Security Policy

Our commitment to protecting your data with enterprise-grade security.

Last Updated: December 2024

Security Overview

At Cention, security is foundational to everything we build. We implement comprehensive security controls to protect your data and ensure service reliability. Our security practices are designed to meet the requirements of the most security-conscious organizations.

Data Hosting & Infrastructure

Cention's services and customer data are hosted in Amazon Web Services (AWS) facilities. We offer data residency options across multiple regions:

Region Location
Europe Stockholm (Sweden), Ireland
United States Virginia (us-east-1), Northern California (us-west-1)
Asia-Pacific Singapore, Sydney (Australia)

AWS data centers maintain stringent physical security and are certified to SOC 1/ISAE 3402, SOC 2, SOC 3, ISO 9001, ISO 27001, ISO 27017, and ISO 27018.

Data Encryption

Encryption in Transit

All data transmitted to or from Cention is encrypted using 256-bit encryption. Both API and application endpoints are TLS/SSL only. Our SSL implementation scores an "A" rating on Qualys SSL Labs tests.

Encryption at Rest

All customer data stored within Cention is encrypted at rest using the industry-standard AES-256 encryption algorithm. This includes:

  • Database encryption
  • Disk/volume encryption
  • Backup encryption
  • File storage encryption

Authentication & Access Controls

  • Single Sign-On (SSO) - SAML 2.0 integration with your identity provider
  • Multi-Factor Authentication (MFA) - Enforced across all accounts including Cention, GitHub, Google, AWS, and Microsoft services
  • Role-Based Access Control (RBAC) - Granular permissions ensure users only access what they need
  • Principle of Least Privilege - Access to customer data is limited to authorized employees who require it for their job functions
  • Regular Access Reviews - Periodic audits of access rights and permissions

Certifications & Compliance

  • SOC 2 Type II - Independently audited security controls covering availability, confidentiality, and integrity
  • ISO 27001 - Information security management system certification
  • GDPR - Full compliance with European data protection regulations
  • HIPAA Ready - Healthcare data protection capabilities available
  • PCI DSS - Payment card data security compliance

Application Security

  • Secure Software Development Lifecycle (SDLC)
  • Code reviews and static analysis for all changes
  • Dependency vulnerability scanning
  • Regular security training for all developers
  • Bug bounty program for responsible disclosure

Security Testing & Audits

  • Penetration Testing - Regular third-party penetration tests
  • Vulnerability Scanning - Continuous automated vulnerability assessments
  • Security Audits - Annual third-party security audits
  • Code Analysis - Static and dynamic application security testing

Incident Response

Cention maintains comprehensive incident response procedures:

  • Escalation Procedures - Clear escalation paths for security events
  • Rapid Mitigation - Immediate response to contain and remediate threats
  • Post-Mortem Analysis - Thorough analysis and documentation of all incidents
  • Customer Notification - Timely notification of incidents affecting customer data
  • Continuous Improvement - Lessons learned incorporated into security practices

Network Security

  • Network segmentation and firewalls
  • DDoS protection and mitigation
  • Intrusion detection and prevention systems (IDS/IPS)
  • 24/7 security monitoring
  • Automated alerting and escalation

Business Continuity & Disaster Recovery

  • Geographically distributed infrastructure
  • Automated failover capabilities
  • Regular backup and recovery testing
  • Documented disaster recovery procedures
  • 99.9% uptime SLA

Vendor Security

We carefully vet all third-party vendors and subprocessors for security practices. Vendors must meet our security requirements and are subject to ongoing review. See our Subprocessors page for the current list.

Employee Security

  • Background checks for all employees
  • Security awareness training
  • Confidentiality agreements
  • Clean desk and device policies

Reporting Security Issues

If you discover a security vulnerability, please report it to security@cention.io. We appreciate responsible disclosure and will work with you to address issues promptly. We commit to:

  • Acknowledging receipt within 24 hours
  • Providing regular updates on remediation progress
  • Recognition for valid reports (with permission)
Back to Trust Center