Preppr Technical Specifications
Last Updated: 6/09/2025
Overview of Preppr
Preppr is an AI-powered platform transforming disaster preparedness by automating previously manual, consultant-driven processes. Our technology makes high-quality, data-driven emergency exercises accessible at 90% lower cost and 80% faster delivery.
The platform integrates powerful capabilities including scenario development, document analysis, open-source intelligence querying, speech-to-text transcription, and actionable insights generation to streamline workflows for government agencies, healthcare systems, and corporations. Designed for simplicity and regulatory compliance, we're already authorized by California DPH and gaining rapid adoption across public health departments, emergency management teams, and enterprise users.
SLA and Policies
Preppr does not currently offer a formal service level agreement (SLA) for solo account beta users. For team or organization plans, a dedicated SLA can be arranged upon request. For additional details, please review Preppr’s Terms of Service and Privacy Policy.
Privacy and Security Standards
Preppr operates in compliance with the privacy and security standards of its hosting and technology partners, including AWS, OpenAI, DeepGram, and Unstructured.io. For further information, you can consult AWS’s data protection overview, OpenAI’s privacy statement, DeepGram’s privacy policy, and Unstructured.io’s privacy policy.
Security Certifications
Preppr has achieved SOC 2 Type 1 compliance with an unqualified opinion and no exceptions, demonstrating enterprise-grade security controls that meet the rigorous standards required by government agencies, healthcare systems, and emergency management organizations. We hold a California Department of Technology authorization for operation, which demonstrates our commitment to meeting the highest standards of data security and compliance for government and other regulated/high risk environments.
Infrastructure and Hosting
Preppr is hosted on Amazon Web Services (AWS), providing a secure, scalable, and reliable cloud infrastructure. The application is containerized using Docker and deployed on EC2 instances, managed through a Load Balancer for efficient traffic distribution. All AWS servers hosting Preppr are located in US regions, ensuring compliance with data residency requirements. Data is encrypted in transit using TLS and at rest using AWS Key Management Service (KMS).
While Preppr operates as a cloud-based SaaS, on-premise licensing can be arranged for teams and organizations.
Application Stack
Preppr’s front end is built with React, TypeScript, and Next.js, styled using Tailwind CSS to provide a modern and cohesive user interface. The back end is powered by Node.js and uses Prisma for database management. Payment processing is securely handled through the Stripe SDK.
Database
User data is stored in a PostgreSQL database, enhanced with the PG Vector extension for managing embeddings. This configuration supports advanced search functionality and enables seamless integration with AI features. User data is strictly isolated and not accessible by other users, ensuring full data segregation and privacy.
Large Language Models
Preppr leverages multiple advanced AI models to power various features across our platform, including question-answering, text generation, and data analysis. .
OpenAI Models (GPT-4o, GPT-4.1, GPT-4.1 Mini)
Preppr uses OpenAI's GPT-4o, GPT-4.1, and GPT-4.1 Mini models to power features such as question-answering and text generation. OpenAI automatically deletes inputs and outputs on their backend within 30 days of receipt or generation for API users, unless otherwise agreed or required for policy enforcement or legal compliance. API business data is used only for limited purposes: to provide services, detect abuse, and investigate potential issues. Data is retained for a maximum of 30 days unless legally required to keep it longer. Access to this data is restricted to authorized employees and vetted third-party contractors who are bound by confidentiality agreements. This data is not used to train OpenAI's models by default.
OpenAI employs AES-256 encryption to protect stored data and uses TLS 1.2+ protocols to secure data in transit. Strict access controls are implemented to limit who can access customer data. Additionally, OpenAI adheres to SOC 2 Type 2 standards, undergoing regular independent audits to verify security practices and compliance.
Anthropic Claude Sonnet 4
Preppr utilizes Claude Sonnet 4 for advanced reasoning, question-answering and text generation, and analysis tasks. For API users such as Preppr, Anthropic automatically deletes inputs and outputs on their backend within 30 days of receipt or generation, except when zero data retention agreements are in place or when retention is required for Usage Policy enforcement or legal compliance. Anthropic does not use API data for training unless there is a specific agreement stating otherwise.
Anthropic maintains SOC 2 Type I and Type II, ISO 27001:2022 (Information Security Management), ISO/IEC 42001:2023 (AI Management Systems), and HIPAA compliance certifications. All data is encrypted in transit using TLS protocols, and Anthropic employs strict access controls with comprehensive data governance practices.
