Security

Learn how Promptly keeps your data safe.

At Promptly, your data security and privacy aren’t just features — they’re fundamental pillars of our infrastructure. We know trust is earned, not given, and we've designed Promptly from the ground up with enterprise-grade security in mind.

✅ Our Commitment

We follow industry-leading best practices to ensure your prompts, agent configurations, and user data are safe, secure, and never misused.

  • Data Encryption All data in transit and at rest is protected using AES-256 encryption. Communications between clients and our servers are secured via TLS 1.3.

  • Prompt Isolation Each prompt and session is sandboxed at runtime. This prevents prompt injection, leakage across users, or cross-contamination between agents.

  • Audit Logging All user actions are logged for auditing and compliance. You can review activity history via your settings page on our telegram bot, ensuring transparency and traceability.

🔐 Compliance & Standards

While we are constantly evolving our compliance posture, Promptly is built with the following standards in mind:

  • SOC 2 Type I (In Progress) We are actively working toward SOC 2 Type I certification, ensuring we meet strict criteria across security, availability, and confidentiality.

  • GDPR-Ready Promptly is fully compliant with the EU General Data Protection Regulation (GDPR). You have full control over your data and can request deletion at any time.

  • ISO/IEC 27001 Inspired Our internal controls and security practices are aligned with the ISO/IEC 27001 framework, helping safeguard information assets and minimize risk.

  • Privacy-First Design We don’t store or retain user conversations, except for memory that your Agent uses to operate when you talk with it. Your data belongs to you — and stays that way.

🧠 AI Security Specifics

Because we work with advanced AI Models, Promptly introduces additional guardrails:

  • Prompt Filtering All user inputs are filtered through a custom content moderation system to detect and block malicious queries or jailbreak attempts.

  • Rate Limiting & Abuse Prevention Our backend applies intelligent rate limits and anomaly detection to prevent abuse or scraping.

  • Agent Scoping Custom agents are sandboxed with strict context limits, and can only access resources defined by the user.

You can always delete your data using /deleteaccount . This action is irreversible and your data is unable to be recovered.

Questions?

We’re happy to talk security with you. Contact our team at [email protected] if you have specific compliance needs or questions about our infrastructure.

PreviousCreating Your First Agent

Last updated