How we handle your data.
Plain answers, not buzzwords. Everything on this page describes how Presaga works today — not what we intend to do. If it isn't live, it isn't here.
The data you entrust to us.
To run a briefing we hold your account details (name, email, organization), the material you submit (the situation, message, or document you're testing), and what PRISM produces from it (reports, stakeholder analysis, and any report-chat history). The content you submit and everything derived from it is encrypted at rest — see below.
And what never touches our database.
We do not store your payment card details — card data is handled entirely by Stripe; we keep only a customer reference. Messages sent through our contact form are emailed to us, not saved to a database. And we do not sell customer data, ever.
Encrypted at rest. Encrypted in transit.
Specifics, not adjectives.
Your content is encrypted before it's stored
The material you submit, the reports PRISM generates, simulation analysis, report-chat history, and uploaded files are encrypted with AES (via the Fernet standard) before they're written to the database or disk. Your two-factor secret is encrypted too; passwords are hashed with bcrypt.
Everything travels over TLS
All traffic to Presaga is served over HTTPS with HSTS enforced. The database runs on the same machine over a loopback connection — your content never crosses a network in the clear.
Backups are encrypted too
Database backups are AES-256 encrypted and access-restricted. A stolen backup is ciphertext.
Because your content is encrypted before it reaches the database or a backup, theft of our database or a backup alone cannot expose it. This is encryption at rest, not zero-knowledge encryption: running the service means our systems decrypt your content to process it, so we don't claim that even we can never see it. We'd rather state the boundary precisely than imply more than is true.
Hosted and processed in Canada.
Presaga runs on dedicated Canadian infrastructure, and all language-model work runs on Cerebras in Montreal. Your inputs, results, and history stay inside Canadian borders — no calls to US-hosted APIs, no transit through foreign jurisdictions.
You decide how long we keep it.
We keep your content until you remove it
Your simulations, reports, and uploads are retained until you delete them — we don't quietly age them out, and we don't repurpose them. They're there when you need them, and gone when you say so.
Delete a briefing, or your whole account
You can delete an individual simulation, a project, or your entire account from your settings. Account deletion is confirmed with your password and two-factor code, then removes your content and uploaded files. Financial records are anonymized and retained only as required for accounting.
Your content isn't in our logs
Application logs record operational details — identifiers, timings, errors — not the content of your submissions or reports. Secrets are redacted before anything is written.
You don't have to take our word for it.
Presaga's stack is open source under AGPL-3.0. Your security team can read the source, see exactly how data is handled, and audit the data flow themselves — rather than trusting a claim on a page. That's the point: the implementation is the evidence.
