🔐Security

Introduction

At Prst.ai, we prioritize your privacy and understand the critical importance of security. That's why we've developed a self-hosted version of Prst.ai that can be seamlessly installed within your private network.

Data Stored

Prst.ai stores only necessary information for it's operations. These information is fully depends on what you, or your team posts to prst.ai.

Because of that the stored information may contain:

  • all input comes from your system as prompt parameters

  • all output data comes from external AI providers

  • feedbacks

  • any data proxy through prst.ai

  • system logs

  • credentials that you may pass to prst.ai

Data Transfer

Prst.ai does not transmit any personal or technical information about your system outside your environment. We prioritize your data privacy, and as such, we do not utilize any metrics, logs, or other information regarding your executions, your system, or environment.

❗️Note: For support operations, we may contact you directly in accordance with our General Agreement or based on a custom NDA or Contract.

If the support option is purchased, the Prst.ai installation may send requests outside your system to notify us at PRST.AI about your support request. During this operation, the following information may be sent:

Data Encryption

While Prst.ai installation relies on your infrastructure, all sensitive information is stored encrypted and accessed only when necessary. Such information as credentials to external AI providers uses ENCRYPTION_SECRET you can provide via ENV Variables to encrypt it. It's also possible to use external DB to store all of your data in encrypted way such as AWS RDS or any similar.

💡 Note: Please refer to your regulation to make sure the way YOU USE prst.ai is align with it.

GDPR, HIPAA, CCPA, and Other Compliances:

As Prst.ai is a self-hosted solution installed within your network, you maintain full control over data practices and ownership. By default, Prst.ai does not store any personal information and operates solely within your installation. It's important to align your usage of Prst.ai with relevant regulations, such as GDPR, HIPAA, CCPA, and others.

❗️Note: For support operations, we may contact you directly in accordance with our General Agreement or based on a custom NDA or Contract.

Best Practices:

Create Your Own ENCRYPTION_SECRET:

Generate a strong encryption_secret to encrypt your data in the database and pass it via environment variables during installation.

Use VPN:

Keep your Prst.ai solution within a private network with VPN access granted to individual organization members. Avoid making your private Prst.ai server publicly accessible to minimize security risks.

Use Strong Passwords

After installation, reset the password for the administration account to a strong, unique password that differs from the initial installation credentials.

Keep Your Credentials Safe

Avoid sharing credentials via chats, messengers, or personal accounts. Utilize password managers like Bitwarden to securely store and manage your Prst.ai administrator password.

Limit Access to Your Prst.ai Installation

Secure your server where Prst.ai is installed with practices such as port restrictions, security groups, IP whitelisting, etc. Ensure that only trusted users, such as your DevOps team, have access to the installation and its configurations.

Last updated