Security

Overview

We use reasonable technical and organizational safeguards designed to protect the Spatial service, including encryption in transit, access controls, secret-handling controls, and operational logging for abuse detection and incident response.

Current controls

• TLS for data transmitted to our hosted services
• Hashed storage for Spatial API keys
• Encryption or protected storage for certain secrets and local app credentials where supported by the operating system
• Access controls for production systems and sensitive data
• IP-address and device-fingerprint based anti-spam and abuse protections

Shared responsibility

Security is a shared responsibility. You are responsible for securing your devices, source repositories, local files, connected accounts, API keys, model-provider accounts, and any code or commands that you choose to run, merge, or deploy.

Some model flows run through third-party providers or local runners. Security practices and history retention for those flows are also affected by the underlying provider or runner, not just Spatial.

Vulnerability disclosure

If you believe you have found a security vulnerability, email support@prismos.dev with a clear description, impact assessment, reproduction steps, and any supporting material. If the issue is especially sensitive, you may also copy legal@prismos.dev.

Please do not exploit vulnerabilities, access data without authorization, disrupt the Service, or publicly disclose an issue before we have had a reasonable opportunity to investigate and remediate it.

No guarantee

No system is perfectly secure. This page describes our current practices at a high level and does not create a warranty, service commitment, or independent contractual security obligation.