Legal

PromptSentry Privacy Policy

Effective Date: May 15, 2026

Last Updated: May 15, 2026

Published by: Five Nines Consulting LLC

1.Introduction

This Privacy Policy describes how PromptSentry, operated by Five Nines Consulting LLC ("FNC"), collects, processes, stores, and transmits data when you or your organization uses our prompt injection firewall platform ("Service").

PromptSentry is designed primarily as a B2B data processor: when deployed by an enterprise ("Customer"), FNC acts as a data processor on the Customer's behalf, and the Customer is the data controller for the prompts and user data processed through the Service.

This Policy applies to:

Enterprise customers who subscribe to PromptSentry as a hosted or self-hosted service
Developers who integrate PromptSentry via REST API or MCP server
End users whose prompts are scanned by PromptSentry as part of a Customer's product

2.Data We Collect and Process

2.1Per-Scan Request Data

When a prompt is submitted to the /scan endpoint, the following fields may be received:

Field	Type	Required	Description
`prompt`	Text (max 50KB)	Yes	The prompt text being scanned
`source_ip`	IPv4/IPv6	No	IP address of the originating client
`user_identity`	String (max 256 chars)	No	Pre-authenticated user identifier (e.g., email, username)
`context`	String	No	Agent context hint (e.g., "customer_chat", "code_review")
`scan_type`	Enum	No	"prompt", "response", or "tool_call"
`output`	Text (max 10KB)	No	LLM response text submitted for canary/leak detection
`canary_tokens`	List	No	Application-defined strings for exfiltration detection
`child_safety_override`	Object	No	Per-request child age tier override

2.2Data We Store

By default, PromptSentry does NOT store full prompt text. Only a SHA-256 audit hash of each scan is retained. Full prompt storage is only enabled if the Customer explicitly sets store_prompt_in_scan_record=true in their configuration.

Data	Storage Location	Default Retention	Configurable
Scan record (hash only, verdict, confidence, metadata)	Redis (Customer infrastructure)	24 hours	Yes (`scan_retention_hours`)
Full prompt text	Redis	Not stored by default	`store_prompt_in_scan_record=true`
Source IP address	Redis	24 hours (scan record), 1 day (strike counter)	Yes
User identity	Redis	24 hours	Yes
IP–username mapping (Panorama)	Redis	15 minutes	N/A
API key metadata	Redis	Until revoked	Revocable
Session provenance graph	Redis	1 hour (sliding) + 24 hour hard cap	Yes
Vector embeddings of malicious prompts	Redis Stack	7 days	Yes (`vector_store_ttl_seconds`)
Child profile data (mobile)	Redis	Indefinite until deleted	Deletable
Training signals	Local filesystem	Indefinite	Must be manually deleted

Vector embeddings: When the optional vector store feature is enabled (vector_store_enabled=true, disabled by default), PromptSentry generates and stores a semantic embedding of every prompt that receives a malicious verdict. These embeddings are used for fast-path matching on future scans. Embeddings are stored in the Customer's own Redis Stack instance and are not transmitted to FNC or any third party. While embeddings are not plain text, research has demonstrated that text embeddings can sometimes be approximately inverted. Customers enabling this feature should treat stored embeddings as sensitive data subject to the same protections as prompt text.

2.3IP Address and Strike Data

PromptSentry processes source IP addresses for:

Rate limiting (sliding window, per-minute counter, ephemeral)
Strike tracking: malicious verdict counter (expires after 1 day by default)
Automatic IP blocking (after configurable threshold, default 5 strikes; auto-blocks expire after 1 day)
Manual IP blocking (indefinite until removed by admin)
Geo-enrichment via Palo Alto Panorama (if enabled by Customer)

2.4Authentication Data

Service-to-service JWT tokens: We validate but do not store JWT tokens. We log only the sub (subject) and email claims on successful validation.

OAuth sign-in (dashboard only): For users accessing the PromptSentry dashboard via Google OAuth, we store a signed session cookie containing: email (lowercased), display name, profile picture URL, and Google hosted domain (hd). Session cookies expire after 8 hours by default.

API keys: We store a SHA-256 hash of each API key secret, the key ID, tenant association, and usage metadata. Raw API key secrets are never stored.

2.5Audit Hashes

Every scan produces a deterministic SHA-256 audit hash computed from: salt + prompt + verdict + action + timestamp. This hash is stored in the scan record and returned in the API response. It is not reversible to the original prompt text.

