Enterprise-grade protection for your most valuable prompts
Your AI prompts contain intellectual property, proprietary workflows, and sensitive instructions. promptDeck safeguards every field with AES-256 encryption at rest, secures every byte in transit with HTTPS/TLS, and enforces strict rate limits, security headers, and token expiration policies. A full audit trail lets compliance teams verify exactly who did what and when.
What's included
AES-256 encryption at rest
Sensitive fields — system prompts, user prompts, notes, request bodies, and workflow definitions — are encrypted with AES-256-CBC on the server and AES-256-GCM on the desktop.
HTTPS/TLS transport
All communication between the desktop app, browser extensions, and the server occurs over HTTPS with TLS 1.2 or higher. Data in transit is never exposed in plain text.
Rate limiting
API endpoints are protected by configurable rate limits that prevent brute-force attacks and abuse. Login attempts are capped at 6 per minute; device auth at 10 per minute.
Security headers
Every response includes Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and strict CORS policies. These headers block clickjacking, XSS, and MIME sniffing attacks.
Audit trails
Activity logging records every significant action — logins, data changes, permission updates, and deletions. Audit logs are immutable and available for export at any time.
GDPR compliance
Soft-delete support, data export capabilities, and fine-grained access control help you meet GDPR and other data protection regulations out of the box.
Encryption at rest
promptDeck encrypts the fields that matter most. On the server, AES-256-CBC ensures that database contents remain unreadable even if storage is compromised. On the desktop, AES-256-GCM provides authenticated encryption, detecting tampering in addition to preventing unauthorized reads. Encryption keys are managed separately from application data.
Transport security
Every API call, sync operation, and browser extension request is protected by HTTPS with TLS. Strict security headers accompany every response to harden the attack surface. CORS is configured to allow only known origins, preventing unauthorized cross-origin requests.
Compliance and auditing
For organizations in regulated industries, promptDeck provides the tools needed to demonstrate compliance. Activity logs capture a tamper-evident record of every action. Soft-deletes preserve data lineage for audit purposes. Combined with role-based access control and encryption, these features satisfy the requirements of GDPR, SOC 2, and internal governance frameworks.
Security for every scenario
Enterprise security requirements
Meet internal InfoSec policies with AES-256 encryption, strict transport security, and comprehensive audit logging — without deploying additional infrastructure.
Regulated industries
Healthcare, finance, and legal teams can store sensitive prompt content knowing it is encrypted at rest and in transit, with access controlled by role-based policies.
Intellectual property protection
Prompts that represent competitive advantages are encrypted on disk and accessible only to authorized team members. Audit logs prove who accessed what.
Compliance audits
Export activity logs and access records on demand. Demonstrate to auditors that data handling practices meet SOC 2, GDPR, or industry-specific requirements.
Data governance
Combine soft-deletes, role-based access, and token expiration to enforce data retention and access policies consistently across all users and devices.
Secure collaboration
Share prompts with external partners while maintaining full control. Revoke access instantly, and audit every interaction with shared content.
Protect your prompts with enterprise-grade security
Sign up and benefit from AES-256 encryption, audit trails, and strict access control from day one. No extra configuration required.