Security and Privacy

Compliance and Certifications

This page covers Promptless’s compliance certifications, security practices, and incident response procedures.

SOC 2 Compliance

Promptless maintains SOC 2 Type II certification. Our SOC 2 report covers:

  • Security controls and access management
  • Data encryption practices
  • Incident response procedures
  • Change management processes
  • Monitoring and logging capabilities

To request a copy of our SOC 2 report, contact us at help@gopromptless.ai.

Penetration Testing

Promptless conducts annual third-party penetration tests performed by independent security firms. These assessments evaluate our infrastructure, application security, and data protection controls.

Penetration test summary reports are available to enterprise customers upon request. Contact help@gopromptless.ai for more information.

Security Incident Notification

If a security incident affects customer data, Promptless follows this notification process:

  • Notification timing: Customers are notified within 72 hours of confirming an incident affects their data
  • Notification recipients: Security notifications are sent to organization administrators and any designated security contacts on file
  • Notification content: Includes a description of the incident, affected data, remediation steps taken, and recommended actions

To add additional security contacts (such as a security team email address) for incident notifications, contact help@gopromptless.ai.

Audit Logging

Promptless provides audit logging for enterprise customers. Audit logs capture security-relevant events including:

  • User authentication events
  • Administrative actions (team member changes, role modifications)
  • Integration configuration changes
  • API key creation and revocation

Enterprise customers can request audit log exports by contacting help@gopromptless.ai. Logs are available in standard formats for integration with SIEM tools.

Session Management

Session management varies based on your authentication method:

  • Enterprise SSO (SAML/OIDC): Session duration and timeout policies are controlled by your identity provider. Configure session expiry, idle timeouts, and re-authentication requirements in your IdP settings.
  • Standard authentication (Google/GitHub SSO): Session management is handled by the authentication provider. Contact help@gopromptless.ai for details on session timeout behavior.

For organizations requiring specific session timeout policies (such as 24-hour expiry), configure these settings in your identity provider when using enterprise SSO.

Questions About Compliance?

For questions about our compliance practices, to request compliance documentation, or to discuss specific security requirements, contact our team at help@gopromptless.ai.