Preppr.ai logoPreppr.ai

Preppr.ai Trust Center

Preppr.ai is an AI-native platform transforming how emergency management, healthcare, and enterprise resilience teams prepare for crises by unifying planning, threat analysis, and collaborative exercise design into a single, professional workflow. It helps organizations automate and scale the creation of HSEEP-aligned tabletop exercises and simulations that drive actionable preparedness outcomes, reducing manual effort while improving quality and consistency. Preppr’s commitment to security and trust is reflected in its secure-by-design, enterprise-grade architecture with SOC 2-level controls, role-based access, enterprise single sign-on, audit trails, logical data segregation, and strict data privacy practices that keep customer information private and under the customer’s control. The platform avoids using sensitive operational data to train external AI models, embeds compliance and accountability into its systems, and communicates its security commitments transparently through its trust center and contractual agreements.

connect@preppr.ai

Compliance

Links

Privacy PolicyTerms of Service

Resources

Preparedness Innovations, Inc - SOC 2 Type II - 2025
Physical Security Policy
Change Management Policy
Information Security Management System Statement of Applicability
Data Protection, Accountability, and Privacy by Design Policy

Controls

Access control procedures
Access review of infrastructure
VPN access
Multifactor authentication
Physical access control systems
Encryption of data
Data protection policy
Data transfer policy
Data transfer agreement
Cooperation agreements/data sharing frameworks
Source code tool
Business continuity and disaster recovery testing
Web application firewall
Vulnerability scanning
Outsourced Development Management
Intrusion detection tool
Infrastructure baseline hardening policy
SSL/TLS certificates for infrastructure
Network diagram
Monitoring, measurement, analysis and evaluation
Incident response and breach notification policy
Alerts and remediation
Breach notification communication
Security incident list
Test of incident response plan
Internal GDPR compliance assessments
Binding corporate rules policy
Whistleblower policy
Rectification request policy
Objection handling policy
Log management tool
Vendor management program
Vendor onboarding
Vendor list
Vendor termination
Consent records
Age verification and parental/guardian consent process
New employee and contractor agreements
Existing employee and contractor agreements
Customer onboarding
Security awareness training implemented
Employee handbook
Multi-availability zones
Asset register maintaining
Risk management program
Risk and Governance Executive Committee meeting minutes
Lawful basis assessment
Legitimate interest assessment
Patch management
Antivirus and malware configurations
Board charter
Asset register list
Termination checklist

FAQs

Preppr is hosted entirely on Amazon Web Services (AWS) infrastructure located in United States regions. Geographic location: All data is stored exclusively in U.S.-based AWS regions Data residency: No data is stored or processed outside the United States Infrastructure: AWS-hosted infrastructure accessed securely over HTTPS

Preppr relies on a limited number of vetted third-party processors that meet strong security and privacy standards: Amazon Web Services (AWS): Hosting and infrastructure with SOC 2 compliance, encryption at rest and in transit, and strict access controls OpenAI: AI processing with automatic deletion of inputs and outputs within 30 days, SOC 2 Type II compliance, AES-256 encryption at rest, TLS encryption in transit, and no default use of customer data for model training Anthropic: AI processing with short-term retention, SOC 2 Type I/II compliance, ISO 27001 and ISO/IEC 42001 certifications, HIPAA compliance, and no training on customer data without agreement Google Gemini: Analytical and generative AI services under paid data processing agreements, limited retention for abuse monitoring only, and broad ISO and SOC compliance DeepGram: Speech-to-text processing with temporary retention, SOC 2 Type II, HIPAA, PCI DSS, GDPR, and CCPA compliance, and no model training without explicit consent Unstructured.io: Document processing with no retention of inputs or outputs after request completion AskNews / DeepNews: Intelligence data aggregation with no user data or content storage

Yes. All data stored within Preppr is encrypted at rest using industry-standard encryption. Encryption standard: AES-256 encryption managed through AWS Key Management Service (KMS) Scope of encryption: User accounts, exercise data, uploaded documents, chat interactions, database backups, system logs, and all PostgreSQL database contents (including PG Vector extensions) Key management: Encryption keys are managed using AWS security protocols and are accessible only to authorized systems and personnel Third-party standards: All third-party providers maintain equivalent encryption standards, including AES-256 encryption at rest and TLS encryption in transit Access controls: Data access is restricted to authorized, background-checked, U.S.-based personnel using role-based access controls with strict tenant isolation