Security and Data Protection

ProLens is built around a few hard rules. They're not just marketing — every one is enforced in code.

Read-only

ProLens only reads from your PSA, CRM, and accounting systems. We never create, edit, or delete records. Every integration is one-way.

This is enforced at the adapter level: the PSA adapter interface exposes fetchProjects, fetchInvoices, fetchTimeEntries, fetchPeople, fetchDeals, fetchBookings — no corresponding create*, update*, or delete* methods.

Financial records never permanently stored

Your invoices, time entries, and cost rates are never written to ProLens's database. They're fetched live from your PSA, computed into aggregates, and held in a short-lived cache (15-minute TTL) before being refreshed.

Even if our database were compromised, your financial history wouldn't be in it.

Credentials encrypted

PSA credentials are encrypted with AES-256-GCM envelope encryption: each row gets its own data encryption key (DEK), the DEK is wrapped with a master key (KEK), and the master key lives in the platform's environment. The raw token is never echoed back through the UI and is decrypted only at the moment ProLens needs to make a request to your PSA.

You can rotate the token or revoke access entirely from Settings → Connections.

Every access is logged

Settings → Security shows your firm's data-access audit trail. Every read of your PSA data — by sync jobs, AI pipelines, cache rebuilds, individual user queries — produces a row in the log with a timestamp, the accessor (system / user / AI), the action, and the scope of data touched.

Logs are retained for 90 days and filterable by date and accessor type.

No admin backdoors

ProLens staff cannot access your tenant data without your explicit, time-limited permission. The codebase doesn't contain any "impersonate", "view as tenant", or "switch tenant" code paths — even users with PLATFORM_ADMIN role see only their own tenant's data, because tenant scope is resolved from the signed-in user's JWT at every database query.

The no-backdoor architecture is enforced architecturally, not by policy.

AI never sees your real names

Before any data leaves ProLens for AI analysis, all client names, project names, and employee names are replaced with opaque tokens (Client A, Project Alpha, Person B). The AI sees the structure of your data — counts, dollars, ratios — but never the actual names. The response is deanonymized on the way back so you read real names on the dashboard.

What's in flight

Connections to ProLens are HTTPS, and Vercel's edge network terminates TLS. Connections to your PSA from ProLens are HTTPS as well.

Read the full details

For the long-form security overview — architecture diagrams, SOC 2 status, subprocessor list — visit prolens.io/security.

Read-only​

Financial records never permanently stored​

Credentials encrypted​

Every access is logged​

No admin backdoors​

AI never sees your real names​

What's in flight​

Read the full details​