Security
Security at RxByte
Your prompts can contain sensitive context — API keys, internal procedures, personal notes. We take that seriously.
End-to-end encryption
When sync is enabled, prompts are encrypted with AES-256-GCM using a key derived from your password via PBKDF2. We never receive your encryption key.
Zero-knowledge sync
Our servers store only ciphertext. Even if our database were breached, your prompts would be unreadable without your password.
Infrastructure
RxByte runs on SOC 2 Type II certified infrastructure. All data is stored in US-East (primary) and EU-West (replica) data centers with AES-256 encryption at rest.
Manifest V3
The extension runs under Chrome's Manifest V3 which limits background script capabilities and enforces a strict Content Security Policy.
Responsible disclosure
Found a security vulnerability? We appreciate responsible disclosure. Please email [email protected] with details. Do not disclose publicly until we've had a chance to investigate and patch.
We aim to respond within 24 hours and resolve confirmed issues within 90 days. Reporters of valid vulnerabilities will be credited in our changelog.