How Centinel handles your data, your traffic, and your risk.
The short version of what we collect, how long we keep it, where it lives, and who can audit it.
What Centinel collects and keeps.
Centinel collects request metadata: user agent, TLS fingerprint, HTTP/2 frame parameters, IP, ASN, and the path that was requested. Request bodies, form inputs, cookies beyond a single signed audit cookie, and any personal data inside your payloads are never read, stored, or transmitted to us. Detection runs at the network edge; verdicts and anonymised logs land in managed datastores with EU / US / APAC region selection. Retention defaults to 30 days and is configurable down to 7 days or up to 90 days under a signed DPA. Access is scoped to named Centinel engineering staff on audit-logged consoles. Publisher dashboards see only the traffic collected from that publisher’s own properties.
Three things auditors and legal teams ask about.
Compliance posture
Centinel follows the AICPA Trust Services Criteria (security, availability, confidentiality, processing integrity) as an operating baseline. A formal SOC 2 Type II audit is on the 2026 roadmap; the report will be published when it lands.
GDPR + DPA
Data Processing Addendum available on request. Centinel acts as a data processor for the publisher; publishers remain data controllers of their traffic data. Sub-processors listed in the DPA.
Incident response
Security incidents disclosed within 72 hours. Reach the team at security@centinelanalytica.com. PGP key on request. No six-month silence.
Who else touches the data.
Centinel engages a small number of sub-processors across edge compute, managed datastores, product analytics, sales enrichment, and marketing analytics. The full, versioned list with each processor's role, region, and data scope is provided in the DPA on request.
Reporting a security issue.
Preferred channel is email to security@centinelanalytica.com. PGP key available on request. We acknowledge reports within one business day and aim to triage inside 72 hours. We do not operate a public bug-bounty programme yet; reporters acting in good faith are credited in the disclosure timeline and will not be pursued legally for testing that respects our scope. If the issue is being actively exploited, mark the email URGENT and include reproduction steps.
security@centinelanalytica.comPick the next step that fits where you are
Demo, self-serve check, pricing, or a quiet email. Whichever maps to your stage.