Security

How Protet handles your data

A plain description of what actually happens, deployment mode by deployment mode — not a compliance checklist. If something here matters to your own security review and isn't covered, ask us directly.

On-prem deployment

The detection pipeline runs entirely inside your own infrastructure. Nothing about your build sessions — the commands executed, the findings generated — leaves your network unless you configure delivery to somewhere outside it yourself. Protet's control plane never sees your execve telemetry in this mode; its only role is issuing the license and signed model bundle your deployment verifies offline.

Model bundles and licenses are cryptographically signed and verified locally by your deployment before use. A deployment can run fully air-gapped: pull the signed bundle once, verify it, and operate with no ongoing network dependency on Protet's control plane.

Cloud tiers

Both cloud tiers — free and paid — are real-time only, by design. A finding is delivered live to your dashboard the moment it fires; if nobody is connected when that happens, it is not queued, retried, or stored anywhere — it's simply never seen. This isn't a free-tier limitation: neither cloud tier keeps a server-side history of findings, on the assumption that most customers don't want their build-session data sitting in our cloud regardless of what they're paying. A durable, always-delivered feed into your own SIEM is what the on-prem tiers are for.

Every ingest event on a cloud tier is authenticated with a per-customer credential, kept separate from the credentials used for anything else. Suspending an account blocks its ingest access immediately, rather than waiting for anything to expire on its own.

Account & credential handling

  • Passwords and tokens are never stored or logged in a form that could be read back — not even by us.
  • Session cookies are locked down against theft and cross-site misuse.
  • Every license change and account-status change is logged with who did it and when.

Transport & application hardening

  • TLS everywhere in production, with standard browser-hardening headers on every response.
  • Signup, login, and verification are all rate-limited to blunt automated abuse.
  • The application runs as a non-root user in its container.

Infrastructure

The control plane is hosted on Swiss infrastructure (Infomaniak).

Reporting an issue

If you find a security issue, we want to hear about it before anyone else does. Email hello@protet.io with details — we'll acknowledge and follow up directly.