Trust Center
SentriWatch is built for early detection of exposed credentials, fast customer notification, and actionable response guidance. This page documents our current security and operations commitments.
Business Identity
- Legal entity: SentriWatch Security Solutions LLC
- Primary support: sharperdrz400sm@gmail.com
- Security contact: sharperdrz400sm@gmail.com
- Address: Chicago, Illinois, United States
- Response SLA: Critical 1 hour, High 4 hours, Standard 1 business day
Encryption
- TLS 1.2+ in transit for dashboard and API traffic
- Passwords are hashed with scrypt and never stored in plaintext
- Signed access tokens with expiry and verification controls
- Database access restricted to approved service accounts
Access Controls
- Role-based access: Owner, Admin, Analyst
- MFA enforced for privileged roles (Owner/Admin)
- Per-organization data isolation on API and query layer
- Audit-oriented request logging for security review
Backups
- Automated database backup inventory and retention checks
- Restore testing should be performed on a defined schedule
- Backup location access restricted to operational staff
- Documented backup and restore runbooks
Logging and Monitoring
- API request log capture with method, status, duration, and timestamp
- Application health endpoint and reliability endpoint monitoring
- Error telemetry integration available for production incident analysis
- Uptime visibility on the public status page
Incident Response Commitments (NIST SP 800-61r3 aligned)
- Preparation: predefined playbooks for credential leak and account takeover scenarios
- Detection and analysis: security triage starts immediately after alert generation
- Containment and eradication: recommended actions include password reset, MFA enforcement, and session revocation
- Recovery: customer guidance includes account hardening and follow-up validation checks
- Post-incident: documented lessons learned and control improvements
- Customer communication: critical incident updates begin within 60 minutes of confirmed impact
Retention and Deletion Policy
- Exposure and alert records are retained to support security investigations and customer reporting
- Operational logs are retained to support reliability and incident analysis
- Data deletion requests are processed through verified support workflows
- Retention windows can be adjusted by contract and legal requirements
Verification Transparency
The client portal shows exact verification states (pending, verified, failed) with:
- DNS TXT record copy action
- Last checked timestamp
- Retry guidance and next-step recommendations
Proof and Evidence
- Redacted sample alert report and response workflow examples
- Case study summaries with measurable response outcomes
- Uptime history and reliability trend visibility
- Customer logos and testimonials only with written permission
Review details on Evidence and report security issues through our Vulnerability Disclosure Policy.