Prodix is built to handle sensitive customer feedback data responsibly. Protecting the data you share with us is a core part of how we build and operate the product — not an afterthought. We continually invest in our infrastructure, monitoring, and processes to maintain high standards of security.
All customer data — including feedback, analysis results, and account information — is encrypted at rest using AES-256 encryption. This applies to primary databases, replicas, and all backups.
All data transmitted between your browser and Prodix is encrypted using TLS 1.2 or higher. HTTP Strict Transport Security (HSTS) is enforced, preventing downgrade attacks and ensuring all connections use HTTPS. Unencrypted connections are not accepted.
Before any customer feedback is processed by AI, personal identifiers are automatically detected and removed. This ensures that raw personally identifiable information does not reach our AI processing pipeline.
Access to customer data is strictly limited to what is required to deliver the service. Internal access to production data is restricted to authorised personnel only, on a need-to-know basis. Each customer's data is isolated and inaccessible to other customers.
Prodix uses Anthropic and OpenAI APIs for AI-powered analysis of customer feedback. Both are bound by contract to protect your information and use it only for the purposes for which it was disclosed.
We maintain a current list of AI subprocessors and will notify customers of any material changes.
Data Protection Agreements are established with relevant customers and third parties to ensure appropriate processing and safeguards are in place for EU personal data. We apply a risk-based approach in the selection and ongoing monitoring of all third-party vendor relationships.
All traffic to Prodix is protected by DDoS mitigation and a web application firewall (WAF). Standard application security hardening measures are in place to protect against common web vulnerabilities.
Application activity is monitored in real time. Errors, exceptions, and suspicious activity patterns trigger automated alerts. Failed login attempts are tracked and blocked automatically to prevent brute force attacks. All application activity is logged, centralised, and retained for audit purposes.
Each customer's data is isolated at the application level. Tenant isolation is enforced and verified by a dedicated automated test suite to ensure no customer can access another customer's data.
All code changes are reviewed before deployment to production. An automated test suite covers core application functionality including security-critical paths. Dependencies are kept up to date to minimise exposure to known vulnerabilities.
Customer data is backed up regularly. Backups are encrypted and stored securely. In the event of data loss or system failure, we have the capability to restore from backups to minimise disruption.
Prodix is designed with GDPR compliance as a baseline requirement. As an EU-incorporated company processing data on EU servers, we are subject to GDPR and take our obligations seriously. Key measures include:
If you have security-related questions or concerns, please contact us at support@prodixapp.com