Honest about
how we protect you.
We're a beta product, not an enterprise platform. Here's exactly what we do — and don't — do to keep your data safe.
What we do
Security practices
as they actually are.
Authentication via Supabase
User accounts and sessions are handled by Supabase Auth — a battle-tested, open-source authentication platform. Passwords are never stored in plaintext. Magic link and email/password flows are supported.
Your API keys, your training
Fine-tuning jobs run using your own OpenAI, Together AI, or Replicate API keys. We never use a shared pool of credentials for your training data. Your keys are stored encrypted and only used when you initiate a job.
Data in transit
All communication between your browser, our servers, and third-party providers is encrypted over HTTPS/TLS. We don't serve anything over plain HTTP.
Minimal data retention
We store what's needed to run the product — your prompts, training configurations, and evaluation results. We don't sell your data or use it to train our own models.
Hosted infrastructure
The app runs on Azure Container Apps. The database is managed by Supabase. We rely on their underlying infrastructure security rather than claiming our own certifications we don't hold.
Responsible disclosure
Found a security issue? Email us at promptify.one@gmail.com. We'll respond quickly, fix it, and credit you if you'd like. We're a small team — there's no security@ black hole here.
Contact
Found something?
Tell us.
If you discover a vulnerability or something that doesn't look right, please reach out at promptify.one@gmail.com. We take these reports seriously and will respond within 24 hours.