3.How We Use Data

We process scan data only for the purpose of providing the Service:

Prompt injection detection — classifying prompts as clean, malicious, or gray-zone
Content safety screening — detecting requests for harmful outputs
Incident management — creating ServiceNow security tickets on malicious verdicts (if enabled)
Rate limiting and abuse prevention — tracking requests per IP/tenant
Security enforcement — blocking IPs that repeatedly send malicious prompts
Audit and compliance — tamper-evident records for Customer security teams
Model improvement — collecting gray-zone and disagreement signals locally for classifier tuning (see Section 5.4)

We do not:

Sell or share prompt data with third parties for their own commercial purposes
Use Customer prompt data to train third-party AI models
Build profiles on end users beyond what is necessary for abuse prevention
Use prompt data for any purpose beyond operating the Service

4.Data Transmission to Third-Party Services

PromptSentry transmits data to the following sub-processors when those integrations are enabled. All transmissions are encrypted in transit (TLS 1.2+).

4.1Google AI Studio (Required for AI Classification)

Purpose: Primary prompt injection and content classification
Data sent: Full prompt text, wrapped in a nonce-delimited container; optional context hint
Data NOT sent: User identity, source IP, scan history, API keys
Retention by Google: Per Google AI API Terms of Service — review current terms
Basis: Necessary for core Service functionality
Opt-out: Replace with a BYOM (Bring Your Own Model) endpoint via PROMPTSENTRY_CLASSIFIER_ENDPOINT_URL

4.2Anthropic (Claude Opus — Gray-Zone Escalation)

Purpose: High-confidence verification of ambiguous scans (approximately 5% of scans)
Data sent: Full prompt text, nonce-wrapped; primary classifier verdict, confidence, and reasoning
Data NOT sent: User identity, source IP
Trigger: Only when primary classifier confidence falls in the gray zone (default: 40–90%)
Retention by Anthropic: Per Anthropic API Terms of Service
Opt-out: Disable escalation via PROMPTSENTRY_OPUS_FAIL_MODE=disabled

4.3ServiceNow (Optional — Incident Management)

Purpose: Creating and querying security incidents
Data sent (minimal mode, default): Source IP, verdict (coarse), confidence score, pattern count, request ID
Data sent (full mode, if configured): Above plus user identity, classifier reasoning, matched regex pattern names
Opt-out: PROMPTSENTRY_SERVICENOW_ENABLED=false (default)

4.4Palo Alto Panorama (Optional — User Identity Enrichment)

Purpose: Mapping source IP addresses to enterprise usernames for context
Data sent: Source IP address
Data returned: Domain username (cached 15 minutes in Customer's Redis)
Opt-out: PROMPTSENTRY_PANORAMA_ENABLED=false (default)

4.5HuggingFace / BYOM Embedding Server (Optional — Vector Similarity)

Purpose: Semantic similarity matching against known malicious prompts
Data sent: Prompt text (to local or BYOM embedding server)
Opt-out: PROMPTSENTRY_VECTOR_STORE_ENABLED=false (default)

5.Special Categories of Data

5.1Child Data (COPPA / GDPR Article 8)

PromptSentry includes a child safety mode that can be enabled per-tenant for EdTech platforms, family AI assistants, and youth-facing products. When child safety mode is enabled:

Child profiles (age tier, name) are stored in Redis until explicitly deleted
Chat summaries are stored without prompt text for 24 hours
Self-harm and crisis signals trigger return of crisis resources (988 Lifeline, Crisis Text Line, etc.) rather than a silent block
No child data is transmitted to Google AI, Anthropic, or other third-party classifiers beyond the prompt text classification
Customers deploying PromptSentry in contexts involving users under 13 must obtain appropriate parental consent and are responsible for COPPA compliance

FNC does not knowingly collect personal information from children under 13 through our own direct services.

5.2Health and Mental Health Data

PromptSentry does not store full prompt text by default. For deployments handling PHI under HIPAA, Customers must execute a Business Associate Agreement with FNC before processing Protected Health Information.

5.3Employee Monitoring Data

Customers deploying PromptSentry for workforce AI governance are responsible for providing appropriate employee notice and complying with applicable employment and privacy laws.

5.4Training Data Collection

Training signal collection is opt-in and requires explicit Customer action. It is not enabled by default and does not run automatically during normal pipeline operation.

