Security Is the Foundation

Security & Compliance

How we protect your data — and how our products protect yours. Security isn't an afterthought — it's the reason we exist.

Security Principles

Enterprise-grade protection

Every design decision prioritizes the security of your cloud environment.

Zero Data Exfiltration

All data stays in your Azure tenant. We never see or store your secrets, keys, certificates, or identity credentials.

Azure Managed Identity

No shared credentials. Our products use Azure Managed Identity for secure, credential-less authentication to Azure and Microsoft Graph APIs.

Encryption Everywhere

AES-256 encryption at rest via Azure Storage Encryption. TLS 1.2+ for all data in transit.

Least Privilege Access

Minimal RBAC and API permissions required. We document exactly what access is needed and why.

Customer-Controlled Isolation

Deployed as Azure Managed Applications within your subscription boundary. You own the infrastructure.

SOC 2 Roadmap

SOC 2 Type II certification planned for 2026 as part of our enterprise readiness.

Data Philosophy

We never see your secrets or credentials

Our products are designed with a zero data exfiltration architecture. All monitoring happens entirely within your Azure tenant.

What we DO access

ProductData Accessed
VaultGuard360Key Vault metadata: names, expiration dates, content types
IAMGuard360Entra ID metadata: app names, credential expiration dates, owner assignments

What we NEVER access

ProductData We Never Touch
VaultGuard360Secret values, private keys, certificate private keys, cryptographic material
IAMGuard360Client secret values, certificate private keys, authentication tokens

Permissions

Least Privilege Access

VaultGuard360

Key Vault Reader role (metadata only, not secret values)
Managed Identity authentication
No agent installation required
Customer-controlled RBAC

IAMGuard360

Microsoft Graph: Application.Read.All (read-only)
Managed Identity authentication
No agent installation required
Customer-controlled app consent

For detailed architecture documentation, see VaultGuard360 Architecture and IAMGuard360 Architecture.

Compliance

On the path to certification

We're committed to meeting the highest standards of security compliance.

CertificationStatus
SOC 2 Type II
Enterprise compliance certification
In Progress
GDPR Aligned
Data minimization and privacy by design
Current
ISO 27001
Information security management
Planned

Security Contact

Have a security concern or want to report a vulnerability? We take security seriously.

security@sentinelvaultsystems.comView our Responsible Disclosure Policy →