Preppr Technical Specifications
Last Updated: 6/09/2025
Overview of Preppr
Preppr is an AI-powered platform transforming disaster preparedness by automating previously manual, consultant-driven processes. Our technology makes high-quality, data-driven emergency exercises accessible at 90% lower cost and 80% faster delivery.
The platform integrates powerful capabilities including scenario development, document analysis, open-source intelligence querying, speech-to-text transcription, and actionable insights generation to streamline workflows for government agencies, healthcare systems, and corporations. Designed for simplicity and regulatory compliance, we're already authorized by California DPH and gaining rapid adoption across public health departments, emergency management teams, and enterprise users.
SLA and Policies
Preppr does not currently offer a formal service level agreement (SLA) for solo account beta users. For team or organization plans, a dedicated SLA can be arranged upon request. For additional details, please review Preppr’s Terms of Service and Privacy Policy.
Privacy and Security Standards
Preppr operates in compliance with the privacy and security standards of its hosting and technology partners, including AWS, OpenAI, DeepGram, and Unstructured.io. For further information, you can consult AWS’s data protection overview, OpenAI’s privacy statement, DeepGram’s privacy policy, and Unstructured.io’s privacy policy.
Security Certifications
We are nearly finished with SOC2 preparation and will undergo the audit in June 2025. Until then, we maintain strict security protocols and advise organizations to follow our data handling guidelines when using the platform. Our California Department of Technology authorization demonstrates our commitment to meeting the highest standards of data security and compliance for government and healthcare environments.
Infrastructure and Hosting
Preppr is hosted on Amazon Web Services (AWS), providing a secure, scalable, and reliable cloud infrastructure. The application is containerized using Docker and deployed on EC2 instances, managed through a Load Balancer for efficient traffic distribution. All AWS servers hosting Preppr are located in US regions, ensuring compliance with data residency requirements. Data is encrypted in transit using TLS and at rest using AWS Key Management Service (KMS).
While Preppr operates as a cloud-based SaaS, on-premise licensing can be arranged for teams and organizations.
Application Stack
Preppr’s front end is built with React, TypeScript, and Next.js, styled using Tailwind CSS to provide a modern and cohesive user interface. The back end is powered by Node.js and uses Prisma for database management. Payment processing is securely handled through the Stripe SDK.
Database
User data is stored in a PostgreSQL database, enhanced with the PG Vector extension for managing embeddings. This configuration supports advanced search functionality and enables seamless integration with AI features. User data is strictly isolated and not accessible by other users, ensuring full data segregation and privacy.
Large Language Models
Preppr currently uses OpenAI’s GPT-4o to power features such as question-answering and text generation. OpenAI temporarily retains prompts and outputs for up to 30 days to ensure service continuity and monitor for misuse. API business data is used only for limited purposes: to provide services, detect abuse, and investigate potential issues. Data is retained for a maximum of 30 days unless legally required to keep it longer. Access to this data is restricted to authorized employees and vetted third-party contractors who are bound by confidentiality agreements. This data is not used to train OpenAI’s models by default.
OpenAI employs AES-256 encryption to protect stored data and uses TLS 1.2+ protocols to secure data in transit. Strict access controls are implemented to limit who can access customer data. Additionally, OpenAI adheres to SOC 2 Type 2 standards, undergoing regular independent audits to verify security practices and compliance.
Speech-to-Text
Audio data is processed using DeepGram AI. DeepGram's infrastructure, policies, and procedures are designed to meet industry-standard compliance and regulatory frameworks, including SOC-2 Type 2, HIPAA, PCI DSS, GDPR, CCPA, and all applicable local government and legal requirements. Multi-factor authentication (MFA), role-based access control (RBAC), and VPNs are used to regulate and secure all employee access to data systems. All data is encrypted in-flight and at rest using industry-standard encryption protocols, including TLS 1.3 and AES-256. DeepGram temporarily retains audio and transcripts to deliver services and only uses data for model training if customers explicitly provide their consent.
Intelligence
Preppr Intelligence is powered by an AskNews and DeepNews API integration. AskNews provides access to structured news data with powerful APIs that allow seamless integration of global news insights, enabling advanced search functionality for disaster-related information.
The DeepNews component functions as a state-of-the-art agent capable of self-reflection, on-the-fly learning, and deep research into news archives. This intelligence system is particularly valuable for tasks requiring complex analysis and high-level strategic planning, such as monitoring geopolitical risk and making event forecasts.
This intelligence infrastructure enhances Preppr's disaster preparedness capabilities by providing real-time information monitoring, sentiment analysis, and geo-contextualized insights that improve our products. The integration allows Preppr to leverage enriched datasets that support advanced search functionality while maintaining data isolation and privacy standards consistent with the rest of the application stack. AskNews does not store user data or content.
Document Processing
Preppr leverages Unstructured.io for its document analysis and chat features, collectively named Ask Preppr. Any content processed by Unstructured.io follows their privacy and data handling guidelines. Unstructured.io does not retain inputs or outputs after the completion of the batch or API request, unless we specifically instruct them to do so (which we have not). Furthermore, they do not use your inputs or outputs to develop or improve their services or offerings.
Security and Access Control
Preppr employs robust role-based permissions to ensure that only authorized employees and vetted third-party contractors can access specific data. User authentication and identity management are handled through AWS Cognito, which supports secure user sign-up, sign-in, and multi-factor authentication (MFA) using either email-based verification codes or time-based one-time passwords (TOTP) via authenticator apps.
Single Sign-On (SSO) is supported via industry-standard protocols including OIDC and SAML, enabling seamless login experiences for enterprise users through identity providers such as Google, Microsoft, and Active Directory.
To facilitate stateless authentication, JSON Web Tokens (JWT) are used. JWTs are signed and verified using AWS Cognito’s integrated encryption, ensuring data integrity and secure access to protected resources. Tokens are securely stored in cookies using best practices such as httpOnly, sameSite, and secure flags to mitigate unauthorized access or tampering.
Session management is further reinforced with database-backed session validation. Expired or invalid sessions are automatically purged, requiring users to reauthenticate to regain access.
All user entered data in Preppr is accessible only to authorized, background-checked U.S.-based personnel on a strict need-to-know basis. Our infrastructure includes private GitHub repositories with limited access, GitHub Actions for CI/CD, and automated security testing. These controls have earned the confidence of partners like California DPH while we complete our formal SOC 2 Type II certification process.