Security at PrismPoster and how to report a vulnerability
PrismPoster protects your data with encryption at rest and in transit, and we welcome responsible disclosure if you find a security issue. Your stored data is encrypted where it lives, and connections between you and our services are encrypted as they travel. Full details of our security posture, and the right way to report a vulnerability, are at /security. If you believe you've found a security problem, please report it privately rather than disclosing it publicly so we can fix it first.
How is my data protected?
Two layers cover the basics:
- Encryption at rest — data stored on our infrastructure is encrypted, so it isn't readable in plain form if storage is accessed directly.
- Encryption in transit — data moving between your browser and PrismPoster, and between our internal services, is encrypted in flight.
On top of this, your generations are private by default, and the third parties that handle parts of your data are listed on our sub-processors page.
How do I report a security vulnerability?
Use the responsible disclosure path described at /security. The principle is simple: tell us privately, give us the details to reproduce the issue, and give us a reasonable chance to fix it before sharing it publicly. You can also reach us at support@prismposter.com. Reporting responsibly protects other users while the issue is being resolved.
What should I include in a report?
Give us enough to understand and reproduce the problem: what you found, where you found it, and the steps to trigger it. Clear, specific reports are the fastest way to a fix. Please don't access, modify, or delete other people's data while testing — describe the issue rather than exploiting it.
Who operates the service?
PrismPoster is operated by PrismLabs OÜ, based at Sepapaja tn 6, Tallinn 15551, Estonia. The same entity is responsible for the security of your data and for handling your data rights.
Frequently Asked Questions
Is my data encrypted on PrismPoster?
Yes. Data is encrypted at rest where it's stored and encrypted in transit as it moves across the network. The full security posture is described at /security.
How do I report a security bug I found?
Report it privately through the responsible disclosure process at /security, or email support@prismposter.com. Include steps to reproduce the issue, and please don't disclose it publicly before we've had a chance to fix it.
Where can I read PrismPoster's full security details?
Visit /security for our security posture and responsible disclosure policy. For who processes your data and where it's stored, see sub-processors and data location.