Trust
Security & data handling
Procurement teams need clear answers before granting database or production access. This page describes how PrismBase protects client data across audits and consulting engagements.
Read-only credentials for audits
DB Optimizer uses read-only database credentials only. No INSERT, UPDATE, DELETE, or DDL permissions. Revoke access immediately after the audit window.
No row-level data exfiltration
We analyze metadata, query plans, schema statistics, and performance metrics, not customer PII or row-level production data unless explicitly scoped in a separate agreement.
Time-bounded access
Credentials and system access are used only during the agreed engagement window and documented in the SOW or engagement letter.
Minimal data collection
Contact forms collect business contact information only. Assessment results are stored to deliver recommendations, not sold or shared with third parties.
Encryption in transit and at rest
Website traffic uses TLS. Client credentials and deliverables are stored in encrypted cloud infrastructure with access limited to the principal consultant.
Incident response
We notify clients within 24 hours of any suspected security incident affecting their data. Contact security@prismbase.ai (routes to contact@prismbase.ai).
Subprocessors
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Website hosting and analytics | US |
| Calendly | Discovery call scheduling | US |
| Resend / email provider | Lead and contact notifications | US |
Compliance posture
- PrismBase AI LLC is not SOC 2 or FedRAMP certified. We follow NIST AI RMF patterns for AI governance on client engagements.
- For regulated workloads (biotech, financial services, healthcare, federal), we design architecture to your compliance requirements; we do not certify your environment.
- Client owns all deliverables, models, and code produced under scoped engagements. IP transfer is standard in our SOW templates.
Questions? Email contact@prismbase.ai or review our enterprise onboarding.