SSSentinelStack

Our Commitment

Security is our product. And our practice.

We hold ourselves to the same standards we help customers achieve. Here is how SentinelStack protects data and infrastructure.

Request Security ReviewContact Security Team

Compliance

Certified to high standards.

SOC 2 Type II

Security | Availability | Confidentiality

Independently audited on an annual basis across the security, availability, and confidentiality trust service criteria.

Continuously monitored

ISO 27001

Information Security Management System

The internal ISMS is certified to ISO 27001:2022 and covers physical security, governance, and risk management.

Certified and current

GDPR Compliant

EU Data Residency | DPA Available

Full GDPR support with EU data residency options, data processing agreements, and a dedicated privacy workflow.

DPA available on request

Zero Trust Architecture

Aligned with NIST SP 800-207

Internal systems follow zero-trust principles with no implicit trust, continuous verification, and least-privilege access.

Third-party verified

Zero Trust

Trust nothing. Verify everything.

01

Never Implicit Trust

Every request is authenticated and authorized on its own merit. Network location grants no trust.

02

Least Privilege Access

All human and machine identities receive only the permissions required for their function.

03

Assume Breach Posture

The platform is designed for blast-radius minimization, lateral movement prevention, and real-time anomaly detection.

Data Protection

Encrypted at every layer.

Encryption in Transit

All data in transit is encrypted using TLS 1.3 with forward secrecy and modern cipher enforcement.

Encryption at Rest

Customer data is encrypted at rest using AES-256-GCM with per-customer encryption keys.

Key Management

Enterprise plans support BYOK. SentinelStack never stores customer master keys.

Single-tenant Isolation

Enterprise customers run in dedicated compute environments with strict tenant isolation.

FIPS-aligned Crypto

Validated cryptographic modules are available for regulated and government workloads.

Data Residency

Choose US, EU, or APAC data residency. Data stays in-region unless customers explicitly approve otherwise.

Independent Testing

We get hacked on purpose.

Q1 2025

External Network Pentest

Full external attack surface assessment including API endpoints, auth flows, and network perimeter review.

0 critical | 0 high findings
Q4 2024

Red Team Exercise

A 48-hour red team engagement simulating an advanced persistent threat targeting customer data.

No data exfiltration achieved
Continuous

Bug Bounty Program

Public bug bounty program with rewards up to 50000 USD for critical vulnerabilities.

280K+ paid to researchers

Vulnerability Disclosure

Found a vulnerability?

We take security reports seriously. SentinelStack commits to a 24-hour acknowledgement and a 90-day remediation target for responsible disclosures.

security@sentinelstack.io
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGR4K...
xQEzAA/pK3nv7Bm...
9wLm+TjAa/3K...
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint: A4F2 9B3C 7E1D ... 08AF