Your App is Safe With Us
You're trusting us to poke at your AI. Here's why that's not as scary as it sounds.
We Never Touch Your Users
Zero customer data access. We only send test prompts to your API — the same thing any user could type. We don't access your database, your auth system, or any real user data. Ever.
Your API Key Stays Yours
If your API requires authentication, we use your token solely to run the scan — then discard it. We don't store API keys, and they never leave our secure scanning environment.
We Won't Break Anything
Our tests are read-only security probes — text prompts designed to test how your AI responds. We don't:
Think of it like someone asking your chatbot tricky questions. That's literally all we do.
What We Send
Every "attack" is just a text prompt. Examples:
Your AI either resists or doesn't. We record the response, grade it, and move on.
What We Store
| Data | Stored? | How Long | Why |
|---|---|---|---|
| Your email | Yes | Until you delete | To send your report |
| API endpoint URL | Yes | 90 days | To generate your report |
| Test prompts we sent | Yes | 90 days | To show you what we tested |
| Your AI's responses | Yes | 90 days | To explain vulnerabilities |
| Your API key/token | No | Never stored | Used once, then discarded |
| Your system prompt | Optional | 90 days | Only if you share it with us |
Scan data is automatically deleted after 90 days. You can request deletion anytime.
Our Infrastructure
In all of our scans, we've had zero incidents affecting customer systems.
Still Nervous?
Totally fair. Here are your options:
Use a staging endpoint
Point us at a test/staging version of your API for complete peace of mind.
Talk to us
Book a 15-min call and we'll walk you through everything.