Data Protection and Security
How we protect your data
Sentro takes security seriously
At Sentro, safeguarding our customers' data is our utmost priority. We understand that the protection and security of our customer data is our most important responsibility. We take that responsibility seriously, and we constantly review and improve our security procedures across the business. We keep a close eye on the latest local data regulations, and work with our customers to ensure we are compliant.
Our cloud-based software operates on Microsoft Azure, leveraging their cutting-edge investments into security to ensure the highest standards of data security and privacy for Sentro and our customers. This policy outlines our commitment and approach to protecting your valuable information.
Data Storage and Backup
As a Cloud-native service, we do not host any servers ourselves. We outsource this task to Microsoft Azure. View Azure security information.
We create Sentro instances in the Azure region most relevant for our customer. We create Single-Tenant Sentro instances for each customer, where each customer’s data is virtually isolated in different database instances.
All customer platform data is securely stored within Azure SQL databases and Azure Storage hosted in SOC 2 compliant data centers. These data centers comply with rigorous security standards, ensuring the physical security of the infrastructure.
Data within our platform databases is encrypted at rest using Azure's standard encryption tools, adding an additional layer of security to protect sensitive information. When data is stored in Azure Storage services such as Azure SQL and Blob Storage, it is automatically encrypted using Microsoft's encryption mechanisms.
Azure SQL and Azure Storage provide detailed logging capabilities, allowing Sentro to monitor and audit activities within our storage accounts. This includes logging access and configuration changes, enabling Sentro to track and investigate potential security incidents.
Encryption in Transit and Network Security
All Sentro data is encrypted while in transit over public networks using TLS 1.2, utilizing SHA-256 RSA TLS certificates. This encryption ensures that data remains confidential during transmission between our servers and your devices, safeguarding it from unauthorized access or interception.
Each environment within Sentro operates within its own internal network, secured using a dedicated virtual network within Azure. Access to these environments is restricted through a single-entry point via a network gateway, bolstering security by minimizing potential attack vectors.
To reinforce network security, we employ strict traffic filtering, permitting only essential ports required for the operation of the Sentro platform. Additionally, we maintain comprehensive logs of all network traffic and configuration changes, enabling us to monitor and ensure a secure operational environment.
Web Application Security and DDoS Protection
Our production web applications benefit from an additional layer of protection through Azure Web Application Firewall (WAF) integrated with Azure Front Door. This setup includes DDoS protection and automatic blocking of known attack traffic, safeguarding our applications from potential threats and ensuring uninterrupted service availability.
Password Management
Sentro customers have the freedom to restrict user account access to only third-party OAauth2.0 authentication (Active Directory or GSuite) and/or allow users to access Sentro via passwords.
All Sentro user passwords are stored using a strong cryptographic hashing algorithm to convert passwords into irreversible hashes. Hashing transforms the password into a unique string of characters that cannot be reversed to retrieve the original password. Sentro also salts password before hashing. Salting prevents attackers from using precomputed hash tables (rainbow tables) to crack passwords more easily. It adds complexity and uniqueness to each hashed password and follows industry best practices.
All Sentro staff are required to use multi-factor authentication where available.
Billing data
We securely store bank account information for the purpose of processing direct debit (ACH) transactions. Customer approval to store this information for this purpose is always received before information is stored.
Were customers elect to provide credit card data, we utilize Stripe, a PCI-compliant service. This ensures that customer payment information is handled with the highest level of security and in adherence to Payment Card Industry Data Security Standard (PCI DSS) requirements. Sentro’s systems do not store or retain any credit card data.
You can Stripe's data protection information here:
Stripe Privacy Policy
Stripe Security
Segregation of duties
Sentro staff do not have access to your data. The exception to this is when our Customer Success team or Engineers need to debug issues or configure your account. In such circumstances, we will only access your data with your express permission. Access controls are defined based on roles and responsibilities, ensuring that employees only have access to the data necessary for their job functions.
Our internal Data Protection Policy states that customer data is never to be stored on local machines.
Production and Staging logins are separated between Success and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.
Disaster Recovery
We have comprehensive disaster recovery measures in place to mitigate risks and ensure continuity of services in unforeseen events. This includes regular backups, redundant systems, and a well-defined and tested recovery plan to minimize downtime and data loss.
Azure's automated backup tools are employed to create backups of databases every few minutes. These backups are retained for extended periods, up to a year, enabling us to restore data in case of any unforeseen incidents or data loss.
Moreover, production databases are replicated to a separate geographic region, ensuring redundancy and disaster recovery readiness.
Our Cloud-based platform is engineered for redundancy and availability. We employ monitoring tools to detect when server loads are reaching capacity, and can adjust capacity easily. Additionally, our platform uses load balancing techniques to auto-scale when demand is high.
We are committed to continuously improving our data protection practices and staying abreast of evolving security standards and technologies.
Your trust in us is paramount, and we strive to maintain the highest level of security and confidentiality for your data within our systems. Should you have any queries or concerns regarding our data protection practices, please don't hesitate to contact our dedicated support team.
This policy is subject to updates as necessary to align with changing regulations and security best practices.