Security
How we protect your keys, traffic, and cached data.
Last updated: June 4, 2026
Encryption
All traffic uses TLS 1.2+. Provider keys in the vault are encrypted at rest. Prune API keys are stored as SHA-256 hashes only.
Network & headers
Production API uses CORS allowlists, TrustedHostMiddleware, security headers (HSTS, X-Frame-Options DENY, nosniff), and per-key rate limiting.
Cache privacy
Cache keys are derived from hashed payloads. Semantic cache stores embeddings and responses scoped to your account — not shared across tenants.
Enterprise options
VPC deployment, zero-retention mode, SSO, and audit logs are available on Enterprise plans. Contact sales for a security questionnaire.
Reporting
Report vulnerabilities to security@withprune.com. We aim to acknowledge reports within 48 hours.
Questions? Contact hello@prune.so