Security

How we protect your data and maintain platform integrity

Last updated: January 22, 2026

Our Commitment to Security

At NarrativePrism, security is foundational to everything we do. We employ industry-leading practices to protect your data and ensure the integrity of our platform.

Infrastructure Security

Our infrastructure is built with security-first principles:

  • Cloud hosting: We use enterprise-grade cloud providers with SOC 2 Type II certification
  • Network security: All traffic is encrypted using TLS 1.3
  • DDoS protection: We employ multiple layers of DDoS mitigation
  • Firewalls: Web application firewalls protect against common attack vectors

Data Protection

We implement comprehensive data protection measures:

  • Encryption at rest: All data is encrypted using AES-256
  • Encryption in transit: All communications use TLS encryption
  • Access controls: Role-based access control (RBAC) limits data access
  • Audit logging: All access to sensitive data is logged and monitored

Application Security

Our application security practices include:

  • Secure development: We follow OWASP guidelines and conduct regular code reviews
  • Dependency scanning: Automated scanning for vulnerable dependencies
  • Penetration testing: Regular third-party security assessments
  • Bug bounty program: We work with security researchers to identify vulnerabilities

Authentication & Access

We provide robust authentication mechanisms:

  • Secure authentication: Industry-standard OAuth 2.0 and JWT tokens
  • Password security: Passwords are hashed using bcrypt with appropriate cost factors
  • Session management: Secure session handling with automatic expiration
  • API security: Rate limiting and API key management for integrations

Compliance

We maintain compliance with relevant standards and regulations:

  • GDPR: Full compliance with EU data protection requirements
  • CCPA: Compliance with California Consumer Privacy Act
  • SOC 2: Annual SOC 2 Type II audits (in progress)

Incident Response

We maintain a comprehensive incident response plan that includes detection, containment, eradication, and recovery procedures. In the event of a security incident, we commit to:

  • Prompt investigation and containment
  • Notification of affected users within 72 hours
  • Transparent communication about the incident and remediation steps
  • Post-incident review and process improvements

Responsible Disclosure

We appreciate the security research community's efforts in helping us maintain a secure platform. If you discover a security vulnerability, please report it to security@narrativeprism.com.

We ask that you give us reasonable time to address the issue before public disclosure, and we commit to acknowledging your report within 24 hours.

Contact

For security-related inquiries, please contact our security team at security@narrativeprism.com.