Trust & Security

We're an early-stage company, and we'd rather be precise than impressive. Here is exactly how Enprompta protects your data today — and what we're still working toward.

Security

  • ·TLS encryption for all traffic in transit.
  • ·AES-256-GCM encryption at rest for sensitive fields (API keys, 2FA secrets).
  • ·Role-based access control (RBAC) on Pro and Enterprise.
  • ·Audit logging of security-relevant actions.
  • ·Two-factor authentication (TOTP) for accounts.

Privacy & your data

  • ·Export all of your data at any time (data portability).
  • ·Delete your account and associated data (right to erasure).
  • ·Cookie consent banner and a clear cookies policy.
  • ·Your prompts and traces are scoped to your organisation and are not used to train models.

See our Privacy Policy and Cookies Policy.

Compliance & roadmap

  • ·SOC 2 Type II: in progress. Our architecture and controls are built for it; we don't yet hold a report, and we won't claim one until we do.
  • ·GDPR: we support data export and deletion, consent, and a privacy policy. Need a DPA or have a compliance question? Contact us.
  • ·Enterprise: SSO/SAML, custom SLAs, and on-prem/private-cloud deployment are available on Enterprise contracts. HIPAA and other requirements are handled per contract — talk to us.
  • ·Availability: we target 99.9% uptime. Live service status is on our status page.

Infrastructure

Enprompta runs on managed cloud infrastructure (Vercel for the application, Neon for the PostgreSQL database), with data hosted in the United States.

Questions?

For security, privacy, or compliance questions — including DPAs and security reviews — email hello@enprompta.com.

Trust & Security — Enprompta