Preppr Beta Technical Specifications
Last Updated: 1/06/2025
Overview of Preppr
Preppr is an AI-powered SaaS platform that advances disaster preparedness and emergency management by automating the design, planning, and execution of disaster exercises. The platform helps organizations create high-quality, data driven, tailored exercises more efficiently, reducing time and cost while improving collaboration and outcomes.
Preppr automates manual tasks, provides advanced document search capabilities, enables speech-to-text transcription, and facilitates content analysis to streamline workflows for individuals, teams, and organizations. Designed to be user-friendly and scalable, it caters to public health departments, emergency response teams, and other organizations focused on community resilience.
In the near future, Preppr will integrate additional features such as contextually relevant OSINT (open-source intelligence) and hazard models, organizational capability and capacity mapping, natural language spatial mapping, and digital exercises. These innovations will enable users to more rapidly plan, analyze, and simulate disaster scenarios with greater accuracy and contextual relevance, empowering communities with a first of its kind decision support and training system.
SLA and Policies
Preppr does not currently offer a formal service level agreement (SLA) for solo account beta users. For team or organization plans, a dedicated SLA can be arranged upon request. For additional details, please review Preppr’s Terms of Service and Privacy Policy.
Privacy and Security Standards
Preppr operates in compliance with the privacy and security standards of its hosting and technology partners, including AWS, OpenAI, DeepGram, and Unstructured.io. For further information, you can consult AWS’s data protection overview, OpenAI’s privacy statement, DeepGram’s privacy policy, and Unstructured.io’s privacy policy.
Security Certifications
As Preppr is still in beta, we have not yet obtained security certifications. However, we fully intend to pursue appropriate certifications, such as SOC 2 and ISO 27001, when the platform launches for full users and team accounts. Until that time, we advise beta users against inputting data and documents that are not already in the public domain. Given the substantial costs required to obtain these certifications, we are seeking partnerships with beta users and jurisdictions that recognize the value of Preppr and are willing to collaborate in this process.
Infrastructure and Hosting
Preppr is hosted on Amazon Web Services (AWS), providing a secure, scalable, and reliable cloud infrastructure. The application is containerized using Docker and deployed on EC2 instances, managed through a Load Balancer for efficient traffic distribution. All AWS servers hosting Preppr are located in US regions, ensuring compliance with data residency requirements. Data is encrypted in transit using TLS and at rest using AWS Key Management Service (KMS).
While Preppr operates as a cloud-based SaaS, on-premise licensing can be arranged for teams and organizations.
Application Stack
Preppr’s front end is built with React, TypeScript, and Next.js, styled using Tailwind CSS to provide a modern and cohesive user interface. The back end is powered by Node.js and uses Prisma for database management. Payment processing is securely handled through the Stripe SDK.
Database
User data is stored in a PostgreSQL database, enhanced with the PG Vector extension for managing embeddings. This configuration supports advanced search functionality and enables seamless integration with AI features. User data is strictly isolated and not accessible by other users, ensuring full data segregation and privacy.
Large Language Models
Preppr currently uses OpenAI’s GPT-40 to power features such as question-answering and text generation. OpenAI temporarily retains prompts and outputs for up to 30 days to ensure service continuity and monitor for misuse. API business data is used only for limited purposes: to provide services, detect abuse, and investigate potential issues. Data is retained for a maximum of 30 days unless legally required to keep it longer. Access to this data is restricted to authorized employees and vetted third-party contractors who are bound by confidentiality agreements. This data is not used to train OpenAI’s models by default.
OpenAI employs AES-256 encryption to protect stored data and uses TLS 1.2+ protocols to secure data in transit. Strict access controls are implemented to limit who can access customer data. Additionally, OpenAI adheres to SOC 2 Type 2 standards, undergoing regular independent audits to verify security practices and compliance.
Speech-to-Text
Audio data is processed using DeepGram AI. DeepGram's infrastructure, policies, and procedures are designed to meet industry-standard compliance and regulatory frameworks, including SOC-2 Type 2, HIPAA, PCI DSS, GDPR, CCPA, and all applicable local government and legal requirements. Multi-factor authentication (MFA), role-based access control (RBAC), and VPNs are used to regulate and secure all employee access to data systems. All data is encrypted in-flight and at rest using industry-standard encryption protocols, including TLS 1.3 and AES-256. DeepGram temporarily retains audio and transcripts to deliver services and only uses data for model training if customers explicitly provide their consent.
Document Processing
Preppr leverages Unstructured.io for its document chat features. Any content processed by Unstructured.io follows their privacy and data handling guidelines. Unstructured.io does not retain inputs or outputs after the completion of the batch or API request, unless we specifically instruct them to do so (which we have not). Furthermore, they do not use your inputs or outputs to develop or improve their services or offerings.
Security and Access Control
Preppr employs robust role-based permissions to ensure that only authorized employees and vetted third-party contractors can access specific data. User authentication and identity management are handled through AWS Cognito, which provides secure user sign-up, sign-in, and multi-factor authentication (MFA) capabilities. Cognito also enables global user sign-out to ensure sessions are securely terminated across all devices when needed.
To facilitate stateless authentication, JSON Web Tokens (JWT) are used. JWTs are signed and verified using AWS Cognito's integrated encryption, ensuring data integrity and secure access to protected resources. Tokens are stored securely in cookies, adhering to best practices like httpOnly, sameSite, and secure configurations, to prevent unauthorized access and tampering.
Session management is further reinforced with database-backed sessions, where session tokens are periodically validated and updated. Expired or invalid sessions are automatically cleared, ensuring users are required to reauthenticate for continued access.
All user data stored by Preppr is accessible only to authorized employees and vetted third-party contractors, with access granted strictly on a need-to-know basis. Additionally, only US-based developers have been involved in the development of Preppr, ensuring adherence to data sovereignty and security best practices. Code is stored in private GitHub repositories with restricted access, and deployments are managed through GitHub Actions, which runs automated tests and security checks