# Security

Source: https://0.0.0.0:8080/legal/security

---

Legal · Security

# Security.

PromptRails is built with security as a first-class concern. Here's how we protect your data and integrations.

🔒

### Encryption at rest

All stored credentials and secrets are encrypted with AES-256 at rest. Passwords are bcrypt-hashed. API keys are stored as one-way hashes.

🛡

### Network security

All data in transit is encrypted with TLS 1.2+. API key IP allowlisting and CORS origin restrictions provide additional access control.

🔑

### Access control

Fine-grained API key scopes, role-based workspace access (Owner / Admin / User), and human-in-the-loop approvals on sensitive operations.

◉

### Observability & audit

Full execution tracing, access logs, and audit trails. Monitor every API call, agent execution, and configuration change.

## Responsible disclosure

If you discover a security vulnerability, please report it to [security@promptrails.ai](mailto:security@promptrails.ai). We take all reports seriously and will respond promptly.