Security Policy

Our commitment to protecting your data with enterprise-grade security.

Last Updated: 15 December 2024

Security Overview

At Cention, security is foundational to everything we build. We implement comprehensive security controls to protect your data and ensure service reliability.

Certifications & Compliance

  • SOC 2 Type II - Independently audited security controls
  • ISO 27001 - Information security management system
  • GDPR - European data protection compliance
  • HIPAA Ready - Healthcare data protection capabilities
  • PCI DSS - Payment card data security

Data Encryption

Encryption at Rest

All data stored in our systems is encrypted using AES-256 encryption. Database encryption, disk encryption, and backup encryption are standard.

Encryption in Transit

All data transmitted to and from our services uses TLS 1.3 encryption. We enforce HTTPS for all connections and use certificate pinning for mobile applications.

Infrastructure Security

  • Cloud infrastructure hosted in SOC 2 certified data centres
  • Network segmentation and firewalls
  • DDoS protection and mitigation
  • Regular vulnerability scanning and penetration testing
  • Intrusion detection and prevention systems

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) for all accounts
  • Single sign-on (SSO) support via SAML 2.0
  • Principle of least privilege
  • Regular access reviews

Application Security

  • Secure software development lifecycle (SDLC)
  • Code reviews and static analysis
  • Dependency vulnerability scanning
  • Regular security training for developers
  • Bug bounty programme

Monitoring & Incident Response

  • 24/7 security monitoring
  • Automated alerting and escalation
  • Documented incident response procedures
  • Regular incident response drills
  • Post-incident reviews and improvements

Business Continuity

  • Geographically distributed infrastructure
  • Automated failover capabilities
  • Regular backup and recovery testing
  • Disaster recovery planning
  • 99.9% uptime SLA

Vendor Security

We carefully vet all third-party vendors and subprocessors for security practices. Vendors must meet our security requirements and are subject to ongoing review.

Reporting Security Issues

If you discover a security vulnerability, please report it to security@cention.io. We appreciate responsible disclosure and will work with you to address issues promptly.

Back to Trust Center