Security

PromptDeploy is designed with security as a core principle. Prompt content passes through our server to broker GitHub API calls, but is never stored, cached, or logged. Your prompts live in GitHub. We store only metadata.

Key principles

No prompt content stored

PromptDeploy never stores, caches, or logs the content of your prompt files. When you open a prompt in the editor, the content is fetched from GitHub via our server and sent to your browser. When you save, changes are forwarded back to GitHub via the API. Content passes through our server to broker these calls, but is never written to any database, file, or log.

Our database stores only metadata: file paths, display names, configuration, and edit logs.

GitHub App authentication

We use a GitHub App (not personal access tokens) with the minimum permissions required:

• Repository contents (read & write): to read and update prompt files
• Pull requests (read & write): to create PRs for review-mode deploys
• Metadata (read): to list repositories

Installation tokens are short-lived and auto-refresh. They're scoped to the specific repositories you've granted access to.

SHA-based conflict detection

Every time you open a file for editing, PromptDeploy records the file's SHA hash. When you save, we verify the SHA hasn't changed. If someone else has modified the file in the meantime, you'll see a conflict warning instead of silently overwriting their changes.

Role-based access control

Three roles (admin, developer, editor) control what each team member can do. Permissions are enforced on every action. See Roles & Permissions.

API key security

API keys are stored as SHA-256 hashes, never in plain text. The full key is shown only once at creation time. Keys can be revoked instantly, and each request updates a last_used_at timestamp for auditing.

More detail

See Data Handling for specifics on what data we store and how.