Skip to main content

Trust

Security & data handling

Procurement teams need clear answers before granting database or production access. This page describes how PrismBase protects client data across audits and consulting engagements.

Read-only credentials for audits

DB Optimizer uses read-only database credentials only. No INSERT, UPDATE, DELETE, or DDL permissions. Revoke access immediately after the audit window.

No row-level data exfiltration

We analyze metadata, query plans, schema statistics, and performance metrics, not customer PII or row-level production data unless explicitly scoped in a separate agreement.

Time-bounded access

Credentials and system access are used only during the agreed engagement window and documented in the SOW or engagement letter.

Minimal data collection

Contact forms collect business contact information only. Assessment results are stored to deliver recommendations, not sold or shared with third parties.

Encryption in transit and at rest

Website traffic uses TLS. Client credentials and deliverables are stored in encrypted cloud infrastructure with access limited to the principal consultant.

Incident response

We notify clients within 24 hours of any suspected security incident affecting their data. Contact security@prismbase.ai (routes to contact@prismbase.ai).

Subprocessors

ProviderPurposeLocation
VercelWebsite hosting and analyticsUS
CalendlyDiscovery call schedulingUS
Resend / email providerLead and contact notificationsUS

Compliance posture

  • PrismBase AI LLC is not SOC 2 or FedRAMP certified. We follow NIST AI RMF patterns for AI governance on client engagements.
  • For regulated workloads (biotech, financial services, healthcare, federal), we design architecture to your compliance requirements; we do not certify your environment.
  • Client owns all deliverables, models, and code produced under scoped engagements. IP transfer is standard in our SOW templates.

Questions? Email contact@prismbase.ai or review our enterprise onboarding.