Trust & Security
What we see, what we store, and how we protect it.
PromptUnit sits between your code and your AI provider. That means your requests pass through our servers. This page explains exactly what happens to them — what we read, what we log, what we never touch, and how your credentials are handled. No marketing language.
How the proxy works
When your application sends a request to api.promptunit.ai, our server receives it, classifies the task type, selects the appropriate model, forwards the request to the provider (OpenAI, Anthropic, Google, or Groq), and streams the response back to you.
This is identical in structure to any reverse proxy — the same way Cloudflare or a load balancer sits in front of your origin. The request travels through our infrastructure in memory. We do not write prompt content or completion content to disk at any point in that flow.
What we do write to disk: metadata. Specifically, the fields in the table below.
What we log vs. never store
| Data point | Stored |
|---|---|
| Request timestamp | Yes |
| Model used (requested + routed) | Yes |
| Token count (input + output) | Yes |
| Latency (ms) | Yes |
| Cost (actual + would-have-been) | Yes |
| Task type classification | Yes |
| Feature tag (x-promptunit-feature header) | Yes |
| Organization ID | Yes |
| Prompt text / content | Never |
| Completion text / content | Never |
| System prompt content | Never |
| User identifiers from your app | Never |
| IP address of end users | Never |
Metadata is retained for 90 days to power your dashboard cost analytics, then deleted.
How your provider API keys are stored
To forward requests to OpenAI, Anthropic, Google, or Groq on your behalf, we need your provider API keys. Here is exactly how they are handled:
- Keys are encrypted with AES-256-GCM before being written to the database. The encryption key is stored separately from the database.
- When a request comes in, the key is decrypted in memory only — for the duration of the outbound request — then discarded. It is never logged.
- Keys are never transmitted to any third party other than the provider they belong to.
- You can rotate or delete your keys from the dashboard at any time. Deletion is immediate and permanent.
Infrastructure
Hosting
Vercel (edge network). Requests are processed in the region closest to your origin.
Database
Supabase (PostgreSQL). Stores organization metadata, usage logs, and encrypted keys. Data is encrypted at rest.
Rate limiting & circuit breaker
Upstash Redis. Spend limits and anomaly detection state are held in Redis with no prompt content.
Authentication
Clerk. Handles sign-in, session management, and MFA. PromptUnit never stores passwords.
Subprocessors
Vercel, Supabase, Upstash, Clerk. No other companies have access to your data.
Incident response
If we detect or are notified of a security incident affecting customer data, we commit to:
- 1.Notifying affected customers by email within 72 hours of confirmed discovery.
- 2.Publishing a post-mortem within 7 days describing what happened, what data was affected, and what we changed.
- 3.Providing account deletion on request at any point — see your dashboard settings or email us.
We have not had a security incident to date. This section exists because you should know what we would do before you need to ask.
Certifications
We do not currently hold SOC 2 Type II or ISO 27001 certification. Here is where we stand and what is planned.
Encryption at rest and in transit
AES-256-GCM for stored keys, TLS 1.2+ for all traffic.
No prompt content retention
Enforced at the application layer — no path in the codebase writes prompt content to the database.
Spend limits and circuit breaker
Hourly and daily spend caps enforced per organization with automatic downgrade.
SOC 2 Type II audit
Planned for Q3 2026. We will publish the report publicly when complete.
Penetration test
Third-party pentest scheduled alongside SOC 2 preparation.
Security questions
Security questionnaire for your procurement team, custom DPA, or anything not answered here — reach out directly.
igal@promptunit.ai