Security

We take security seriously

Your vulnerability data is sensitive. Here is exactly how we protect it — from the moment you upload a scan to the moment you export a report.

How we protect your data

Security is built into every layer of our platform — not bolted on as an afterthought.

Encryption at Rest & in Transit

All data stored on our platform is encrypted using AES-256. Every connection between your browser and our servers uses TLS 1.2 or higher. Your scan files and compliance documents are never stored unencrypted.

Strict Access Controls

We enforce role-based access controls (RBAC) so that team members only see the data they need. Administrative access to production systems is restricted, audited, and requires multi-factor authentication (MFA).

Secure Cloud Infrastructure

Vulnaguard Sentinel runs on enterprise-grade cloud infrastructure with SOC 2-compliant providers. We apply the principle of least privilege across all infrastructure components and conduct regular configuration reviews.

Vulnerability Management

We regularly conduct internal security assessments and third-party penetration testing. Critical findings are remediated with urgency. Our team monitors security advisories and applies patches promptly.

Audit Logging

All access to customer data is logged with timestamps, user identities, and actions taken. Logs are retained and protected from tampering, enabling forensic review in the event of an incident.

Incident Response

We maintain a documented incident response plan. In the event of a data breach that affects your data, we will notify you without undue delay in accordance with applicable data protection laws.

Your data, your control

Vulnerability scan results and compliance documentation you upload to Vulnaguard Sentinel remain yours. We do not sell, share, or use your Customer Data to train models or improve our product without your explicit consent.

Data is logically isolated between customers. Your scans, reports, and workspace data are never accessible to other organizations on the platform.

When you close your account, your data is deleted within 90 days. You can request early deletion at any time by contacting security@vulnaguard.com.

Responsible disclosure

We welcome reports from security researchers. If you discover a vulnerability in Vulnaguard Sentinel, please report it to us privately before disclosing it publicly. We commit to:

  • Acknowledge your report within 2 business days
  • Investigate and keep you informed of our progress
  • Remediate confirmed vulnerabilities with urgency
  • Not pursue legal action against good-faith researchers

Report a vulnerability

security@vulnaguard.com

Please include a description of the issue, steps to reproduce, and any proof-of-concept. We review all submissions.