for the service. User data is never sold or shared with third parties. SOC 2 Type II audit is on the roadmap; happy to discuss timing under NDA with enterprise prospects.

Have a Security Question?

If you have questions about our security practices or need to report a vulnerability, our team is ready to help.

Contact Security Team