Your Data Never Leaves Your Control
Prophecy works against your data in place — keeping only metadata, never the data itself — so you stay in control of both your data and your AI.
Governance, Risk Management, & Compliance by Design
Security isn’t bolted on. Prophecy is engineered from the ground up with the technical and physical controls that protect the confidentiality, integrity, and availability of your data.
Continuous compliance monitoring
Security and compliance controls are monitored continuously — not just at audit time — so issues are detected and resolved as they arise rather than once a year.
Runs without storing your data
Prophecy works against your data in place, inside your own cloud platform, and keeps only descriptive metadata — table and column names. When configured for it, none of your underlying data is stored at all.
Enterprise-grade access controls
SSO, MFA, RBAC, and full audit logging reduce risk, improve compliance, and enhance operational efficiency.
Resilience & business continuity
Tested backup, fail over, and disaster-recovery procedures keep the platform available and your work protected through disruptions, with recovery objectives reviewed regularly.

Data & Analytics Manager, Amgen
AI Assistance You Can Trust
Your data stays yours, every action stays transparent, and people stay in control.
Your data stays private from LLM providers
Prophecy doesn't store your data, or send it to any third-party large language model (LLM) providers. Instead, Prophecy builds its knowledge graph from structural metadata about your data environment. This innovative approach lets Prophecy interface with LLM providers while keeping your data private and safely controlled within your own storage environment.
Transparency & explainability
Every transformation the agent proposes is shown as readable, editable pipeline logic and generated code — never hidden in a black box — so you can see exactly what will run before approving it.
Human oversight & control
People stay in control of review, approval and execution. The agent operates within role-based permissions and cannot act outside the boundaries you set.
Output validation & quality
Generated pipelines run in a sandboxed, version-controlled workflow and are validated against your schemas and data contracts, with testing built in. This limits prompt injection, hallucinations, and unintended results before anything reaches production.
Access Control and Accountability
Prophecy provides rich product security features to safeguard user access, data integrity, and compliance.
Authentication
Prophecy supports multiple authentication methods to ensure that only authorized individuals can access the platform, including:
Authorization
Role-Based Access Control (RBAC) enforces a “least privilege” model with clear roles — standard user, team administrator, and cluster administrator. For your actual data, Prophecy passes your identity through to your data platform, so you only see what you’re already permitted to in Databricks Unity Catalog or Snowflake.
Auditing
Detailed auditing capabilities capture user and administrator activity across the interface and API. Equally important is what Prophecy auditing deliberately does not capture: your data, metadata, or credentials. Our automated redaction isolates each customer's logs from all others, and strips out any sensitive details.
Data protection
Everything Prophecy stores — metadata, secrets, logs, and backups — is encrypted with AES-256, with keys safeguarded in the cloud provider’s hardened key-management hardware. Data in transit is protected with TLS 1.3, and Dedicated SaaS customers can bring their own encryption keys.
Infrastructure & Subprocessors
We work with a small, carefully vetted set of industry-leading infrastructure providers, and keep this list current, notifying you of any material changes.
A complete, current subprocessor list is available in the Prophecy Trust Center.
FAQ
Questions About Security?
Answers to the questions we hear most from security and procurement teams.
Is my data isolated from other customers?
Yes. Multi-tenant deployments use multiple layers of logical isolation, and our Dedicated SaaS option provides single-tenant infrastructure for stronger separation.
How are we notified of subprocessor or security changes?
We publish updates in the Trust Center and notify affected customers of material changes to our subprocessor list and security posture.
How often do you run penetration tests?
At least annually by independent experts, with findings tracked to remediation. Reports are available under NDA in the Trust Center.
How do you handle security incidents?
We maintain a documented incident response plan with defined detection, containment, and customer-notification procedures, tested regularly.
Verify it Yourself
Explore Prophecy's security posture in the Trust Center
Request reports, a DPA, or questionnaire support, review controls, and access the documentation your security team needs - all in one place.