When a Customer explicitly runs the training collector script (python -m promptsentry.training.runner), the script scans recent scan records in Redis and collects signals from:

Gray-zone scans (classifier uncertainty in the 40–90% confidence range)
Escalation disagreements (Opus verdict differs from primary classifier)
Scans manually flagged via /admin/flag/{scan_id}

What is stored: Collected signals include prompt text (with source IP and user identity stripped). They are written as JSON files to the Customer's local filesystem (data/training/collected/). This data remains on Customer infrastructure and is never transmitted to FNC or any third party.

Customers who do not run the training collector store no prompt text at any point, consistent with the default behavior described in Section 2.2.

6.Data Security

We implement the following security controls:

At rest: Redis data protected by Customer-managed access controls; optional Redis authentication
In transit: TLS 1.2+ for all external API calls (Google, Anthropic, ServiceNow, Panorama)
API keys: Never stored in plaintext; SHA-256 hashed at registration
Secrets: Never logged; structlog redacts API keys, passwords, tokens, and JWT fields
SSRF protection: BYOM endpoints validated to reject private/loopback IPs
Admin auth: Admin endpoints require bearer token if PROMPTSENTRY_ADMIN_TOKEN is configured
Input sanitization: Prompts stripped of control characters before logging or storage
Security headers: HSTS, X-Content-Type-Options, X-Frame-Options on all responses (configurable)

Pre-certification status: PromptSentry is on the SOC 2 Type II roadmap, targeted for Q1 2027. The Service is designed to support compliance with GDPR, CCPA, and COPPA, though FNC has not undergone third-party security audit at this time. Customers may submit a security questionnaire to security@promptsentry.net.

7.Data Residency and On-Premises Deployment

Self-hosted and on-premises deployments: All data remains within the Customer's own infrastructure. FNC never receives scan data, prompt content, or user data from self-hosted deployments.

SaaS deployments (FNC-hosted): Data is stored in GCP (Google Cloud Platform) infrastructure. Enterprise Customers may request the specific GCP region upon contracting.

Sub-processor data: Prompt text is transmitted to Google AI Studio and (when escalation occurs) to Anthropic, per Section 4.

8.Your Rights (GDPR / CCPA)

For end users whose data is processed by PromptSentry as part of an enterprise Customer's deployment, please contact that Customer directly as the data controller.

For individuals interacting directly with FNC-operated services:

Right	How to Exercise
Access	Email privacy@promptsentry.net with subject "Data Access Request"
Erasure	Email privacy@promptsentry.net; scan records delete automatically after 24h by default
Portability	Available via `/api/stats` export for dashboard users
Objection	Contact privacy@promptsentry.net
California (CCPA)	We do not sell personal information. Submit requests to privacy@promptsentry.net

We respond to verified requests within 30 days as required by GDPR, and within 45 days as required by CCPA.

Data Processing Agreements

Customers requiring a Data Processing Agreement under GDPR Article 28 may request our standard DPA template by contacting privacy@promptsentry.net. FNC will execute a DPA with any Customer who processes personal data of EU/UK data subjects through the Service.

9.Data Breach Notification

In the event of a confirmed personal data breach affecting Customer data processed by FNC (applicable to SaaS deployments only), FNC will notify the affected Customer without undue delay, and in any case within 72 hours of confirmation of the breach, as required by GDPR Article 33. Notification will include: nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed.

For self-hosted deployments, breach detection and notification obligations rest with the Customer.

10.Data Retention Summary

Data Type	Default Retention	Can Be Reduced
Scan records (hash + metadata)	24 hours	Yes
Scan records (full prompt, if enabled)	24 hours	Yes
IP strike counters	1 day	Yes
Auto-blocked IPs	1 day	Yes
Manual IP blocks	Indefinite	Admin removal
Panorama IP–username cache	15 minutes	No
OAuth session cookies	8 hours	Yes
API key metadata	Until revoked	Yes
Vector embeddings	7 days	Yes
Child profiles	Until deleted	Admin deletion
Training signal files	Indefinite	Manual deletion

11.Changes to This Policy

We will post updates to this page and update the "Last Updated" date. For material changes, we will notify Enterprise Customers via the email address on their account.

12.Contact

Privacy requests / data subject rights: privacy@promptsentry.net

Security concerns / vulnerability reports: security@promptsentry.net

Legal / DPA requests: legal@promptsentry.net

Five Nines Consulting LLC
Roanoke, VA · United States