base_url).
| Mode | Where scanning happens | Where you review it | Your prompts leave your network? |
|---|---|---|---|
| Cloud (default) | PromptGuard cloud | promptguard.co | Yes — to our cloud engine |
| Hybrid | your servers | promptguard.co | No — only verdicts/metadata (configurable) |
| Air-gapped | your servers | a local copy of the dashboard | Never — no outbound at all |
Cloud is the fastest way to start. Most security-conscious buyers run hybrid:
scanning stays on their infrastructure, but they still get one clean cloud
dashboard. Pick air-gapped only if you truly can’t allow outbound traffic.
Hybrid — scan on your servers, review in the cloud
Run the engine on your own infrastructure and let only the results flow to the cloud dashboard. On the engine, set:Air-gapped — fully offline
The engine and a local copy of the dashboard run entirely inside your network with no outbound connection. Everything you need to review activity — verdicts, threat types, and masked metadata — lives in the local dashboard and its SQLite event log, so you never need to reach the cloud to operate. When you do need to move data between an isolated site and another environment, you do it deliberately. The local event log is the system of record: it can be queried directly, and the import endpoint that ingests signed event bundles verifies both signature and tenant before accepting anything.Tooling that packages the local event log into tamper-proof signed bundles for
transfer across an air gap is available on request and on the near-term roadmap.
If you need it for an isolated deployment, contact
support@promptguard.co — we don’t ship a
generic export script today, so don’t script against one.
Which one is right for you
Cloud
Fastest to deploy, full real-time dashboard. Great for getting started.
Hybrid
Scanning on your infra, one cloud dashboard. The common choice for
security-sensitive teams.
Air-gapped
No outbound at all — local dashboard, signed bundles. For regulated or
isolated environments.