Security
Security at SentinelFlux
We take the security of your data and your application under test seriously. Here's how we protect it.
Encryption in transit
All traffic is encrypted with TLS 1.2+. HTTP connections are redirected to HTTPS.
Encryption at rest
Database and file storage are encrypted at rest using AES-256.
Access controls
Role-based access control (RBAC) with least-privilege principles. API keys are hashed and never stored in plaintext.
VAPT tested
The platform is regularly tested against OWASP Top 10 using SentinelFlux's own security module — we eat our own cooking.
Infrastructure
- Hosted on hardened cloud infrastructure with network-level firewalls and DDoS protection.
- Automated daily backups with point-in-time recovery.
- Dependency scanning on every build to detect known CVEs.
- Production deployments require code review and passing CI checks.
AI Service Keys
Your AI service API keys (Mistral or others) are stored encrypted and are only decrypted in memory at the time of use. They are never logged, exposed in API responses, or accessible to SentinelFlux staff.
Responsible Disclosure
We welcome security researchers. If you discover a vulnerability in SentinelFlux, please report it to us before disclosing publicly so we can address it.
Report a vulnerability
Email security@sentinelflux.in with a description of the issue, steps to reproduce, and potential impact. We aim to acknowledge all reports within 48 hours and resolve valid issues within 30 days.
- ✓ We will not pursue legal action against researchers acting in good faith.
- ✓ We will credit researchers in our changelog (if desired).
- ✗ Please do not access or modify other users' data during testing.
Questions
For non-urgent security questions, contact security@sentinelflux.in.