Security

This page summarizes how security is approached in the current public SmartPromptsAI Sprint website, checkout, intake, and delivery flow.

Current workflow overview

• Paid Sprint packages are purchased through secure checkout.
• After checkout, intake details are submitted through the current Sprint intake flow.
• Manual review requests are submitted through current SmartPromptsAI request forms.
• Clarification, delivery, and revision follow-up are handled asynchronously by email.

Access control

• Access to operational systems is limited to the operator account(s) required to run the Sprint.
• Access is kept to the minimum needed for checkout handling, intake review, clarification, and delivery.
• Client materials are handled only in the context of the requested Sprint work.

Data in transit

• Web traffic uses HTTPS where supported by the platform providers in the current public flow.
• Payment data is processed through Stripe’s checkout environment rather than stored directly by SmartPromptsAI.
• Email delivery depends on the transport security capabilities of the active email providers used in the flow.

Data minimization

• Only information needed to evaluate fit, process checkout, complete intake, deliver the Sprint, and handle follow-up is requested.
• Unnecessary access, irrelevant materials, and unrelated account permissions are not required by default.
• Where possible, the Sprint is delivered without requesting full admin access to client tools.

Retention and deletion

Client data is retained for up to 90 days after Sprint completion for delivery follow-up, clarification, revision handling, and support related to the completed work. After that window, materials should no longer be kept in active working use unless a separate operational reason applies.

Third-party providers

Providers used in the current public Sprint flow are listed on the Subprocessors page. Privacy handling is described on the Privacy page.

Security contact

Security questions can be sent to admin@smartpromptsai.ai.