Last updated:
Security overview
An honest summary of how Sentro is built and operated. Anything we can't yet certify is marked clearly.
1. Encryption
All traffic to and from Sentro uses TLS 1.2 or higher with modern cipher suites. Data at rest is encrypted with AES-256 using customer-scoped envelope keys. Database secrets are encrypted with per-organization data keys held in our managed vault.
2. Tenant isolation
Every organization is logically isolated. Connection pools are scoped to a single organization, and queries carry an organization ID at the row level so cross-tenant access is impossible at the database layer.
3. Backups and recovery
Operational metadata is backed up continuously with point-in-time recovery to 7 days, and full snapshots retained for 30 days. RPO ≤ 5 minutes, RTO ≤ 1 hour. Customer database contents remain on the customer's own infrastructure — we never copy them into our backups.
4. Access control
Employee access to production is gated behind hardware security keys, requires explicit time-limited approval per request, and is fully logged. Access reviews happen quarterly. We use the principle of least privilege for all service accounts.
5. Secret rotation
Customer secret keys can be rotated from the dashboard at any time without downtime. Internal service credentials rotate automatically every 30 days; long-lived credentials are forbidden.
6. Logging and monitoring
All authentication events, role changes, and webhook deliveries are logged with tamper- evident storage. Anomaly detection alerts on impossible-travel logins and bulk export patterns. Logs are retained per the plan retention schedule.
7. Secure development
Code is peer-reviewed and gated by automated tests including SAST and dependency vulnerability scanning. Container images are scanned at build and at runtime. Production deploys are immutable and reversible.
8. Business continuity
We run multi-AZ deployments behind managed load balancers. Quarterly disaster-recovery drills validate failover and recovery procedures.
9. Certifications
SOC 2 Type II audit is in progress (target completion Q3 2026). ISO/IEC 27001 readiness assessment kicked off Q1 2026. PCI DSS compliance for payments is inherited from Stripe and Dodo Payments — we do not store card data ourselves.
10. Status
Live system status is published at sentrodb.com/status.
11. Vulnerability disclosure
Please report suspected vulnerabilities to security@sentrodb.com. We acknowledge reports within 24 hours and provide updates every 5 business days until resolved. We do not pursue good-faith researchers and will publicly thank you (with consent) once the report is closed.
Mailing address for security notices: 2261 Market St, Suite 5500, San Francisco, CA 94114, USA.