Frequently Asked Questions

Everything you need to know about SafePrompt

Last Updated: October 6, 2025 (Phase 1A Intelligence System)

General Questions

What is prompt injection?

Prompt injection is a security vulnerability where attackers manipulate AI systems by inserting malicious instructions into user inputs, causing the AI to perform unintended actions or reveal sensitive information.

How does SafePrompt work?

SafePrompt uses a 3-stage validation system:

  1. Pattern Detection - Instant blocking of known attack patterns
  2. External Reference Detection - Identifies suspicious URLs, IPs, and commands
  3. AI Validation - Deep semantic analysis when needed

How fast is SafePrompt?

Pattern detection: Instant
External reference detection: Fast
AI validation: Fast response
Overall: Most requests under 100ms

🧠 Data Collection & Privacy (Phase 1A)

What data does SafePrompt collect for threat intelligence?

We collect validation results (safe/unsafe), attack patterns, and metadata. For Free tier, only blocked requests. For paid tiers (if opted in), all requests. Personal data (actual prompts and IP addresses) is automatically deleted after 24 hours. Only anonymized hashes are retained for pattern analysis.

Data Collection Details:

  • Free Tier: Only blocked requests collected automatically
  • Paid Tiers (Early Bird/Starter/Business): All requests if opted in (default: ON, can disable)
  • First 24 hours: Full prompt text + client IP stored for analysis
  • After 24 hours: Automatic anonymization - prompt text & IP deleted permanently
  • Permanent storage: Only cryptographic hashes (SHA-256, no PII, cannot reverse)

What is "threat intelligence collection"?

When SafePrompt blocks an attack on one customer, it learns from it and protects all customers. This creates a network effect where the entire community benefits from collective defense.

Example: If Customer A gets attacked with a novel prompt injection, SafePrompt immediately recognizes and blocks that same pattern for Customer B, C, D... without any configuration changes.

How does 24-hour anonymization work?

Every hour, automated background jobs run to anonymize data older than 24 hours:

  • Prompt text deleted: The actual malicious prompt is permanently removed
  • IP address deleted: Client IP addresses are permanently removed
  • Hashes remain: Only cryptographic hashes (one-way, irreversible) are kept
  • No way to reverse: Hashes cannot be used to reconstruct original prompts or identify users

This process is automatic, mandatory, and cannot be disabled (GDPR/CCPA compliance).

Why should I contribute to threat intelligence?

Network Effect Benefits:

  • Zero-day protection: Get protected from brand new attacks you've never seen
  • Faster detection: Patterns detected across network applied instantly
  • IP reputation tracking: Identify malicious IPs based on global activity patterns
  • Multi-turn attacks: Context-based attacks detected across customer base

Think of it like antivirus definitions - when one customer gets attacked, everyone's defenses improve.

Can I opt out of intelligence sharing?

Paid tier users can disable intelligence sharing in Privacy Settings. Free tier users contribute blocked requests as part of the service (this helps protect all users).

Free Tier:

No opt-out. Intelligence contribution is required for free service. This is how we can offer a free tier - by building a collective defense network. Only blocked requests are contributed.

Paid Tiers (Early Bird/Starter/Business):

Opt-out available. Dashboard → Settings → Privacy → "Contribute to Network Intelligence" toggle OFF

  • • Validation accuracy remains identical (same detection models)
  • • You still benefit from network intelligence for improved protection
  • • You just don't contribute your data to the network

How does IP reputation tracking work?

SafePrompt tracks IP reputation across the network to identify patterns of malicious behavior. We use cryptographic hashes, so the actual IP cannot be reversed, ensuring privacy.

All Tiers:

✅ Benefit from network intelligence (detection improves)
✅ Privacy-first: Only hashed IPs stored
✅ Attack pattern correlation across customer base

Paid Tiers (Early Bird/Starter/Business):

✅ Advanced threat correlation
✅ Multi-turn session tracking
✅ IP reputation insights in dashboard

Is SafePrompt GDPR compliant?

Yes. You can export or delete your data anytime from the dashboard. We delete personal data after 24 hours, retaining only anonymized hashes under GDPR Article 17(3)(d) scientific research exception.

  • Data Export: Dashboard → Settings → Privacy → Export Data (JSON format)
  • Data Deletion: Dashboard → Settings → Privacy → Delete Data (immediate for <24h data)
  • API Access: Programmatic export/delete via REST API endpoints
  • Anonymization: Automatic after 24 hours (prompt text + IP addresses deleted)
  • Hash Retention: Only cryptographic hashes remain (no PII, cannot reverse)

What's the benefit of network defense for Free users?

Free users help build the threat intelligence database by contributing blocked requests. You benefit from improved pattern detection as the system learns from attacks across the network.

Free Tier Benefits:

  • ✅ Same validation accuracy as paid tiers
  • ✅ Benefit from network-wide pattern detection
  • ✅ Protection from novel attacks discovered across network
  • ✅ Automatic GDPR export/delete capabilities

Why Contribute?

By contributing blocked requests, you help protect the entire SafePrompt community. Think of it like antivirus definitions - when one user gets attacked, everyone's protection improves. All data is anonymized after 24 hours (only hashes remain).

Pricing & Plans

Is there a free tier?

Yes! 1,000 validations/month completely free.

Free tier includes network intelligence protection, but requires contributing blocked prompts to threat intelligence (no opt-out, 24h anonymization applies).

What are the paid tier options?

Early Bird: $5/month (beta pricing, locked forever)
Starter: $29/month (same features as Early Bird)
Business: $99/month (250K validations/month)

  • 10,000 validations/month
  • Priority support
  • Advanced threat correlation
  • Intelligence sharing opt-out
  • Lock in $5/mo forever (beta pricing)

How do I integrate SafePrompt?

Integration takes less than 5 minutes:

  1. Sign up and get your API key from the dashboard
  2. Make a POST request to our validation endpoint
  3. Check the response for threat detection

We provide SDKs for popular languages and comprehensive documentation with code examples.

Technical Questions

What's the accuracy rate?

Above 95% detection accuracy across prompt injection test suites.
Based on 3-stage validation: pattern detection, external reference detection, and AI validation with context sharing.

Do you support multi-turn conversations?

Yes! SafePrompt can track conversation context across multiple requests to detect multi-turn attacks (context priming, RAG poisoning).

Pass a session_token to enable session-based validation. Session data is automatically deleted after 2 hours of inactivity.

What makes SafePrompt different?

  • Developer-first: Simple API, no enterprise complexity
  • Transparent pricing: No sales calls, clear pricing on website
  • Fast: Sub-second response times
  • Accurate: High detection rate with low false positives
  • Network intelligence: Collective defense across all customers

Still have questions?

We're here to help! Reach out through our contact form and we'll get back to you quickly.

Contact Support →
← Back to Home