Security

PromptDeploy is designed with security as a core principle. Your prompt content never touches our servers — it flows directly between GitHub and the browser.

Key principles

No prompt content stored

PromptDeploy never stores, caches, or logs the content of your prompt files. When you open a prompt in the editor, the content is fetched from GitHub and sent to your browser. When you save, changes are written directly back to GitHub.

Our database stores only metadata: file paths, display names, configuration, and edit logs.

GitHub App authentication

We use a GitHub App (not personal access tokens) with the minimum permissions required:

• Repository contents (read & write) — to read and update prompt files
• Pull requests (read & write) — to create PRs for review-mode deploys
• Metadata (read) — to list repositories

Installation tokens are short-lived and auto-refresh. They're scoped to the specific repositories you've granted access to.

SHA-based conflict detection

Every time you open a file for editing, PromptDeploy records the file's SHA hash. When you save, we verify the SHA hasn't changed. If someone else has modified the file in the meantime, you'll see a conflict warning instead of silently overwriting their changes.

Role-based access control

Three roles (admin, developer, editor) control what each team member can do. Permissions are enforced on every action — see Roles & Permissions.

API key security

API keys are stored as SHA-256 hashes, never in plain text. The full key is shown only once at creation time. Keys can be revoked instantly, and each request updates a last_used_at timestamp for auditing.

More detail

See Data Handling for specifics on what data we store and how.