Sentinel is a real-time fraud detection API (sntlhq.com). This document states our security posture plainly for procurement and security review: the controls in place today, how data is handled, and — deliberately — what we do not yet have. It is written to be checked, not to impress: every claim here is verifiable on the linked public pages, and we do not list controls we don't have.
security.txt published).| Control | Implementation |
|---|---|
| Authentication | Email + bcrypt-hashed password, Google OAuth (RS256, JWKS verified), TOTP 2FA, reviewable active-session list with per-device revocation, account lockout on repeated failures. |
| API key management | Keys generated with crypto.randomBytes (prefix sk_live_); rotation and instant revocation via dashboard; key rotation and password change require re-authentication. |
| Password breach check | Have I Been Pwned k-anonymity (5-character SHA-1 prefix only) on signup and password reset — the password itself never leaves our infrastructure. |
| Transport security | TLS 1.2+; HSTS preload; CORP same-origin; CSP with allowlists and live violation reporting; X-Content-Type-Options nosniff; X-Frame-Options DENY; Permissions-Policy locks camera/mic/geolocation/payment. |
| Rate limiting | Per-API-key and per-source-IP caps on evaluation endpoints; exponential backoff on authentication endpoints. |
| Session invalidation | Password change/reset or admin suspension immediately invalidates all sessions (token-epoch bump). |
| Encryption at rest | Managed encryption at rest on the primary database (Turso / libSQL). |
| Uptime transparency | Self-hosted status page with persisted 90-day probe history and real measured uptime at /status — no vanity numbers. |
| Data | Policy |
|---|---|
| Lookup IPs | Raw IPs retained 7 days, then reduced to a one-way hash. |
| Signup emails (API signal) | Checked transiently against disposable-domain feeds; never stored or logged. |
| Device linking | Per-customer only, stored as one-way hashes; never linked across customers. |
| Account deletion | GDPR Art. 17 self-service deletion with password re-auth; immediate deletion plus encrypted-backup roll-off within 60 days. |
| Analytics & advertising | None. Fonts self-hosted; no third-party analytics or ad providers anywhere on the product or site. |
Cloudflare (CDN/edge), Railway (hosting), Turso (database), Resend (transactional email), Google (Sign-In only), Have I Been Pwned (k-anonymity check), plus network- and device-intelligence providers named to customers under DPA. The live list with a dated change log is public at /sub-processors; new data-processing sub-processors get 30 days' advance notice with right to object.
UK GDPR / EU GDPR aligned (processor role for evaluation traffic; DPA with SCCs available for every customer — request via [email protected]). CCPA honored. Security questionnaires (SIG-Lite, CAIQ, bespoke) completed within 5 business days of request. MSA available where click-through Terms can't be accepted.