Back to sentrial.co
Security

Security at Sentrial

We take the security of your trace data and your agents' behavior data seriously. Here is an overview of how we protect the Sentrial platform and your data.

Encryption
  • All data in transit is encrypted using TLS 1.3
  • All data at rest is encrypted using AES-256
  • API keys are hashed using bcrypt before storage
  • Database backups are encrypted with a separate key
Access Control
  • Production access restricted to authorized engineers only
  • Multi-factor authentication required for all internal systems
  • Role-based access control (RBAC) across all services
  • SSH access to production infrastructure requires hardware keys
Monitoring & Detection
  • Real-time anomaly detection on API traffic
  • Audit logs for all access to customer data
  • Automated vulnerability scanning on every deploy
  • Dependency security alerts via automated tooling
Compliance
  • SOC 2 Type II audit in progress (expected Q4 2026)
  • GDPR-compliant data handling and deletion workflows
  • Data residency options available for Enterprise customers
  • Sub-processor list available on request
Responsible Disclosure

If you discover a security vulnerability in Sentrial, please report it to us privately at security@sentrial.co. Please do not disclose the vulnerability publicly until we have had a chance to address it. We commit to acknowledging your report within 24 hours and providing a resolution timeline within 72 hours.

We appreciate security researchers who help us keep Sentrial safe. We will acknowledge your contribution in our security hall of fame (with your permission).