Trust
Engineered for enterprise security.
Zentra is built to pass an enterprise security review — not just look like it can. This page summarizes our controls; full evidence (SIG questionnaire, penetration test reports, SOC 2 / ISO 27001 documentation) is available to evaluating customers under NDA.
Encryption
TLS 1.2+ for all traffic. AES-256 at rest. Customer-managed keys available on enterprise plans.
Identity & access
SSO via SAML and OIDC. SCIM provisioning. Granular role-based access with field-level scoping.
Audit logging
Comprehensive audit trails on every record and configuration change. Immutable export for SIEM integration.
Data residency
Choice of region for managed cloud, or self-host in your VPC for full residency control. Air-gapped deployments supported.
Vulnerability management
Annual third-party penetration testing. Continuous SAST/DAST in our CI pipeline. Disclosure program at [email protected].
Compliance
Aligned with ISO 27001 and SOC 2 control sets. GDPR-ready data processing addendum available on request.
Backup & recovery
Automated backups with point-in-time recovery. Disaster recovery tested quarterly with documented RPO/RTO targets.
Subprocessors
Limited, listed, and reviewed annually. We notify customers of material changes.
Reporting a vulnerability
We welcome reports from security researchers. Please email [email protected] with details. We acknowledge within one business day, validate within five, and remediate based on severity. We commit to not pursuing legal action against good-faith research conducted under our disclosure policy.