Security

SmartPromptsAI is an asynchronous, email-first service. We use a small set of third-party providers to operate intake, webhook handling, and email delivery. This page summarizes how security is approached in the Sprint workflow.

Workflow overview

Intake is submitted via an online form.
Data is transferred via a webhook to our hosting environment.
Delivery and follow-ups are handled via email.

Access control

Access to operational tools (form platform, hosting, and inbox) is restricted to the operator account(s).
We keep access limited to what is necessary to deliver the Sprint.

Data in transit

Web traffic uses HTTPS where supported by the platform providers.
Email delivery relies on the email provider’s transport security capabilities.

Data minimization

We only request and use information needed to evaluate intake, deliver the Sprint, and communicate about clarifications and delivery.

Retention

Retention is described in our Privacy Policy. As a default operating policy, client data is retained for up to 90 days after completion for follow-ups and delivery-related communication.

Subprocessors

Providers used to operate the workflow are listed on the Subprocessors page.

Security contact

Security questions can be directed to admin@smartpromptsai.ai.

This is a human-led service. We avoid “security theater” claims and stick to describing the actual workflow and tooling.