Security, data residency, and compliance — how SENTR handles your transaction data.

All transaction data is processed within EU data centres. GDPR Article 44 compliant by architecture. Read-only access during shadow mode — SENTR writes nothing to your production environment.

Certifications and compliance standards

SOC 2 Type II

Audit underway

Security, availability, and confidentiality controls audit — expected completion Q3 2026.

GDPR Article 44

Compliant

EU data residency compliant. No cross-border transfer of transaction data.

EU AI Act — Article 13

Compliant by architecture

Explainability architecture built to Article 13 transparency requirements.

ISO 27001

Process initiated

Information security management system certification — expected completion Q1 2027.

SOC 2 Type II audit is underway. ISO 27001 certification process initiated. Both timelines are projected as above. Current security controls include: annual third-party penetration testing, immutable audit logging across all data processing, read-only data connections during shadow mode evaluation, and EU-only data residency enforced at infrastructure level.

How we handle your data

Read-only access during shadow mode

SENTR reads your transaction stream via a read-only API connection. We write nothing to your production environment at any point during the evaluation. Your stack stays fully in your control.

EU data centres — no cross-border transfer

All data processing occurs within EU data centres. No transaction data is transferred outside the EU. GDPR Article 44 compliant.

Immutable audit log

Every automated decision is written to an immutable audit log at decision time. Exportable on demand for regulatory submissions. Compliant with EU AI Act Article 13 transparency requirements.

Data retention and deletion

Evaluation data is retained for 30 days post-evaluation. On termination, all data is deleted within 30 days. Full deletion certificate provided on request.

Responsible disclosure

If you identify a security vulnerability in SENTR's systems, please contact security@sentr.io. We acknowledge all reports within 48 hours and provide a resolution timeline within 5 business days.

We do not offer a bug bounty programme at this stage. We are committed to responsible disclosure and will work transparently with researchers to address confirmed vulnerabilities.

Security questions before you evaluate?

Architecture Sessions include a full data handling and security review. Bring your security questionnaire.

Book an Architecture Session