Trust & Security
Built for regulated industries.
Pretense is a security tool. We hold ourselves to the standards we help our customers achieve. This page documents our security architecture, compliance posture, and enterprise controls.
Compliance Status
Last updated: April 2026. Certifications in progress are verified by third-party auditors.
Audit in progress with Vanta. Controls mapped and evidence collection active.
Observation period begins Q3 2026 following Type I completion.
Third-party review of data flows, PHI handling, and technical safeguards completed.
Data flow mapping, DPA template, and subprocessor list maintained. DPA available on request.
External pentest of CLI proxy, API surface, and dashboard scheduled.
Roadmap item following SOC 2 Type II. ISMS framework being scoped.
Security Controls
Data Architecture
Local-first proxy
The Pretense proxy runs on the developer's machine. Code never transits through Pretense infrastructure. It goes directly from the proxy to the AI provider.
No code storage
Pretense does not store prompt content or code on any Pretense server. Audit logs contain metadata only (token counts, mutation counts, timestamps) - not prompt content.
Mutation is one-way ephemeral
The mutation map is stored only on the developer's machine. Pretense cannot reverse-mutate code because Pretense never sees the mutation map.
Encryption
TLS 1.3 in transit
All traffic from the proxy to AI providers uses TLS 1.3 with strong cipher suites. The local proxy-to-developer connection is loopback (127.0.0.1) - no external network exposure.
AES-256 at rest
Dashboard database and audit log storage use AES-256-GCM encryption at rest.
Mutation keys never transmitted
The deterministic mutation algorithm derives transformation keys locally. No key material is transmitted over any network.
Access Controls
API key scoping
Dashboard API keys are scoped to specific operations. Read-only, write, and admin scopes are separate credentials.
SSO/SCIM (Enterprise)
Enterprise plans support SAML 2.0 SSO and SCIM provisioning via BoxyHQ. Supported providers: Okta, Azure AD, Google Workspace, OneLogin.
Audit log immutability
Audit log entries are append-only. Deletion requires explicit admin action with a separate audit trail.
Infrastructure
CLI package integrity
npm packages are signed with a verified npm publisher account. SHA-256 checksums are published with each release. Consumers can verify with `npm audit`.
Local release gate security
7-layer local release gate runs lint, type-check, unit tests, self-scan, and secret scan before every commit. No external CI dependency - enforcement is on-machine.
Dependency management
Dependencies are locked with pnpm lockfiles. Dependabot alerts are reviewed within 48 hours. Critical CVEs are patched same-day.
Incident Response
Disclosure SLA
Security reports acknowledged within 24 hours. Severity assessment within 72 hours. Critical issues patched within 7 days of confirmed reproduction.
Breach notification
Enterprise customers notified within 72 hours of confirmed breach affecting their data, consistent with GDPR Article 33 requirements.
Security contact
security@pretense.ai - PGP key available at /security. We do not use HackerOne or Bugcrowd. Direct contact preferred for coordinated disclosure.
Data Flow Architecture
// Developer machine — nothing leaves without mutation
Developer IDE (Cursor / Claude Code / Copilot)
↓ prompt containing proprietary identifiers
Pretense Proxy (localhost:9339)
→ Secret scan: blocks credentials, PII patterns
→ Mutation: `patient_id` → `pt_9a4f`
→ Audit log: timestamp, mutation count, tool (no content)
↓ mutated prompt (no real identifiers)
AI Provider API (api.anthropic.com / api.openai.com)
↓ AI response with mutated identifiers
Pretense Proxy
→ Reverse mutation: `pt_9a4f` → `patient_id`
↓ clean response with original identifiers
Developer IDE - sees correct, complete code
Pretense infrastructure never sees prompt content. The proxy is a local process on the developer's machine.
Subprocessors
Pretense uses a minimal set of subprocessors. AI providers are only subprocessors when a developer actively routes traffic to them. They do not receive data otherwise.
| Vendor | Purpose |
|---|---|
| OpenAI | AI model inference (when developer routes to OpenAI via Pretense proxy) |
| Anthropic | AI model inference (when developer routes to Anthropic via Pretense proxy) |
| Vercel | Dashboard hosting and edge functions |
| GitHub | Source code repository, CI/CD, issue tracking |
| Vanta | SOC 2 compliance monitoring and audit preparation |
Enterprise Security Review
Enterprise customers can request: Data Processing Agreement (DPA), security questionnaire responses (Caiq, SIG Lite, custom), architecture review calls with our security team, and early access to SOC 2 Type I report upon completion.