> ## Documentation Index
> Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance & Security

> Security certifications, data handling, and compliance information

<Info>
  PromptGuard is built with enterprise security requirements in mind. This page outlines our security practices, compliance status, and data handling policies.
</Info>

## At a glance

For security teams evaluating PromptGuard, the three things that usually matter most:

1. **What we do with your data** — pass-through architecture: we scan prompts and responses in real time and don't store prompt content or train on it. Your LLM provider keys stay with you. (See [Data Handling](#data-handling).)
2. **Proof for auditors** — every security decision is recorded in a tamper-evident, hash-chained [audit log](/platform/audit-logs) with event ID, threat type, confidence, and timestamp.
3. **Where we stand on frameworks** — summarized in the table below.

<Note>
  **"Compliant" vs "Aligned":** *Compliant* means we meet the requirement (with a DPA or independent attestation where applicable). *Aligned* means PromptGuard provides the technical controls a framework requires, but formal third-party certification is still in progress or out of scope. We don't claim certifications we don't hold.
</Note>

## Security Certifications

| Certification     | Status      | Details                                                                  |
| ----------------- | ----------- | ------------------------------------------------------------------------ |
| **SOC 2 Type II** | In Progress | Expected Q2 2026                                                         |
| **GDPR**          | Compliant   | EU data processing agreement available                                   |
| **CCPA**          | Compliant   | California consumer privacy rights                                       |
| **EU AI Act**     | Aligned     | Technical controls map to Articles 9, 11, 12, 13, 14, 15                 |
| **ISO/IEC 42001** | Aligned     | AI management system controls for risk, logging, transparency, oversight |
| **ISO 27001**     | Planned     | On roadmap for 2026                                                      |
| **HIPAA**         | Planned     | Contact sales for roadmap                                                |

<Note>
  "Aligned" means PromptGuard provides the technical controls that satisfy the framework's requirements. Formal certification (where applicable) requires third-party audit. For enterprise customers requiring specific compliance certifications, contact [sales@promptguard.co](mailto:sales@promptguard.co) to discuss your requirements.
</Note>

## EU AI Act Alignment

The EU AI Act (Regulation 2024/1689) imposes requirements on high-risk AI systems, enforceable from August 2, 2026. PromptGuard provides technical controls that map to each requirement:

| EU AI Act Article                                 | Requirement                                                                           | PromptGuard Capability                                                                                                                                    |
| ------------------------------------------------- | ------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Art. 9** — Risk Management                      | Systematic risk identification, analysis, and mitigation throughout the AI lifecycle  | Policy engine with configurable threat detection (14 detector types, 1000+ patterns), per-request risk scoring, behavioral analysis                       |
| **Art. 11** — Technical Documentation             | Maintain documentation demonstrating risk management and system behavior              | OpenAPI spec auto-generated from live API, governance reports with narrative sections, evidence packages for auditors                                     |
| **Art. 12** — Record-Keeping                      | Automatic recording of events enabling risk identification and post-market monitoring | SOC 2 audit trail with tamper-evident hash chaining, every security decision logged with event ID, threat type, confidence, and timestamp                 |
| **Art. 13** — Transparency                        | Enable deployers to interpret output and use the system appropriately                 | Per-decision explainability (threat type, confidence, matched detectors), governance reports with incident timelines                                      |
| **Art. 14** — Human Oversight                     | Mechanisms for human oversight, intervention, and override                            | Dashboard with real-time visibility, configurable alert thresholds, manual policy overrides, role-based access                                            |
| **Art. 15** — Accuracy, Robustness, Cybersecurity | Meet standards for accuracy, resilience to attacks, and cybersecurity                 | Evaluated at F1=0.887 on 2,369 adversarial samples, automated red team testing, agent identity with cryptographic credentials, behavioral drift detection |

## ISO/IEC 42001 Alignment

ISO/IEC 42001:2023 is the international standard for AI Management Systems. PromptGuard's controls map to its Annex A requirements:

| ISO 42001 Control             | Requirement                                                                  | PromptGuard Capability                                                                                                                       |
| ----------------------------- | ---------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
| **Risk Assessment (6.1)**     | Identify and assess AI-specific risks including security, misuse, and safety | 14 threat detector types covering OWASP LLM Top 10, configurable policy presets, per-request risk scoring                                    |
| **Data Governance (Annex A)** | Ensure data is appropriate, accurate, and free from harmful biases           | 39-type PII detection and redaction, pass-through architecture with zero data retention, content safety classification                       |
| **Transparency (Annex A)**    | Provide transparency about AI system use and decision rationale              | Per-decision explainability, governance reports, audit trail with full decision context                                                      |
| **Human Oversight (Annex A)** | Allow intervention and override capabilities                                 | Dashboard with real-time monitoring, configurable block/allow/redact policies, manual credential rotation and revocation                     |
| **Monitoring (Annex A)**      | Detect and measure AI system behavior over time                              | Behavioral drift detection with Jensen-Shannon divergence, anomaly alerting, agent statistics tracking                                       |
| **Incident Response (10)**    | Detect, respond to, and learn from AI system failures                        | Real-time threat alerts, webhook notifications, tamper-evident audit trail for forensic analysis, governance reports with incident timelines |

