Security

Your prompt content
is never stored on our servers

PromptDeploy is designed so that your intellectual property stays exactly where it belongs: in your GitHub repository. Prompt content passes through our server to broker GitHub API calls, but is never written to any database, cache, or log. We store only the metadata needed to run the service.

Zero prompt content stored GitHub App, no PATs Encrypted in transit

Core principles

Security by architecture, not just policy

We didn't bolt security on afterwards. The entire product is built around the principle that your content should never leave GitHub.

No prompt content stored

Content passes through our server to broker GitHub API calls, but is never written to any database, cache, or log file. It's in memory only for the duration of the request.

GitHub App authentication

We use a registered GitHub App with short-lived, auto-refreshing installation tokens. We never ask for or store personal access tokens.

Minimum permissions

The GitHub App requests only three permissions: repository contents, pull requests, and metadata. Scoped to the specific repos you choose.

Role-based access control

Three roles (admin, developer, editor) control what each person can do. Permissions are enforced on every action, server-side.

SHA-based conflict detection

Every edit records the file's SHA hash. If someone else modifies the file before you save, you'll see a conflict warning. No silent overwrites.

API keys hashed at rest

API keys are stored as SHA-256 hashes, never in plain text. The full key is shown once at creation. Keys can be revoked instantly.

Data flow

Where your data goes, and where it doesn't

Prompt content passes through our server to broker the GitHub API call, but it is never written to any database, cache, or log file.

Reading a prompt

Your browser
PromptDeploy
GitHub API
PromptDeploy
Your browser

Content passes through but is never written to disk, database, or logs.

Saving a prompt (direct push)

Your browser
PromptDeploy
GitHub API

Commits directly to your default branch. The content is forwarded to GitHub and discarded from memory.

Saving a prompt (PR review mode)

Your browser
PromptDeploy
GitHub API

Creates a branch, commits the change, and opens a pull request for review, all via the GitHub API.

Data handling

Exactly what we store, and what we don't

What we store

User accounts

Email, name, hashed password, OAuth provider IDs

Organisation details

Name, slug, billing email

Team memberships

User-to-organisation mapping with roles

Repository connections

Repo name, GitHub installation ID, default branch

Prompt configurations

File path, display name, description, deploy mode

Edit logs

Who edited, when, commit SHA, PR number

API keys

SHA-256 hash only, never the full key

What we never store

Prompt file content

Passes through our server to broker API calls, never written to disk or database

Repository source code

We only access the specific files configured as prompts

GitHub personal access tokens

We use GitHub App installation tokens (short-lived, auto-refreshing)

Full API keys

Only the SHA-256 hash is stored. The key is shown once at creation

Zero vendor lock-in

If you uninstall PromptDeploy, every prompt, every edit, and every piece of version history stays in your Git repository. There's nothing to migrate.

GitHub integration

How the GitHub App works

We use the official GitHub App framework, the most secure way to integrate with GitHub. Here's exactly what we request and why.

Repository contents

read & write

To read prompt files from your repo and write changes back, either as direct commits or on feature branches.

Pull requests

read & write

To create pull requests when a prompt is configured for PR review mode, so changes go through your normal code review process.

Metadata

read only

To list the repositories in your GitHub organisation so you can choose which ones to connect.

Installation tokens are short-lived and auto-refreshing. They're scoped to the specific repositories you've granted access to. We can't see anything else in your GitHub account.

Infrastructure

Encryption and access controls

Encryption in transit

All connections use TLS. This includes browser-to-server, server-to-GitHub API, and database connections.

Password hashing

Passwords are hashed using bcrypt via Devise, an industry-standard approach with automatic salting and configurable work factors.

API key storage

API keys are stored as irreversible SHA-256 hashes. The raw key is shown exactly once at creation time and cannot be retrieved afterwards.

Session security

We use essential cookies only, for session management and CSRF protection. No third-party advertising or tracking cookies.

FAQ

Security questions

Can you see our prompt content?

Prompt content passes through our server when brokering the GitHub API call, but it is not written to any database, file, cache, or log. We have no mechanism to view, search, or retrieve it after the request completes.

Can editors access files beyond the configured prompts?

No. Editors can only see and modify the specific files that a developer has explicitly marked as editable prompts. They cannot browse your repo, access other files, or change branches or settings.

What happens if PromptDeploy is compromised?

Because we don't store prompt content, there's no trove of sensitive IP to exfiltrate. An attacker would find account metadata and hashed credentials, never your actual prompts. You can also revoke the GitHub App installation at any time from your GitHub settings, instantly cutting off all access.

Can I revoke access?

Yes, at any time. Uninstall the GitHub App from your GitHub settings and all repository access is revoked immediately. Your prompts, history, and files remain in your repo exactly as they were. API keys can also be revoked instantly from your PromptDeploy dashboard.

How do you handle data deletion requests?

Contact support@promptdeploy.com and we'll remove your account, memberships, and all associated organisation data. Since we never store prompt content, there's nothing sensitive to worry about. It was never persisted on our servers.

Do you have a SOC 2 report or penetration test results?

We're an early-stage product and don't yet have formal SOC 2 certification. If you need documentation for a security review, email security@promptdeploy.com and we'll provide details of our architecture, controls, and practices.

Have a security question?

We're happy to walk through our architecture with your security team. For detailed technical documentation, see our security docs.

Contact security team Start for free