Legal

Compliance

Last updated: March 2, 2026

This page summarizes Church of Prompt's approach to data protection and operational security. Church of Prompt is operated by Hasher Technologies LLC (hasher.sh). This page is provided for transparency and does not constitute legal advice.

Security Practices

  • Passwords are stored with one-way hashing (bcrypt) and are not stored in plaintext.
  • API authentication uses JWT access tokens with httpOnly refresh token cookies.
  • Role-based admin routes are protected and write-heavy operations are rate-limited.
  • Request correlation IDs are propagated for traceability and incident debugging.

Operational Logging

  • Selected administrative and moderation write actions are recorded in audit logs.
  • Stripe webhook events are stored for reconciliation and idempotency tracking if payment events are processed.

Content Moderation

Submissions may be reviewed and moderated. We may remove content that violates policies or applicable law.

Scope and Certifications

This page describes current technical controls for transparency. It is not a certification statement and does not claim SOC, ISO, HIPAA, or similar framework attestation.

Contact

Compliance questions? Email contact@thechurchofprompt.com. Compliance operations are handled by Hasher Technologies LLC.