Google Gemini Models (Gemini 2.5 Flash and Pro)
Preppr incorporates Google's Gemini 2.5 Flash and Pro models for various analytical and generative tasks. Preppr uses Paid Services, thus Google doesn't use prompts or responses to improve their products, and processes data in accordance with the Data Processing Addendum for Products Where Google is a Data Processor. For Paid Services, Google logs prompts and responses for a limited period of time, solely for the purpose of detecting violations of the Prohibited Use Policy and any required legal or regulatory disclosures.
For abuse monitoring purposes, Google retains prompts, contextual information, and outputs for fifty-five (55) days. Gemini for Google Cloud is compliant with ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC1, SOC2, and SOC3 certifications. All data that Gemini processes is encrypted at rest and in transit, with comprehensive audit logging and role-based access controls implemented.
Shared Security Measures
All AI providers implement enterprise-grade security measures including:
Data Encryption: Industry-standard encryption for data at rest and in transit
Access Controls: Strict role-based access controls limiting data access to authorized personnel
Compliance Certifications: SOC 2 compliance and various ISO certifications
Audit Logging: Comprehensive logging and monitoring of data access and usage
Regular Security Audits: Independent third-party security assessments
Data Processing Principles
Across all AI models, Preppr ensures:
Limited Retention: Data is retained only for the minimum time necessary for service provision and security monitoring
Purpose Limitation: Data is used solely for providing requested services and detecting policy violations
No Unauthorized Training: Unless explicitly agreed, customer data is not used to train or improve AI models
Secure Transmission: All data transmission occurs over encrypted channels with appropriate security protocols
Compliance Adherence: All processing complies with applicable data protection regulations and industry standards
For questions about this policy or data handling practices, please contact us.
Speech-to-Text
Audio data is processed using DeepGram AI. DeepGram's infrastructure, policies, and procedures are designed to meet industry-standard compliance and regulatory frameworks, including SOC-2 Type 2, HIPAA, PCI DSS, GDPR, CCPA, and all applicable local government and legal requirements. Multi-factor authentication (MFA), role-based access control (RBAC), and VPNs are used to regulate and secure all employee access to data systems. All data is encrypted in-flight and at rest using industry-standard encryption protocols, including TLS 1.3 and AES-256. DeepGram temporarily retains audio and transcripts to deliver services and only uses data for model training if customers explicitly provide their consent.
Intelligence
Preppr Intelligence is powered by an AskNews and DeepNews API integration, which is powered by Claude Sonnet 4. AskNews provides access to structured news data with powerful APIs that allow seamless integration of global news insights, enabling advanced search functionality for disaster-related information.
The DeepNews component functions as a state-of-the-art agent capable of self-reflection, on-the-fly learning, and deep research into news archives. This intelligence system is particularly valuable for tasks requiring complex analysis and high-level strategic planning, such as monitoring geopolitical risk and making event forecasts.
This intelligence infrastructure enhances Preppr's disaster preparedness capabilities by providing real-time information monitoring, sentiment analysis, and geo-contextualized insights that improve our products. The integration allows Preppr to leverage enriched datasets that support advanced search functionality while maintaining data isolation and privacy standards consistent with the rest of the application stack. AskNews does not store user data or content.
Document Processing
Preppr leverages Unstructured.io for its document analysis and chat features, collectively named Ask Preppr. Any content processed by Unstructured.io follows their privacy and data handling guidelines. Unstructured.io does not retain inputs or outputs after the completion of the batch or API request, unless we specifically instruct them to do so (which we have not). Furthermore, they do not use your inputs or outputs to develop or improve their services or offerings.
Security and Access Control
Preppr employs robust role-based permissions to ensure that only authorized employees and vetted third-party contractors can access specific data. User authentication and identity management are handled through AWS Cognito, which supports secure user sign-up, sign-in, and multi-factor authentication (MFA) using either email-based verification codes or time-based one-time passwords (TOTP) via authenticator apps.
Single Sign-On (SSO) is supported via industry-standard protocols including OIDC and SAML, enabling seamless login experiences for enterprise users through identity providers such as Google, Microsoft, and Active Directory.
To facilitate stateless authentication, JSON Web Tokens (JWT) are used. JWTs are signed and verified using AWS Cognito’s integrated encryption, ensuring data integrity and secure access to protected resources. Tokens are securely stored in cookies using best practices such as httpOnly, sameSite, and secure flags to mitigate unauthorized access or tampering.
Session management is further reinforced with database-backed session validation. Expired or invalid sessions are automatically purged, requiring users to reauthenticate to regain access.
All user entered data in Preppr is accessible only to authorized, background-checked U.S.-based personnel on a strict need-to-know basis. Our infrastructure includes private GitHub repositories with limited access, GitHub Actions for CI/CD, and automated security testing. These controls have earned the confidence of partners like California DPH while we complete our formal SOC 2 Type II certification process.