//Trust · Centertron

Authority requires audit.
This page is the audit trail.

Centertron operates inside the operational core of organisations that cannot tolerate failure. The controls below are how we earn that position — and how we keep earning it.

Contact security teamView system status
TLS 1.3
Transit encryption
AES-256
At-rest encryption
24/7
Detection coverage
SOC 2 II
Audit posture
//Security measures

What is in place, today, in production.

The four pillars of our operational security posture. Each measure is owned, monitored, and reviewed.

M-01
Cryptography

Encryption in transit and at rest

TLS 1.3 for all transit. AES-256 at rest. Keys rotated on schedule. No customer data is ever co-mingled across tenants.

Operational
M-02
Identity & access

RBAC, MFA, and continuous access review

Role-based access control with deny-by-default. Multi-factor authentication mandatory for all privileged roles. Quarterly access attestations.

Operational
M-03
Infrastructure

Multi-AZ hardened cloud substrate

Enterprise-grade cloud across multiple availability zones. Immutable infrastructure. Encrypted snapshots. Documented disaster recovery procedures.

Operational
M-04
Detection

24/7 monitoring and intrusion detection

Continuous log aggregation, anomaly detection, and on-call response. Automated alerting on signatures and behavioural drift.

Operational
//Compliance

Frameworks we operate against.

Certifications and frameworks under active maintenance. Reports and attestations are available to qualified prospects under NDA.

SOC 2 Type II
Annual audit of security, availability, and confidentiality controls.
Compliant
GDPR
EU data protection standards — data subject rights, lawful basis, processor obligations.
Compliant
CCPA / CPRA
California consumer privacy rights — disclosure, deletion, opt-out.
Compliant
HIPAA
Healthcare data protection. Available under Enterprise BAA.
Available
//Operational practices

How the controls are maintained.

Controls are only as strong as the practices that uphold them. These are the continuous activities, not one-time certifications.

P-01

Third-party penetration testing

Independent assessments conducted quarterly against the entire platform surface.

P-02

Continuous vulnerability scanning

Automated scanning of dependencies, containers, and infrastructure. Patches deployed on policy.

P-03

Secure development lifecycle

Threat modelling, code review, and automated security tests gate every release.

P-04

Documented incident response

Severity-tiered runbooks, on-call rotation, and post-incident review on every event.

P-05

Personnel security

Background checks, training, and least-privilege provisioning for all team members.

P-06

Data lifecycle controls

Retention policies, secure deletion, and exportable customer data on demand.

//Transparency

We will tell you when something is wrong.

Incident disclosure is operational, not optional. If an event impacts the confidentiality, integrity, or availability of your data, you will be notified — directly, with full context — within our published response window.

Status pagestatus.centertron.com
Security contactsecurity@centertron.com
Disclosure windowPrompt notification on incidents that may affect customer data.
Audit reportsAvailable under mutual NDA. Request via security@.
//Engage

Have a question your auditors need answered?

Our security team responds to qualified questionnaires, due diligence requests, and architecture reviews directly.

Contact securityOpen enterprise brief