## Data Handling

### What Data We Process

| Data Type              | Processing                    | Retention                 |
| ---------------------- | ----------------------------- | ------------------------- |
| **Prompts & Messages** | Scanned for threats in memory | Not stored (pass-through) |
| **API Keys**           | Encrypted at rest (AES-256)   | Until deleted             |
| **Usage Metrics**      | Aggregated counts             | 90 days                   |
| **Security Events**    | Threat details logged         | 30 days (configurable)    |
| **Audit Logs**         | User actions                  | 90 days                   |

### Data Flow

```mermaid theme={"system"}
graph LR
    A[Your App] -->|Prompt| B[PromptGuard]
    B -->|Scan in memory| C{Threat?}
    C -->|No| D[Forward to LLM]
    C -->|Yes| E[Block/Redact]
    D -->|Response| B
    B -->|Response| A

    subgraph "Not Stored"
        B
        C
        D
        E
    end
```

### Pass-Through Architecture

PromptGuard operates as a **pass-through proxy**:

* Prompts and responses are **scanned in memory**
* Content is **not stored** after processing
* Only metadata (timestamps, threat types, confidence scores) is logged
* Your data never touches disk in unencrypted form

<Warning>
  Security event logs may contain sanitized snippets of blocked content for debugging purposes. These are automatically purged after the retention period. Enterprise customers can disable content logging entirely.
</Warning>

## Infrastructure Security

### Cloud Infrastructure

| Component    | Provider              | Security                          |
| ------------ | --------------------- | --------------------------------- |
| **Compute**  | Google Cloud Run      | Serverless, auto-scaling          |
| **Database** | Supabase (PostgreSQL) | Encrypted at rest, TLS in transit |
| **Secrets**  | Google Secret Manager | IAM-controlled access             |
| **CDN/DDoS** | Google Cloud Armor    | Rate limiting, WAF                |
| **DNS**      | Cloudflare            | DDoS protection                   |

### Encryption

| Layer          | Standard         |
| -------------- | ---------------- |
| **In Transit** | TLS 1.3          |
| **At Rest**    | AES-256          |
| **API Keys**   | Argon2id hashing |
| **Secrets**    | Google KMS       |

### Network Security

* All endpoints require HTTPS
* Cloud Armor per-IP anti-abuse rate limiting at the network edge
* No public SSH access to infrastructure
* VPC-based isolation between services
* Private database connections (no public IP)

## Access Control

### Authentication Methods

| Method            | Use Case                           |
| ----------------- | ---------------------------------- |
| **API Key**       | Server-to-server, SDK integrations |
| **Session (JWT)** | Dashboard access                   |
| **OAuth**         | GitHub/Google SSO                  |
| **SAML/OIDC**     | Enterprise SSO (Enterprise tier)   |

### API Key Security

* Keys are hashed with Argon2id before storage
* Only the prefix (`pg_live_xxxxxxxx...`) is stored in plain text
* Full key shown only once at creation
* Keys can be rotated without downtime
* Project-scoped API keys (no per-key permission types; tier gating via subscription)

### Role-Based Access (Enterprise)

| Role       | Permissions                               |
| ---------- | ----------------------------------------- |
| **Owner**  | Full access, billing, delete organization |
| **Admin**  | Manage users, projects, settings          |
| **Member** | View projects, create API keys            |
| **Viewer** | Read-only dashboard access                |

## Audit Logging

### What's Logged

| Event                  | Details Captured               |
| ---------------------- | ------------------------------ |
| **Authentication**     | Login, logout, failed attempts |
| **API Key Management** | Create, rotate, delete         |
| **Project Changes**    | Settings, policies, presets    |
| **Security Events**    | Blocked requests, threat types |
| **User Management**    | Invites, role changes          |

### Accessing Audit Logs

1. Go to **Dashboard → Settings → Audit Logs**
2. Filter by date range, event type, or user
3. Export as CSV or JSON

### Log Export (Enterprise)

Enterprise customers can configure:

* **SIEM Integration**: Stream logs to Splunk, Datadog, etc.
* **S3 Export**: Daily log exports to your bucket
* **Webhook**: Real-time log forwarding

## Incident Response

### Security Incident Process

1. **Detection**: Automated monitoring + manual review
2. **Containment**: Isolate affected systems
3. **Investigation**: Root cause analysis
4. **Notification**: Affected customers notified within 72 hours
5. **Remediation**: Fix deployed, post-mortem published

