Security
How Protet handles your data
A plain description of what actually happens, deployment mode by deployment mode — not a compliance checklist. If something here matters to your own security review and isn't covered, ask us directly.
On-prem deployment
The detection pipeline runs entirely inside your own infrastructure. Nothing about your build sessions — the commands executed, the findings generated — leaves your network unless you configure delivery to somewhere outside it yourself. Protet's control plane never sees your execve telemetry in this mode; its only role is issuing the license and signed model bundle your deployment verifies offline.
Model bundles and licenses are cryptographically signed and verified locally by your deployment before use. A deployment can run fully air-gapped: pull the signed bundle once, verify it, and operate with no ongoing network dependency on Protet's control plane.
Cloud tiers
Both cloud tiers — free and paid — are real-time only, by design. A finding is delivered live to your dashboard the moment it fires; if nobody is connected when that happens, it is not queued, retried, or stored anywhere — it's simply never seen. This isn't a free-tier limitation: neither cloud tier keeps a server-side history of findings, on the assumption that most customers don't want their build-session data sitting in our cloud regardless of what they're paying. A durable, always-delivered feed into your own SIEM is what the on-prem tiers are for.
Every ingest event on a cloud tier is authenticated with a per-customer credential, kept separate from the credentials used for anything else. Suspending an account blocks its ingest access immediately, rather than waiting for anything to expire on its own.
Account & credential handling
- Passwords and tokens are never stored or logged in a form that could be read back — not even by us.
- Session cookies are locked down against theft and cross-site misuse.
- Every license change and account-status change is logged with who did it and when.
Transport & application hardening
- TLS everywhere in production, with standard browser-hardening headers on every response.
- Signup, login, and verification are all rate-limited to blunt automated abuse.
- The application runs as a non-root user in its container.
Infrastructure
The control plane is hosted on Swiss infrastructure (Infomaniak).
Reporting an issue
If you find a security issue, we want to hear about it before anyone else does. Email hello@protet.io with details — we'll acknowledge and follow up directly.