Back to home

Security at SenAsset

Your asset data is critical business infrastructure. We treat its security with the same seriousness. SenAsset is built on enterprise-grade security practices from the ground up.

SOC 2 Type II

Security & Availability

GDPR

EU Data Protection

CCPA

California Privacy

ISO 27001

Information Security (AWS)

AES-256

Encryption standard

TLS 1.3

Transport security

2×/year

Penetration tests

99.99%

Infrastructure uptime

How we protect your data

Encryption at Rest & in Transit

All data stored in SenAsset is encrypted using AES-256, the same standard used by financial institutions and government agencies. All data transmitted between your browser and our servers uses TLS 1.3, ensuring the strongest available transport security.

  • AES-256 encryption for stored data
  • TLS 1.3 for all data in transit
  • Encrypted database backups
  • Encrypted file attachment storage

SOC 2 Type II Compliance

SenAsset has achieved SOC 2 Type II certification, independently audited by a third-party firm. This certification validates our controls around security, availability, processing integrity, confidentiality, and privacy over a sustained period of time.

  • Annual third-party audit
  • Covers all 5 Trust Service Criteria
  • Report available under NDA for Enterprise customers
  • Continuous monitoring between audits

Penetration Testing

We partner with independent security firms to conduct comprehensive penetration tests at least twice per year. Our internal security team also performs ongoing vulnerability assessments using automated scanning tools.

  • Semi-annual third-party penetration tests
  • Automated vulnerability scanning (weekly)
  • OWASP Top 10 coverage
  • Prompt remediation and disclosure policy

Role-Based Access Control (RBAC)

SenAsset enforces granular role-based access control across the entire platform. Admins can define exactly what each user or team can see and do. Access is governed by the principle of least privilege throughout our internal systems as well.

  • Granular permission roles (Admin, Manager, Member, Viewer)
  • Resource-level permissions for assets and locations
  • API key scoping for integrations
  • Internal least-privilege access for SenAsset engineers

Audit Logs

Every action taken in SenAsset is recorded in a tamper-evident audit log. Track who created, modified, or deleted assets, changed user permissions, or accessed sensitive data. Logs are retained for a minimum of 12 months.

  • Immutable audit trail for all user actions
  • Timestamped with user identity and IP address
  • Exportable for compliance reporting
  • Retained for 12+ months (Enterprise: unlimited retention)

SSO and SAML 2.0

Enterprise customers can configure Single Sign-On (SSO) using any SAML 2.0-compliant identity provider, including Okta, Azure AD, Google Workspace, and OneLogin. We also support SCIM provisioning for automated user lifecycle management.

  • SAML 2.0 SSO (Enterprise)
  • Okta, Azure AD, Google Workspace, OneLogin
  • SCIM 2.0 user provisioning
  • Multi-factor authentication (MFA) enforcement

Infrastructure & Data Centers

SenAsset runs on Amazon Web Services (AWS) infrastructure across multiple availability zones in the US (us-east-1, us-west-2) with EU data residency available for Enterprise customers. Our infrastructure is ISO 27001 certified.

  • Multi-AZ deployment for high availability
  • EU data residency option (AWS eu-west-1)
  • 99.99% infrastructure SLA
  • Automated failover and disaster recovery

Responsible Disclosure

We believe in coordinated vulnerability disclosure and have a published security disclosure policy. If you discover a security vulnerability in SenAsset, we ask that you report it to us privately before public disclosure. We take all reports seriously.

  • Dedicated security disclosure email
  • Acknowledgement within 24 hours
  • Target remediation within 30 days for critical issues
  • Hall of Fame for responsible disclosures

Found a security issue?

We appreciate the security research community. If you've discovered a potential vulnerability in SenAsset, please report it to us privately. We commit to acknowledging your report within 24 hours and to working with you on a coordinated disclosure timeline.

Report a vulnerability

security@senasset.com · PGP key available on request

Questions about our security practices? security@senasset.com · Privacy Policy · GDPR