Our Security Commitment
At PromptCanvas, security is our top priority. We implement industry-leading security measures to protect your data and ensure the integrity of our platform. This document outlines our security practices and commitments.
Data Protection
Encryption at Rest
All data is encrypted using AES-256 encryption standards
Encryption in Transit
TLS 1.3 encryption for all data transmissions
Key Management
Hardware security modules for key storage and rotation
Data Minimization
Only collect and retain necessary data
Infrastructure Security
Cloud Security
Our infrastructure is hosted on leading cloud providers with:
- SOC 2 Type II certified data centers
- ISO 27001 compliance
- 24/7 physical security monitoring
- Redundant power and network infrastructure
Network Security
- DDoS protection and mitigation
- Web Application Firewall (WAF)
- Intrusion detection and prevention systems
- Network segmentation and isolation
Access Control
Authentication
- Multi-factor authentication (MFA) for all accounts
- Single Sign-On (SSO) support for enterprise customers
- Session management with automatic timeout
- Secure password policies and hashing
Authorization
- Role-based access control (RBAC)
- Principle of least privilege enforcement
- Granular permissions for teams and projects
- Audit logging for all access attempts
Monitoring & Detection
We maintain comprehensive monitoring to detect and respond to threats:
24/7 Monitoring
Continuous security monitoring and alerting
Threat Intelligence
Real-time threat detection and response
Compliance & Certifications
PromptCanvas maintains compliance with major security standards:
Vulnerability Management
Regular Assessments
- Quarterly penetration testing by third-party experts
- Continuous vulnerability scanning and assessment
- Regular security audits and reviews
- Code reviews and static analysis
Responsible Disclosure
We welcome responsible disclosure of security vulnerabilities:
Email: security@promptcanvas.io
Response Time: Within 48 hours
Incident Response
We have a comprehensive incident response plan:
Detection & Analysis
Immediate assessment of potential security incidents
Containment & Recovery
Swift action to contain and resolve security issues
Notification
Transparent communication with affected users within 72 hours
Best Practices for Users
Help us keep your account secure:
- Enable multi-factor authentication (MFA)
- Use strong, unique passwords
- Regularly review account activity
- Keep your software and browsers updated
- Never share your credentials
- Report suspicious activity immediately
Report a Security Issue
Found a vulnerability or have security concerns? Let us know immediately.