CLASSIFICATION: PUBLIC // TRUST POSTURESENTINALITY // v0.1
Sentinality← Back
SECURITY & COMPLIANCE

Honest about our posture.

Sentinality is built for analysts who need to defend their work. This page is the unedited security posture — including what is, and is not, true about SOC 2.

DISCLOSURE • SOC 2

SOC 2 is an audit, not a feature.

We implement the technical controls a SOC 2 auditor will look for — RLS, MFA-capable auth, audit logs, encryption, retention, access reviews. A genuine SOC 2 attestation requires a third-party audit, written policies, and operational evidence collected over time. We will not claim otherwise. If you need a signed report, talk to us about timeline.

Controls we implement today

ACCESS

Role-based access control

Platform roles (superadmin / admin / investigator / viewer) stored in a separate user_roles table. Team-scoped editor/viewer roles. All access decisions made server-side via SECURITY DEFINER functions — never trusting the client.

AUTHN

MFA-capable authentication

Email + password with leaked-password (HIBP) screening. Managed Google sign-in. TOTP MFA enrolment on the roadmap for admin-required policy.

DATA

Row-level security on every table

Postgres RLS enforces team membership on every read and write. Service-role access is restricted to trusted server functions only.

AUDIT

Append-only audit log

Every mutating action, every report export, every role change is written to an immutable audit_log table — actor, entity, IP, user agent, timestamp. No update or delete policy exists.

RETENTION

Per-team data retention

Configurable retention windows for sources and reports. Scheduled purge jobs. Data subject request queue for export/delete on a named subject.

CRYPTO

Encryption at rest & in transit

Database storage encrypted at rest by our cloud provider. All API traffic over TLS 1.2+. Secrets stored server-side only — never bundled into the browser.

ISOLATION

Server-side trust boundary

All sensitive logic runs inside server functions with explicit auth middleware. The service-role database client is gated behind verified server routes; never exposed to client code.

INPUT

Schema-validated input

Every server function validates its input with Zod. Webhook routes verify signatures before doing any work. Rate limiting enforced per team.

Things we deliberately do not do

  • ×Scrape ToS-restricted social platforms (LinkedIn, Instagram, X, Facebook). We surface manual evidence slots instead.
  • ×Sell or share investigation data with third parties. Your data is your data.
  • ×Expose service-role credentials to the browser, ever.
  • ×Publish subject reports publicly. All sharing is team-scoped.