EigenPrompt | Systematically Optimize LLM Prompts for Cost and Accuracy

Security at EigenPrompt

We take the security of your data seriously. This page provides a transparent overview of how we protect your information.

Data Storage

All persistent data is stored in a PostgreSQL database hosted on Supabase, which provides encryption at rest (AES-256 disk encryption) for all data. Saved prompt text, run base prompts, run optimization goals, evaluation dataset base prompts, and evaluation rows receive an additional layer of application-level AES-256-GCM encryption with per-account keys derived via HKDF.

Access Controls

Access to data follows the principle of least privilege. All data is tenant-isolated using per-account owner IDs. Administrative access to production infrastructure is restricted and audited.

Data Lifecycle

Deletion: Datasets and runs are soft-deleted immediately upon request and hard-purged on a retention schedule.
Account deletion: Triggers a full purge of all associated evaluation data, runs, API key material, and anonymization of your user record.
Retention: Configurable data retention is available. Anonymized aggregate data is reviewed and pruned annually.

Encryption

Layer	Method	Scope
At rest (infrastructure)	AES-256 disk encryption (Supabase)	All persisted data
At rest (application)	AES-256-GCM with per-account HKDF-derived keys	Saved prompt text, runs, dataset prompts, and evaluation rows
In transit	TLS 1.2+	All connections
API key storage	Argon2id + HKDF + AES-256-GCM key wrapping	User API keys

Aggregate Learning

To improve our optimization algorithms, we process anonymized and aggregated metadata from optimization runs — such as prompt structure patterns, scoring distributions, and optimization performance signals. This never includes your raw prompts, raw evaluation data, or API keys.

You can opt out of Aggregate Learning at any time in your Privacy Settings. We will always honour your choice.

Subprocessors

The following third-party services process data on our behalf:

Provider	Purpose	Data Processed
Vercel	Web application hosting	Request metadata, static assets
Supabase	PostgreSQL database	All persistent user data (encrypted at rest)
Stripe	Payment processing	Billing info, subscription status
PostHog	Product analytics	Usage events (consent-gated, opt-out available)
Railway	Backend optimization service	Optimization requests via API
LLM Providers (OpenAI, Anthropic, etc.)	AI model inference	Prompts routed through user's own API keys

Enterprise

For custom data handling agreements, DPAs, or compliance questions, contact us at alpha@eigenprompt.ai.