Sent's Commitment to Security
Security is foundational to Sent's mission of delivering global, multi‑channel messaging you can trust. Every architectural decision, line of code, and operational policy is designed to keep customer data safe while ensuring messages flow—fast and reliably world‑wide.
Secure by Design
Threat‑model first
All new features pass structured threat modeling aligned to OWASP ASVS and NIST SSDF before development begins.
Defense‑in‑depth architecture
Network segmentation, isolated VPCs, and least‑privilege IAM protect data from the edge to the database.
Encryption everywhere
TLS 1.2+ for data in transit and AES‑256 encryption for all data at rest, backups, and snapshots.
Independent Verification & Compliance
| Program / Standard | Status | Scope |
|---|---|---|
| SOC 2 Type II | In progress (audit underway with Secureframe; target completion Q4 2025) | Security & Confidentiality |
| GDPR / CCPA | Supported | Data Processing Addendum & regional data localization on request |
| 10DLC | Registered | Full U.S. A2P messaging compliance |
| CISA Secure‑by‑Design Pledge | Signatory | Secure software development practices |
A draft SOC 2 report will be shared under NDA as soon as the audit concludes via the Sent Trust Center.
Continuous Testing & Monitoring
24 × 7 security operations
Automated SIEM and IDS pipelines surface anomalies within minutes; critical alerts page an on‑call engineer.
Weekly vulnerability scans & annual third‑party penetration tests
Findings feed directly into CI/CD gating policies.
Immutable audit trails
All control‑plane actions are logged to a tamper‑evident ledger and retained for at least 12 months.
Data Privacy & Isolation
Tenant‑aware encryption keys
Each customer's data is encrypted with a dedicated key rotated every 90 days or sooner.
Configurable data residency
Choose U.S., EU, or APAC regions to keep message content close to your users.
Fine‑grained access controls
SSO, SCIM, and role‑based permissions ensure teams get exactly the rights they need—nothing more.
Responsible Disclosure & Community Engagement
Bug Bounty Program
Rewards up to $10k for qualifying vulnerabilities.
Five‑day first‑response SLA
Via security@sent.dm with ongoing status updates through remediation.
Public advisories & SBOMs
CVE‑based advisories and signed Software Bills of Materials accompany all major releases.
Business Continuity & Incident Response
Redundant, multi‑region deployments
Maintain messaging continuity even if an entire data center fails.
Hourly encrypted backups
Automated restore testing safeguards data integrity.
Documented, rehearsed IR plan
Guides containment, eradication, and customer communication; post‑incident reports shared within 48 hours.
Continuous Improvement
We measure security success by:
- Mean time to detect (MTTD) and mean time to remediate (MTTR) vulnerabilities.
- Quarter‑over‑quarter reduction in open high‑severity findings.
- Customer trust scores captured in periodic surveys.
Metrics directly inform our engineering OKRs and product roadmap.
Learn More
Visit the Sent Trust Center for live status, audit artifacts (when available), and deeper technical detail, or reach us at security@sent.dm.
Your messages power mission‑critical workflows—our commitment is to keep them (and you) secure, every step of the way.