🔐Security
Introduction
At Prst.ai, we prioritize your privacy and understand the critical importance of security. That's why we've developed a self-hosted version of Prst.ai that can be seamlessly installed within your private network.
Data Stored
Prst.ai stores only necessary information for it's operations. These information is fully depends on what you, or your team posts to prst.ai.
Because of that the stored information may contain:
all input comes from your system as prompt parameters
all output data comes from external AI providers
feedbacks
any data proxy through prst.ai
system logs
credentials that you may pass to prst.ai
Data Transfer
Prst.ai does not transmit any personal or technical information about your system outside your environment. We prioritize your data privacy, and as such, we do not utilize any metrics, logs, or other information regarding your executions, your system, or environment.
❗️Note: For support operations, we may contact you directly in accordance with our General Agreement or based on a custom NDA or Contract.
If the support option is purchased, the Prst.ai installation may send requests outside your system to notify us at PRST.AI about your support request. During this operation, the following information may be sent:
| Field | Description |
|---|---|
Organization | The organization name, provided via ENV Variables during installation |
License Key | Prst.ai internal key for installation tracking |
Email of the administrator, provided via ENV Variable ROOT_EMAIL | |
Support Category | Predefined text to identify the purpose of the support request |
Description | Additional information provided during support request creation |
Ticket ID | Unique identifier of the ticket inside your system |
Data Encryption
While Prst.ai installation relies on your infrastructure, all sensitive information is stored encrypted and accessed only when necessary. Such information as credentials to external AI providers uses ENCRYPTION_SECRET you can provide via ENV Variables to encrypt it. It's also possible to use external DB to store all of your data in encrypted way such as AWS RDS or any similar.
💡 Note: Please refer to your regulation to make sure the way YOU USE prst.ai is align with it.
GDPR, HIPAA, CCPA, and Other Compliances:
As Prst.ai is a self-hosted solution installed within your network, you maintain full control over data practices and ownership. By default, Prst.ai does not store any personal information and operates solely within your installation. It's important to align your usage of Prst.ai with relevant regulations, such as GDPR, HIPAA, CCPA, and others.
❗️Note: For support operations, we may contact you directly in accordance with our General Agreement or based on a custom NDA or Contract.
Best Practices:
Create Your Own ENCRYPTION_SECRET:
Generate a strong encryption_secret to encrypt your data in the database and pass it via environment variables during installation.
Use VPN:
Keep your Prst.ai solution within a private network with VPN access granted to individual organization members. Avoid making your private Prst.ai server publicly accessible to minimize security risks.
Use Strong Passwords
After installation, reset the password for the administration account to a strong, unique password that differs from the initial installation credentials.
Keep Your Credentials Safe
Avoid sharing credentials via chats, messengers, or personal accounts. Utilize password managers like Bitwarden to securely store and manage your Prst.ai administrator password.
Limit Access to Your Prst.ai Installation
Secure your server where Prst.ai is installed with practices such as port restrictions, security groups, IP whitelisting, etc. Ensure that only trusted users, such as your DevOps team, have access to the installation and its configurations.
Last updated
