Security

Enterprise-Grade Security

Built from day one for regulated industries. Your data is protected at every layer.

🛡

SOC 2 Type II

In progress

🔒

AES-256

Encryption at rest

🔐

TLS 1.3

Encryption in transit

🎯

99.9% SLA

Uptime guarantee

📋

GDPR Ready

Data protection

🕵

Tenant Isolation

Every agency's data is completely isolated using PostgreSQL Row Level Security (RLS). Queries are enforced at the database level — not just the application layer.

  • RLS policies on every tenant-scoped table
  • Tenant ID derived from JWT, never from request body
  • Cross-tenant access returns NOT_FOUND, not FORBIDDEN
  • Verified by automated security tests
🔐

Encryption

All data is encrypted both in transit and at rest, using industry-standard encryption protocols.

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups
  • API keys hashed with bcrypt before storage
👤

Authentication & Access Control

Multi-layered authentication powered by Clerk with granular role-based access control.

  • SAML SSO for enterprise (Okta, Azure AD, OneLogin)
  • Multi-factor authentication (MFA)
  • Role-based access: Admin, Producer, CSR, Viewer
  • Session management with automatic timeout
📑

Audit Logging

Comprehensive audit trail for every action in the system. Know who did what and when.

  • Every data mutation logged with actor + timestamp
  • Before/after snapshots for data changes
  • AI interaction audit logs with full prompt/response pairs
  • Exportable audit reports for compliance
🤖

Responsible AI

ARIA, our AI assistant, is built with security and privacy as first principles.

  • PII scrubbed before any data reaches external AI models
  • Your data is never used to train AI models
  • AI outputs are validated before any automated action
  • Human-in-the-loop for high-impact AI decisions
  • Token budget enforcement per tenant
🌐

Infrastructure

Hosted on world-class infrastructure with redundancy and disaster recovery built in.

  • Vercel Edge Network — global CDN with auto-scaling
  • Neon PostgreSQL — serverless with automatic backups
  • Point-in-time recovery for database
  • Multi-region availability
  • DDoS protection at the edge
💻

API Security

The PrizMova REST API is built with security best practices at every endpoint.

  • API key authentication with hashed storage
  • Per-key rate limiting (plan-based)
  • Request signing for webhook verification
  • Input validation via Zod schemas on every endpoint
  • CORS and CSP headers enforced
🛠

Development Practices

Security is embedded into our development lifecycle, not bolted on after.

  • No any types — strict TypeScript with Zod validation
  • Automated dependency scanning (Dependabot)
  • Automated security tests in CI/CD pipeline
  • Code review required for all changes
  • Expand-contract database migrations only

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure and will work with you to resolve issues quickly.

Report a Vulnerability

Email security@prizmova.com with details. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours.