Enterprise-Grade Security

Your product data, protected.

Sentra processes sensitive customer data — interviews, support tickets, sales calls. We built security into every layer, not bolted it on after.

EU Data Residency

Your database, files, and authentication are stored in Frankfurt, Germany (AWS eu-central-1). Your data never leaves the EU for storage.

Encryption Everywhere

AES-256 encryption at rest, TLS 1.3 in transit. Passwords are hashed with bcrypt, never stored in plain text. Every byte is protected.

Complete Data Isolation

Row-Level Security (RLS) on every table. Each user can only access their own projects and data. No cross-tenant data leakage — ever.

4-Layer Defense

Proxy authentication, server-side session validation, database-level RLS policies, and API route guards. Four independent layers, each sufficient on its own.

No AI Training

Your data is never used to train AI models. We use Claude and Gemini APIs with zero data retention agreements. Your competitive intelligence stays yours.

GDPR Compliant

Full DSGVO/GDPR compliance. Data export, account deletion, consent management, and transparent sub-processor documentation. You're always in control.

Built on trusted infrastructure

Supabase

SOC 2 Type II

Database & Auth — Frankfurt, Germany

Vercel

SOC 2 Type II

Hosting & Edge Network

Stripe

PCI DSS Level 1

Payment Processing

Security FAQ

Your primary data (database, files, authentication) is stored by Supabase in Frankfurt, Germany (AWS eu-central-1). Web hosting uses Vercel's global edge network with EU regions.

AI providers (Anthropic, Google) only receive data during active API calls for analysis. They don't store your data beyond processing. We use zero-retention API agreements where available.

Yes. Row-Level Security (RLS) is enabled on every table in our database. Each query is automatically scoped to your user ID. There is no way to access another user's data, even with a valid session.

Yes. You can export and delete all your data from Settings > Data & Privacy. Account deletion removes all projects, sources, evidence, patterns, specs, and chat history within 30 days.

We follow GDPR-mandated incident response procedures. Affected users will be notified within 72 hours. You can report security concerns to hello@sentra.so.

Have security questions?

We're happy to answer any questions about how we protect your data.

Contact Us