Security & Compliance Overview

How Opsentinel handles your data.

A procurement-friendly summary of where your data lives, who has access, what we'll sign before a pilot, and what certifications are current vs. roadmap. Written for the compliance officer reviewing this — not the marketing visitor. Every factual claim on this page is true today; roadmap items are clearly labelled.

Data flow

Where your data goes when you upload an RFQ.

1
Your browser
Document selected for upload. Nothing leaves the device until the next step.
↓TLS 1.2+ encrypted
2
opsentinel.io edge
Single domain — no third-party CDN, no cross-origin asset fetches during a session.
↓Encrypted at rest
3
Supabase (US region)
Document stored, indexed, RLS-scoped to your workspace. No other customer can read it at the database layer.
↓Sent under ZDR agreement
4
Anthropic Claude (via OpenRouter)
Document analysed under zero-data-retention. Not used for training. Not persisted by the provider after the request.
↓Result returned
5
Findings written back to Supabase
Findings stored RLS-scoped to your workspace. Your data — and only your data — visible in your dashboard.

The details

1. Data residency

Customer data lives in US-hosted Supabase Postgres and Object Storage. Every analysis, finding, pattern, and uploaded document is processed by servers in US data centres. Region-of-deployment details are available on request as part of the pilot security questionnaire.

2. Data isolation

Per-workspace Row Level Security at the database layer. Every query against every table filters onworkspace_idas a database-enforced policy — not as application-level filtering that an upstream bug could bypass. Two customers in the same Postgres instance cannot read each other's rows even if the application layer were compromised.

3. Encryption

At-rest: all customer data is stored encrypted at rest (Supabase-managed AES-256). In-transit:TLS 1.2 or higher on every connection — browser to opsentinel.io, backend to Supabase, backend to LLM provider. No customer data is ever transmitted or stored unencrypted.

4. LLM data handling

Documents and analyses are sent to Anthropic Claude via OpenRouter under a zero-data-retention agreement configured at the OpenRouter account level. That agreement governs: never used for model training, never persisted by the model provider after the request returns, no human review on the provider side. We share the agreement details on request as part of the pilot security questionnaire — ZDR is enforced by the provider contract, not by request headers in our code. Re-running the same RFQ a year from now produces the same answer because we run at temperature 0 with deterministic post-processing — not because the model remembers. It doesn't.

5. Access controls

Role-based access within each workspace (Owner / Member / Viewer) governs who can upload, view, and configure. Owner manages billing and members; Member uploads and configures; Viewer can read but not modify. Authentication uses asymmetric ES256 JSON Web Tokens verified via JWKS; an HS256 verification path is retained as a legacy fallback for internal endpoints during migration. A dedicated audit-events table records actor, action, target, payload, IP, and user-agent for the privileged actions wired today (workspace threshold defaults, digest config, integration API-key creation and revocation) plus existing alert-lifecycle changes. Member-management, billing-webhook, and workspace-deletion audit hooks attach as those endpoints ship.

6. Network posture

All traffic — auth, API, asset delivery — routes through the single domain *.opsentinel.io. Corporate IT teams need to allowlist exactly one domain to unblock the application end-to-end. No third-party callouts are made from the user's browser during a session — the proxy approach was built specifically so defence and aerospace networks can deploy without firewall churn.

Certifications & roadmap

What's current vs. what's on the roadmap.

We mark each item as either current (true today, can show evidence) or talk to us(in progress / roadmap / available on request). We don't claim certifications we don't hold.

Standard	Status
SOC 2 Type 1	CurrentIn progress · target within 6 months
SOC 2 Type 2	Talk to usRoadmap · ask us for current timeline
CMMC L2 alignment	Talk to usControls inventory available — internal artefact mapping our controls to all 14 CMMC L2 families, shared by email
Mutual NDA	CurrentSigned before any pilot — your template or ours
Data Processing Agreement (DPA)	CurrentAvailable before any pilot
Custom data-handling clauses	CurrentAvailable — DFARS / ITAR / export-controlled pilots talk to us
On-prem / single-tenant deployment	Talk to usRoadmap · talk to us about your timeline

What we'll sign

Mutual NDA (your template or ours)
Data Processing Agreement (DPA)
Custom data-handling clauses for DFARS / ITAR / export-controlled work
BAA on request for healthcare-adjacent pilots

Security questionnaires

CAIQ (Cloud Security Alliance Consensus Assessment)
SIG-Lite
VSA (Vendor Security Assessment)
Custom internal questionnaires (typical turnaround: 5 business days)

Pilot terms

What you sign up for in a pilot — and how to get out of it.

4–6 week pilot, fixed cost
Signed mutual NDA + DPA before any data is uploaded
Named data-handling officer on our side
Weekly sync, defined success criteria you set
Exit clause — if you decline to continue, all customer data is automatically deleted within 30 days of pilot end (or on request, whichever is sooner).

Have a specific security question?

Email us with your questionnaire, your data-handling requirements, or your specific compliance regime. We answer security questions before pilot questions — they come from your compliance team, not your sales team, and we treat them that way.

Email a security question →About the company