Security & Privacy

How LaunchPromptly protects your data. Built for teams that need to pass security reviews.

How your data flows

Guardrails run inside your application. No API proxy. No data routing through our servers.

Your Application

User sends a prompt

LaunchPromptly SDK

PII redacted, injection checked, cost estimated

Runs in-process — no network call

Your LLM Provider

Receives clean, redacted prompt

LaunchPromptly Dashboard

Receives metadata only: token counts, costs, guardrail trigger types

No prompt text, no PII values, no user content

Defense-in-depth architecture

Four coordinated security layers protect every LLM call. Each layer runs client-side inside your application.

L1: Input/Output Detection

L2: Red Team Engine

L3: Context Engine

L4: Response Judge

Your LLM Call

L1: Detection

14+ guardrails scan every input and output. PII redaction, injection blocking, content filtering. <5ms.

L2: Red Team

80+ attack payloads test your guardrails before production. OWASP LLM Top 10 mapping included.

L3: Context

Parses your system prompt once. Extracts role, topics, constraints, and boundaries. Cached per prompt hash.

L4: Judge

Checks every LLM response against L3 constraints. Catches topic drift, role breaks, and boundary violations.

What we see vs. what we don't

What we receive

Token count (input & output)
Model name (e.g. gpt-4o)
Estimated cost per request
Latency (ms)
Guardrail trigger types & counts
Injection risk score
Redaction applied (boolean)
Timestamps
Customer ID (if provided)

What we NEVER receive

Prompt text (by default)
Response text (by default)
PII values (emails, SSNs, etc.)
Raw user content
API keys or secrets
File uploads or attachments
IP addresses of end users

Optional: promptPreview and responseText can be enabled for debugging. When enabled, they are encrypted with AES-256-GCM at rest.

Security architecture

Client-side processing

In-process: PII is redacted inside your app before it reaches any network boundary
Zero dependencies: Core SDK uses regex only — no ML models, no external services
Sub-millisecond: Regex scanning adds <1ms per LLM call

Encryption

At rest: AES-256-GCM for any stored sensitive fields (prompt previews, response text)
In transit: HTTPS/TLS for all API communication
API keys: bcrypt-hashed, only prefix stored in plaintext

Zero telemetry

SDK makes no calls to LaunchPromptly analytics or tracking
Events go to your configured endpoint only
No phone-home, no usage beacons, no third-party analytics

Local ML models

Optional ML models (NER, DeBERTa, Toxic-BERT) run on your machine
ONNX runtime — no cloud ML API calls
Data never leaves your infrastructure, even with ML enabled

Context-aware protection

L3: Parses your system prompt once and extracts structured constraints
L4: Enforces those constraints on every LLM response
Prompt changes are auto-detected via hash comparison — no stale context

Proactive testing

L2: 80+ attack payloads run against your guardrail configuration
Scored vulnerability report with OWASP LLM Top 10 mapping
Find weaknesses before production, not after

Compliance posture

Features that help you meet regulatory requirements.

Data retention

Configurable per project (default 90 days). Auto-enforced by scheduled cleanup.

Available

Audit logging

Every guardrail decision logged with timestamps, severity, and customer context. Searchable and filterable.

Available

Data deletion API

Delete events by customer ID or age. Supports HIPAA right-to-deletion and GDPR erasure requirements.

Coming soon

Data export API

Export all data for a given customer. Supports GDPR data portability requirements.

Coming soon

Security report export

Generate PDF security reports from the dashboard for procurement reviews.

Coming soon

Questions about our security practices?

We're happy to walk through our architecture with your security team.

Start Free Beta Read the SDK Docs