Security

Your data security is our foundation

Prodara is built with security at every layer -- from infrastructure and encryption to access controls and responsible AI processing.

TLS 1.2+
SOC 2 Partners
AES-256-GCM
US Infrastructure

Infrastructure Security

Prodara runs on industry-leading cloud infrastructure with built-in redundancy, DDoS protection, and compliance certifications.

Hosting
Vercel -- SOC 2 Type II compliant and ISO 27001 certified.
Database
Supabase (PostgreSQL) with encrypted connections and automated backups.
CDN
Vercel Edge Network with global distribution and DDoS protection.
Region
US-based infrastructure for hosting and data storage.

Data Encryption

All data is encrypted both in transit and at rest. Sensitive credentials receive an additional layer of application-level encryption.

In Transit
TLS 1.2+ enforced via HSTS (max-age=63072000, includeSubDomains, preload).
At Rest
Database-level encryption provided by Supabase infrastructure.
Credentials
OAuth tokens and API keys encrypted with AES-256-GCM before storage.
Key Management
Encryption keys stored as environment variables, never committed to code.

Application Security

Multiple layers of defense protect Prodara from common attack vectors, with enterprise-grade authentication and granular authorization.

Security Headers

X-Frame-Options
DENY (clickjacking protection)
X-Content-Type-Options
nosniff
Content-Security-Policy
Strict CSP enforcement
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
camera=(), microphone=(self), geolocation=()
HSTS
max-age=63072000, includeSubDomains, preload

Authentication

Powered by Clerk -- enterprise-grade auth provider

  • Email/password and social login
  • Secure session management
  • SAML SSO available on Enterprise plan

Authorization

Role-based access control (RBAC) within workspaces

  • Granular permissions (manage members, billing, AI, etc.)
  • Server-side permission enforcement
  • Plan-based feature gating

AI Data Processing

We take a transparent, privacy-first approach to how your data interacts with AI models.

  • Primary AI provider: Anthropic (Claude API) -- data processed per Anthropic's data usage policies
  • Anthropic does not train on customer data sent via API
  • Audio transcription via OpenAI Whisper -- same data usage policy applies
  • No customer data is used to train or improve any AI models

Monitoring & Incident Response

Real-time error tracking, audit logging, and privacy-conscious analytics give us visibility without compromising user trust.

Error Tracking
Sentry with real-time alerting for immediate incident awareness.
Audit Logging
All workspace actions logged with who, what, and when.
Analytics
PostHog for identified users only -- no anonymous tracking.
Session Replay
Limited to 1% of sessions for debugging purposes only.

Access Controls

Data isolation and least-privilege access ensure users can only see and do what they are authorized for.

  • Workspace-level data isolation between organizations
  • Role-based permissions following the least-privilege principle
  • Invitation-only team access with email verification
  • Admin controls for member management and role assignment

Compliance & Certifications

Our infrastructure partners maintain rigorous compliance certifications. We are transparent about where we stand.

HIPAA
Business Associate Agreement available on Enterprise plan.
SOC 2
Infrastructure partners (Vercel, Supabase, Clerk) are SOC 2 certified.
GDPR
Data deletion and export capabilities for all users.

Transparency note: Prodara itself is not yet independently SOC 2 certified. Our infrastructure and auth providers (Vercel, Supabase, Clerk) hold SOC 2 certifications, and we follow SOC 2 aligned practices internally.

Data Retention & Deletion

You maintain control over your data throughout its lifecycle.

  • Data retained while your account is active
  • Cascade deletion when a workspace is removed
  • Users can delete individual records at any time
  • Disconnecting an integration immediately stops data sync

Responsible Disclosure

We welcome security researchers who help us keep Prodara safe.

If you discover a security vulnerability, please report it responsibly. We ask that you give us reasonable time to investigate and address the issue before disclosing it publicly.

Report a vulnerability

Questions about security?

Our team is happy to answer any questions about how we protect your data.

support@prodara.ai