Prodix is built to handle sensitive customer feedback data responsibly. Protecting the data you share with us is a core part of how we build and operate the product — not an afterthought. We continually invest in our infrastructure, monitoring, and processes to maintain high standards of security.
Customer data is encrypted at rest using AES-256 encryption. This includes feedback, analysis results and account information.
All traffic between your browser and Prodix is encrypted in transit using TLS 1.2 or higher with industry-standard cipher suites and SHA-256 certificate signatures. HTTP Strict Transport Security (HSTS) is enabled.
Before customer feedback is processed by AI, we redact personally identifiable information (PII) such as names, email addresses, and phone numbers. This is designed to prevent raw PII from reaching our AI processing pipeline.
Access to customer data is limited to what is required to deliver the service. Internal access to production data is restricted to authorised personnel only, on a need-to-know basis.
Prodix uses a multi-tenant architecture that logically separates customer data through authentication and authorisation checks. All customer accounts are assigned a unique identifier which will allow access to only services and data consistent with the privileges assigned. Tenant isolation is verified by automated tests.
Prodix uses Anthropic and OpenAI APIs for AI-powered analysis of customer feedback. Both are used under their commercial API terms, which include confidentiality and data protection obligations.
The full list of subprocessors we use, including non-AI vendors, is maintained in our Privacy Policy, and we will notify customers of any material changes.
All traffic to Prodix is served over HTTPS with platform-level DDoS mitigation provided by our hosting platform. Standard application hardening is in place to protect against common web vulnerabilities, including CSRF protection and secure session cookies. Authentication and signup endpoints are rate-limited to protect against automated abuse.
Security-relevant events such as failed logins, account lockouts, and access-control violation attempts are captured with structured logging. Failed login attempts are tracked, and repeated failures result in a temporary account lockout to protect against brute-force attacks.
Every change to the application runs through an automated test suite before it ships to production. The suite covers core application functionality and security-critical paths, including authentication, access control, and tenant isolation.
Prodix is built to meet GDPR requirements applicable to our role as a data processor. Key measures include:
If you have security-related questions or concerns, please contact us at support@prodixapp.com