The honest version.
Marketing Prompt Hub is built and operated by one person. The architecture is deliberately simple, static files for the prompt library, a small FastAPI backend on Fly.io for payments and member access, SQLite for the user table. There's no analytics tracker, no behavioral profile, no marketing list, no third-party JavaScript. This page describes what we do for security today, what we plan to add, and what we don't have so a procurement team can make a calibrated decision rather than a surprised one.
What we have today
| Control | Status | Detail |
|---|---|---|
| HTTPS-only, HSTS | Live | TLS 1.3 via Cloudflare on the frontend, Fly.io on the backend. HSTS preloaded. |
| Encryption at rest | Live | SQLite database lives on a Fly.io encrypted volume in the lhr region (London). |
| Webhook signature verification | Live | Stripe webhook payloads are signature-verified before any user record is created. Bad signatures → 400 immediately. |
| Single-use, time-limited magic-link tokens | Live | 30-minute TTL, single-use, cryptographically random (32-byte URL-safe). |
| Signed session tokens (constant-time) | Live | itsdangerous URLSafeTimedSerializer; 30-day expiry; constant-time signature verification. |
| Rate limiting on auth + checkout endpoints | Live | slowapi IP-based limiter (10/min on /auth/validate, 10/min and 60/hour on /checkout). |
| No payment data on our servers | Live | Stripe handles all card data. Our database stores only the Stripe session ID. |
| Dependency surface kept minimal | Live | FastAPI + Stripe SDK + Resend SDK + itsdangerous + slowapi. No tracking SDKs, no analytics, no auth-as-a-service vendor. |
| Sub-processor change policy | Live | 30 days advance notice to all paying customers before adding or replacing a sub-processor that touches personal data. |
| 72-hour breach notification | Live | If we discover a personal-data breach affecting your account, we'll notify you within 72 hours, per GDPR Article 33. |
| GDPR DPA available on request | Live | Countersigned DPA delivered within 2 business days. Email hello@marketingprompthub.com. |
What's on the roadmap
| Control | Status | Detail |
|---|---|---|
| SOC 2 Type I | Roadmap | Honest framing: not in progress yet. Realistic candidate for late 2026 if enterprise-tier demand justifies the ~$15-25k audit + tooling cost. Will publish a public timeline once kicked off. |
| ISO 27001 | Roadmap | Same shape as SOC 2. Out of scope for v1; revisit as enterprise pipeline matures. |
| Public security.txt + bug bounty | Roadmap | Targeting Q3 2026. For now, security reports go to hello@marketingprompthub.com with subject "Security." |
| Annual penetration test | Roadmap | Planned alongside SOC 2 Type I. |
What we don't have, and why we're being honest about it
| Control | Status | Why |
|---|---|---|
| SOC 2 Type II | Not yet | Type II requires a 6-12 month observation window after Type I. Out of scope for v1. If you require SOC 2 Type II to onboard a vendor, we are not the right vendor for you today. |
| HIPAA / FedRAMP / CJIS / IL5 | Not applicable | The product processes marketing prompts and customer email/tier data. It is not designed for PHI, government, or other regulated workloads. Don't use it for those. |
| SSO / SAML / SCIM | Not yet | Auth is magic-link based. SSO might land in a future enterprise tier; not currently planned for v1. |
| Custom data residency | Not yet | Backend is in lhr (London, EEA). If you need a specific non-EU region for compliance, we can't accommodate today. |
Anthropic / Claude data flow
The prompts you copy from Marketing Prompt Hub run inside your own Claude account (claude.ai, Claude Desktop, Claude Code, or the Anthropic API via your own key). We never see what you paste into Claude or what Claude generates back. Your inputs and outputs are governed by your direct relationship with Anthropic, see Anthropic's privacy policy and commercial terms.
Anthropic's policy as of this writing: API customers' inputs and outputs are not used to train models by default. claude.ai consumer accounts have a separate policy, review Anthropic's privacy page for current terms. If your strategic context is sensitive, route Claude usage through the API with a paid Anthropic account to maintain the no-training default.
Sub-processor change policy
Our current sub-processors (Stripe, Resend, Fly.io, Cloudflare) are listed in our privacy policy. If we add or replace a sub-processor that processes personal data, we will notify all paying customers by email at least 30 days in advance. You may object, if we can't accommodate, you have the right to a pro-rata refund of any unused subscription period.
Incident response
If we discover a personal-data breach affecting your account, we will notify you by email within 72 hours of becoming aware, per GDPR Article 33. The notification will include: the nature of the breach, the data affected, the likely consequences, and the steps we are taking. We will also notify the relevant supervisory authority (Autoriteit Persoonsgegevens in the Netherlands) within the same window.
Reporting a security issue
Email hello@marketingprompthub.com with subject "Security." We commit to acknowledging within 2 business days. We will not pursue legal action against good-faith security research that follows responsible-disclosure norms (no DDoS, no exfiltration of customer data, no destructive testing). A public bug-bounty page is on the roadmap for Q3 2026.
Audit access
If you are a paying customer on any paid tier (Single Pack, Agent Pack, or Strategy Operating System) and your procurement team requires it, we will share (under NDA) our infrastructure access logs, dependency manifests, and any third-party security review reports we have on file. Email hello@marketingprompthub.com with your company and the specific assurance your team needs.