prune.
Back to home

Security

How we protect your keys, traffic, and cached data.

Last updated: June 4, 2026

Encryption

All traffic uses TLS 1.2+. Provider keys in the vault are encrypted at rest. Prune API keys are stored as SHA-256 hashes only.

Network & headers

Production API uses CORS allowlists, TrustedHostMiddleware, security headers (HSTS, X-Frame-Options DENY, nosniff), and per-key rate limiting.

Cache privacy

Cache keys are derived from hashed payloads. Semantic cache stores embeddings and responses scoped to your account — not shared across tenants.

Enterprise options

VPC deployment, zero-retention mode, SSO, and audit logs are available on Enterprise plans. Contact sales for a security questionnaire.

Reporting

Report vulnerabilities to security@withprune.com. We aim to acknowledge reports within 48 hours.

Questions? Contact hello@prune.so