InfraPrism
SOC 2 Type II Certified

Security at InfraPrism

We built InfraPrism for regulated industries. Security and privacy aren't features—they're the foundation.

The InfraPrism Difference

Most observability tools require you to proxy your LLM traffic through their servers. That means they see every prompt, every completion, every piece of potentially sensitive data.

InfraPrism is different. Our SDK runs in your environment and only sends metadata to our servers. Your actual prompts and completions go directly to OpenAI, Anthropic, or Azure—we never see them.

Security Practices

SDK-Only Architecture

Your prompts and completions never touch our servers. We only receive metadata: token counts, model used, latency, and your entity tags. This is privacy by architecture, not by policy.

Encryption Everywhere

All data in transit is encrypted with TLS 1.3. All data at rest is encrypted with AES-256. API keys are hashed using bcrypt before storage.

Infrastructure Security

We run on hardened infrastructure with strict network isolation. All access requires multi-factor authentication. Systems are patched within 24 hours of critical CVEs.

Minimal Data Collection

We collect only what's necessary for cost calculation. No prompt content, no completion content, no PII unless you explicitly include it in entity tags.

Access Controls

Role-based access control (RBAC) for all dashboard features. Enterprise plans include SSO with SAML 2.0 and OIDC support.

Compliance

SOC 2 Type II certified. HIPAA BAA available for Enterprise customers. GDPR compliant with EU data residency options.

Data We Collect

What We Collect

  • • Token counts (input and output)
  • • Model identifier (e.g., gpt-4o, claude-3)
  • • Request latency
  • • Calculated cost
  • • Your entity tags (customer, team, project, employee)
  • • Custom metadata tags you provide
  • • Timestamp
  • • Success/failure status

What We Never See

  • • Prompt content
  • • Completion/response content
  • • System messages
  • • Function/tool definitions
  • • Image inputs
  • • Audio inputs
  • • Any actual data processed by the LLM

Vulnerability Disclosure

We appreciate security researchers who help us keep InfraPrism secure. If you've discovered a vulnerability, please report it responsibly.

Email us at [email protected] with details of the vulnerability. We'll acknowledge receipt within 24 hours and provide an initial assessment within 72 hours.

Please do not publicly disclose vulnerabilities until we've had a chance to address them.

Questions about security?

Our team is happy to discuss our security practices in detail.

Contact Us View Compliance