Security at GetPrompt
We take the security of your data seriously.
Responsible Disclosure
If you discover a security vulnerability in GetPrompt, please report it to us privately before making it public. We will acknowledge your report within 48 hours and work to resolve it promptly.
Email: security@getprompt.tech
Please encrypt sensitive reports using our PGP key (available on request).
How We Protect Your Data
- ✓All data transmitted over TLS 1.3
- ✓Authentication via Google OAuth — we never store passwords
- ✓Sessions secured with HttpOnly, Secure, SameSite cookies
- ✓Payments processed entirely by Stripe — we never handle card data
- ✓Database encrypted at rest (Neon PostgreSQL)
- ✓API keys stored in encrypted environment variables, never in code
- ✓Security headers on all responses (CSP, HSTS, X-Frame-Options)
Scope
In scope: getprompt.tech and all subdomains, API endpoints, authentication flows.
Out of scope: Third-party services (Stripe, Google, Anthropic, Neon), social engineering, denial-of-service attacks.
Safe Harbor
We will not pursue legal action against researchers who act in good faith, avoid accessing other users' data, and report findings before public disclosure.
Acknowledgments
No acknowledgments yet — be the first responsible security researcher!