Security Is in Our DNA

We're a security company, so we hold ourselves to the highest standards. Here's how we protect your data and our infrastructure.

Data Protection

Your security data is sensitive. We treat it that way.

Encryption at Rest

All data is encrypted at rest using AES-256 encryption. Database fields containing sensitive information use application-level encryption with rotatable keys.

Encryption in Transit

All connections use TLS 1.3 with strong cipher suites. We enforce HTTPS everywhere and use HSTS to prevent protocol downgrade attacks.

Data Retention

You control your data retention policies. When you delete your account, all data is permanently erased within 30 days, including backups.

Infrastructure Security

Our infrastructure is built for security from the ground up.

  • Hosted on AWS

    Running in isolated VPCs with private subnets, security groups, and network ACLs. No public-facing infrastructure except load balancers.

  • Regular Penetration Testing

    We engage third-party security firms for annual penetration tests and run continuous vulnerability scanning on all production systems.

  • Immutable Infrastructure

    All deployments use container images built in CI/CD. No SSH access to production servers. Infrastructure is defined as code and version-controlled.

  • DDoS Protection

    AWS Shield and CloudFront protect against volumetric and application-layer DDoS attacks with automatic mitigation.

Compliance

We maintain compliance certifications and follow industry best practices.

SOC 2 Type II

Currently undergoing SOC 2 Type II audit. Our security controls are designed to meet Trust Service Criteria for security, availability, and confidentiality.

In Progress

GDPR Compliant

Full compliance with the General Data Protection Regulation. We support data subject access requests, right to deletion, and data portability.

Compliant

Data Residency

Enterprise customers can choose their data processing region. Available regions include US East, EU West, and Asia Pacific.

Available

Access Controls

Role-Based Access Control

Granular permissions with predefined roles (Owner, Admin, Analyst, Viewer) and custom role support on Enterprise plans.

Audit Logging

Every action in Sentinel Nerd is logged with user identity, timestamp, and IP address. Audit logs are retained for 1 year and can be exported.

Session Management

Sessions expire after 24 hours of inactivity. Users can view and revoke active sessions. Concurrent session limits are configurable.

Two-Factor Authentication

2FA is available for all accounts and can be enforced organization-wide by admins. We support TOTP authenticator apps.

Responsible Disclosure

Found a security vulnerability? We appreciate your help in keeping Sentinel Nerd and our users safe.

Please report security vulnerabilities to security@sentinelnerd.com. Include:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact of the vulnerability
  • Any suggested remediation (optional)

We commit to acknowledging your report within 24 hours and providing a timeline for resolution within 72 hours. We will not take legal action against researchers who follow responsible disclosure practices.

Need Our Security Questionnaire?

We provide detailed security documentation for enterprise evaluations. Contact our sales team to request our security questionnaire, SOC 2 report, or penetration test summary.

Contact Sales