Security & Trust

Detection Architecture

Context Guard uses a hybrid detection pipeline rather than a single model or a single rule set. Each layer is intentionally narrow so we can reason about what it does and where it fails:

• Regex rule layer - deterministic, low-latency pattern matching for known prompt-injection, exfiltration, and policy-violation signatures. This is the default and runs on every request.
• Source-aware analysis - distinguishes trusted system/developer instructions from untrusted user input and retrieved context, so injections embedded in documents or tool output are scored differently to first-party prompts.
• Optional DeBERTa-v3 ML classifier - opt-in via CG_ENABLE_ML=1. Targets adversarial and obfuscated attacks the rule layer cannot express as patterns. Adds roughly 84ms when it fires; teams that need pure-rule determinism leave it off.

On our public benchmark suite the rule layer alone achieves 100% precision on BIPIA and TensorTrust (zero false positives on legitimate traffic). Enabling the ML classifier lifts recall to 97.4% on CyberSecEval prompt-injection prompts. We publish the full breakdown - including the benchmarks where we still lose recall - on the benchmarks page.

Infrastructure & Encryption

Context Guard is a reverse proxy. Your LLM traffic passes through our proxy endpoint (Cloudflare) to the upstream provider, with the dashboard hosted on Vercel. All traffic is encrypted in transit via TLS 1.3. No data is stored at rest beyond the metadata logs covered below.

API Keys

Keys are hashed with SHA-256 before storage. The plaintext is shown once at creation and never stored, logged, or recoverable. Keys are transmitted only over HTTPS and validated against the stored hash on every request. Revocation takes effect within seconds.

Data Handling

We log metadata: timestamps, threat types, risk scores, model, token counts, and detector outcomes. This powers the triage console and audit trail.

We do not log full prompt or response content beyond what threat classification requires. Snippets are captured only for detection context and follow the same retention schedule.

• Starter - 7 days
• Growth - 30 days
• Enterprise - 90+ days, configurable

Deletion is permanent. No shadow copies after expiry; backups cycle on the same schedule.

Sub-processors

The following third parties process customer data on our behalf:

• Cloudflare - proxy endpoint and CDN (US/EU regions)
• Vercel - dashboard hosting and edge delivery (EU region)
• Supabase - managed Postgres, authentication, and storage (EU region)
• Stripe - payment processing for paid subscriptions (limited to billing data)

LLM providers (OpenAI, Anthropic, etc.) process traffic you route through the proxy under your own direct relationship with them. They are not our sub-processors. We provide 30 days notice before adding or replacing a sub-processor; full details in our DPA.

Data Residency

Default: EU/UK. Traffic is processed and logs stored in EU/UK regions. Enterprise customers can request specific residency arrangements.

Incident Response

In the event of a security incident affecting customer data, we will notify affected customers within 72 hours of confirmation via email to the account address on file and via in-dashboard notice. Incident reports will include: what happened, what data was affected, what remediation steps were taken, and how to mitigate further risk. We conduct post-incident reviews and publish summaries for significant incidents.

Security Practices

Detection rules and policy logic are reviewed before deployment for false-positive impact. The proxy codebase receives regular review and changes are tested against representative traffic patterns before release. We run periodic penetration testing against the proxy endpoint and dashboard infrastructure.

Availability

Growth and Enterprise tiers include a 99.9% uptime SLA. We publish uptime status and historical performance at our status page. The proxy is designed for hot-path operation with minimal overhead (p50 < 30ms) and automatic failover at the CDN edge.

Responsible Disclosure

Report vulnerabilities to security@ctx-guard.com. We ask 90 days before public disclosure. We acknowledge within 48 hours and provide a fix timeline within 5 business days. Good-faith research is welcome and will not face legal action.

Compliance

SOC 2 audit planned. We are preparing for our Type I assessment and will share updates as that progresses. Privacy Policy, Terms of Service, and a DPA (including SCCs for international transfers and sub-processor consent mechanisms) are available for business customers.

Burrell Digital LTD is registered in England and Wales (company number 15958808) and processes personal data in line with UK GDPR and the Data Protection Act 2018.