System Policies

Acceptable Use

You may only scan assets you own or have explicit written authorisation to scan. Running SentraLens against third-party systems without authorisation may violate local computer misuse law and is grounds for immediate tenant suspension without refund. Phishing simulations must only target employees of your own organisation.

Specifically, you agree not to:

• use SentraLens to attack, disrupt, or gain unauthorised access to systems you do not own,
• use phishing features against individuals outside your organisation,
• exfiltrate or redistribute other tenants' data,
• attempt to bypass licensing, rate-limiting or multi-tenancy controls,
• use the platform to develop, host or deliver malware to third parties,
• reverse engineer the platform beyond what local law explicitly permits.

Responsible Disclosure

If you discover a security vulnerability in SentraLens itself, please report it privately to [email protected]. We commit to an initial response within 48 hours and to a coordinated disclosure timeline agreed with the reporter. Researchers acting in good faith under this policy will not be pursued legally.

Rate Limits

• Probe registration: 5 attempts per minute per source IP during onboarding.
• Probe update requests: 3 per hour per probe, to prevent accidental or malicious update loops.
• AI enrichment: subject to per-tenant monthly token budgets when the AI module is licensed.
• API requests: standard per-tenant throughput limits apply; documented in the API guide available to authenticated users.
• Phishing email delivery: throttled to protect sender reputation and to match typical enterprise mail-flow expectations.

Scan Intensity

External scans are rate-limited to avoid triggering intrusion prevention systems or impacting target availability. Internal scans via on-prem probes run with a configurable concurrency ceiling (default two concurrent tools per probe). Aggressive scan profiles must be explicitly enabled per scan and are disabled by default.

Availability Target

The SentraLens SaaS control plane targets 99.5% monthly availability. On-prem probes are designed to degrade gracefully during SaaS outages: scheduled scans are queued and replayed when the SaaS returns. Planned maintenance windows are announced at least 48 hours in advance through in-product notifications and email to tenant administrators.

Backup & Restore

Tenant data is backed up daily. Backups are encrypted at rest and retained for 30 days. Restore requests are actioned within one business day. Customers on higher service tiers can request a custom backup schedule and longer retention.

Multi-Tenancy Isolation

Every data row is scoped to a tenant UUID. Tenant scoping is enforced at multiple layers simultaneously so that no single mistake can cause a cross-tenant leak:

• The API gateway validates the caller's JWT and strips any client-supplied identity headers before injecting the tenant ID derived from the token.
• The gateway injects a shared-secret header (X-Internal-Auth) that downstream services verify on every tenant-scoped request. Direct hits that bypass the gateway are rejected with 401.
• Repository-layer queries in the Go services take tenantID as a mandatory function parameter — it is impossible to call them without a tenant context at compile time.
• Python services use a @require_tenant decorator that parses and attaches the tenant UUID before any database access, with a CI linter enforcing its presence.

Cross-tenant access is only possible for authenticated super_admin users operating through the dedicated Customers platform view. Every such access is recorded in the audit log.

Supply Chain Security

On-prem probe container images are signed with Sigstore cosign and verified against a baked-in public key before every self-update. Where available, image references are pinned by digest in addition to tag so that tag-move attacks cannot deliver a different image than the one that was signed.

The release pipeline, signing keys rotation policy, and image verification flow are documented publicly in the project's docs/contracts/ directory for customer audit.

Audit Logging

Every mutating action taken inside SentraLens — who did what, when, from which IP, with which result — is recorded in the audit log. Tenant administrators have full read access to their tenant's audit log via Settings → Audit Log. Audit records are append-only and cannot be modified after creation.

Compliance Framework

SentraLens currently supports compliance work across ISO 27001 (information security management), SOC 2 Type II (security, availability and confidentiality), ISO 42001 (AI management systems), PCI DSS 4.0, NIST CSF 2.0, UAE NESA / ADHICS, UAE PDPL, GDPR, and HIPAA — the platform ships with control mappings, evidence collection, and report templates for each. Additional frameworks can be added on request. SentraShield itself is not yet independently certified against these standards; certification work is in progress and current status is available on request.