### Reporting Security Issues

Found a vulnerability? Contact us:

* **Email**: [security@promptguard.co](mailto:security@promptguard.co)
* **Response Time**: 24 hours for initial acknowledgment
* **Bug Bounty**: Coming soon

## Data Residency

### Current Regions

| Region | Data Center                     |
| ------ | ------------------------------- |
| **US** | Google Cloud us-central1 (Iowa) |

### Planned Regions

| Region               | Status  |
| -------------------- | ------- |
| **EU** (Frankfurt)   | Q3 2026 |
| **APAC** (Singapore) | Q4 2026 |

<Note>
  Enterprise customers requiring specific data residency can request dedicated deployment in their preferred region.
</Note>

## Vendor Security

### Subprocessors

| Vendor           | Purpose        | Data Processed  |
| ---------------- | -------------- | --------------- |
| **Google Cloud** | Infrastructure | All data        |
| **Supabase**     | Database       | Metadata, logs  |
| **Stripe**       | Billing        | Payment info    |
| **Resend**       | Email          | Email addresses |

### LLM Providers

PromptGuard forwards requests to your chosen LLM provider. We do not store data sent to:

* OpenAI
* Anthropic
* Google AI
* Cohere
* AWS Bedrock
* Azure OpenAI

Your data handling agreement is with each LLM provider directly.

## AI Agent Governance

PromptGuard provides four governance capabilities for AI agents operating in production:

### Agent Identity

Register agents with verified cryptographic credentials. Each agent receives a unique `pgag_` secret that authenticates tool-call and guard requests. Self-asserted agent IDs still work (backward compatible), but verified agents get explicit identity confirmation in audit logs and governance reports.

* `POST /api/v1/agent/register` — Register and receive a one-time credential
* `POST /api/v1/agent/{agent_id}/rotate-credential` — Revoke old credential, issue new one
* `X-Agent-Credential` header for verified requests

### Behavioral Drift Detection

After an agent accumulates sufficient observations, PromptGuard freezes a behavioral baseline capturing the agent's normal tool-usage distribution. Every subsequent request is compared against this baseline using Jensen-Shannon divergence. If the distribution shifts beyond the configured threshold, a `BEHAVIORAL_DRIFT` alert fires.

### Tamper-Evident Audit Trail

Every audit event's SHA-256 hash incorporates the previous event's hash, forming a cryptographic chain. If any event is modified or deleted, the chain breaks and verification fails. Use `POST /dashboard/audit-log/verify-chain` to verify chain integrity over any time range.

### Governance Reports

Generate auditor-facing narrative reports covering all four governance capabilities:

```bash theme={"system"}
curl -X POST https://api.promptguard.co/dashboard/compliance/governance-report \
  -H "Cookie: session=YOUR_SESSION_COOKIE" \
  -d "framework=soc2&days=30"
```

The report includes sections for agent identity verification rates, behavioral drift alerts, audit chain integrity status, security decision summaries, and a chronological incident timeline.

## Enterprise Security Features

Available on the Enterprise tier:

| Feature                    | Description                                  |
| -------------------------- | -------------------------------------------- |
| **Self-Hosted Deployment** | Run PromptGuard in your own infrastructure   |
| **Air-Gapped Mode**        | Zero external network calls                  |
| **SSO (SAML/OIDC)**        | Integrate with your IdP                      |
| **IP Allowlisting**        | Restrict API access by IP                    |
| **Custom Data Retention**  | Configure log retention periods              |
| **Dedicated Support**      | SLA-backed support with named contact        |
| **Custom BAA**             | HIPAA Business Associate Agreement (planned) |

## Security Questionnaire

Need to complete a vendor security assessment? We provide:

* **CAIQ** (Consensus Assessment Initiative Questionnaire)
* **SIG Lite** (Standardized Information Gathering)
* **Custom Questionnaires** (for Enterprise customers)

Contact [security@promptguard.co](mailto:security@promptguard.co) for these documents.

## Responsible Disclosure

We appreciate security researchers who help keep PromptGuard secure:

1. **Report** the issue to [security@promptguard.co](mailto:security@promptguard.co)
2. **Do not** publicly disclose until we've addressed it
3. **Provide** steps to reproduce
4. **Allow** reasonable time for remediation (90 days)

## Next Steps

<CardGroup cols={2}>
  <Card title="Security Overview" icon="shield" href="/security/overview">
    Learn about threat detection
  </Card>

  <Card title="Audit Logs" icon="list-check" href="/platform/audit-logs">
    Monitor user activity
  </Card>

  <Card title="Enterprise" icon="building" href="/pricing">
    See Enterprise features
  </Card>

  <Card title="Contact Sales" icon="envelope" href="mailto:sales@promptguard.co">
    Discuss your requirements
  </Card>
</CardGroup>
