Security

Sentendra is a security platform sold to security teams. We treat your customers' alert telemetry the way we would expect our own to be treated — with strong defaults that keep data inside the perimeter you control.

AI & Your Data — You Choose Where It Runs

Most "AI-powered" SOC tools quietly send your alerts, hostnames, usernames, and observables to a public LLM provider (OpenAI, Anthropic, etc.) the moment you log in. Sentendra never does this without an explicit decision from you.

• Starter (Free): AI is off by default. No model runs and no data is sent anywhere for analysis. If you want AI on Starter you can plug in your own OpenAI or Anthropic API key — the data flows to your provider under your account and DPA. We don't host a model for free-tier tenants.
• Team: a Sentendra-hosted model runs on dedicated GPU infrastructure inside our perimeter. Your alert content stays inside Sentendra. Or you can bring your own LLM key if you prefer your own provider.
• Enterprise: dedicated isolated GPU model, or on-prem / air-gapped install for full data sovereignty, or BYO key with a sub-processor disclosure flow built in.

Multi-Tenant Isolation

Sentendra enforces tenant isolation at the database layer using PostgreSQL Row-Level Security with FORCE ROW LEVEL SECURITY on every tenant-scoped table. Each request runs under a tenant-scoped role with its tenant ID set as a session GUC. A bug in application code cannot cross the tenant boundary because the database itself rejects the query.

Encryption & Access Controls

All traffic is TLS-encrypted in transit (HTTPS, internal service mesh, database connections). Credentials and integration secrets are encrypted at rest. Authentication uses JWT with rotating refresh tokens and per-tenant nonce binding to reject cross-tenant token replay. Optional 2FA, SAML / OIDC SSO, and remember-me tokens are supported. RBAC permissions can be customized per user.

Self-Hosted & On-Prem Option

On the Enterprise plan you can run Sentendra entirely on your own infrastructure — including air-gapped environments where the platform never touches the public internet. Your alert data, cases, observables, AI prompts, and AI responses all stay on your hardware. We provide the deployment artifacts, install runbooks, and update channels.

Compliance Posture

Sentendra is designed to slot into SOC 2, ISO 27001, GDPR, and HIPAA-aligned environments. The architecture supports the technical controls these frameworks require — RLS-enforced tenant isolation, audit logging on every privileged action, encrypted secrets, configurable data retention, and the ability to keep all processing (including AI) inside your perimeter. Talk to us about your specific control matrix when you contact us.

Audit & Observability

Every privileged action — login, role change, integration created, case deleted, AI analysis triggered — is recorded in an append-only activity log. Logs are exportable for ingestion into your own SIEM. Uptime monitoring and integration health checks are visible to admins.

Reporting Security Issues

If you believe you have found a security vulnerability, please report it responsibly to [email protected]. We will acknowledge within 48 hours, work with you to validate and remediate, and credit you in the release notes if you wish.