Security at SenAsset
Your asset data is critical business infrastructure. We treat its security with the same seriousness. SenAsset is built on enterprise-grade security practices from the ground up.
GDPR
EU Data Protection
CCPA
California Privacy
AES-256
Encryption standard
TLS 1.3
Transport security
2×/year
Penetration tests
99.99%
Infrastructure uptime
How we protect your data
Encryption at Rest & in Transit
All data stored in SenAsset is encrypted using AES-256, the same standard used by financial institutions and government agencies. All data transmitted between your browser and our servers uses TLS 1.3, ensuring the strongest available transport security.
- AES-256 encryption for stored data
- TLS 1.3 for all data in transit
- Encrypted database backups
- Encrypted file attachment storage
Compliance & Auditing
SenAsset is designed with compliance in mind and is actively working toward SOC 2 Type II certification. We maintain strong internal controls around security, availability, and confidentiality, and document our practices rigorously.
- Rigorous internal security controls
- SOC 2 Type II certification in progress
- Annual internal security reviews
- Continuous monitoring and logging
Penetration Testing
We conduct regular security testing of our application and infrastructure, including vulnerability assessments and code reviews. Our internal security team uses automated scanning tools to identify and remediate issues promptly.
- Regular application security testing
- Automated vulnerability scanning
- OWASP Top 10 coverage
- Prompt remediation policy
Role-Based Access Control (RBAC)
SenAsset enforces granular role-based access control across the entire platform. Admins can define exactly what each user or team can see and do. Access is governed by the principle of least privilege throughout our internal systems as well.
- Granular permission roles (Admin, Manager, Member, Viewer)
- Resource-level permissions for assets and locations
- API key scoping for integrations
- Internal least-privilege access for SenAsset engineers
Audit Logs
Every action taken in SenAsset is recorded in a tamper-evident audit log. Track who created, modified, or deleted assets, changed user permissions, or accessed sensitive data. Logs are retained for a minimum of 12 months.
- Immutable audit trail for all user actions
- Timestamped with user identity and IP address
- Exportable for compliance reporting
- Retained for 12+ months (Enterprise: unlimited retention)
SSO and SAML 2.0
Enterprise customers can configure Single Sign-On (SSO) using any SAML 2.0-compliant identity provider, including Okta, Azure AD, Google Workspace, and OneLogin. We also support SCIM provisioning for automated user lifecycle management.
- SAML 2.0 SSO (Enterprise)
- Okta, Azure AD, Google Workspace, OneLogin
- SCIM 2.0 user provisioning
- Multi-factor authentication (MFA) enforcement
Infrastructure & Data Centers
SenAsset runs on Amazon Web Services (AWS) infrastructure across multiple availability zones in the US (us-east-1, us-west-2) with EU data residency available for Enterprise customers. Our infrastructure is ISO 27001 certified.
- Multi-AZ deployment for high availability
- EU data residency option (AWS eu-west-1)
- 99.99% infrastructure SLA
- Automated failover and disaster recovery
Responsible Disclosure
We believe in coordinated vulnerability disclosure and have a published security disclosure policy. If you discover a security vulnerability in SenAsset, we ask that you report it to us privately before public disclosure. We take all reports seriously.
- Dedicated security disclosure email
- Acknowledgement within 24 hours
- Target remediation within 30 days for critical issues
- Hall of Fame for responsible disclosures
Found a security issue?
We appreciate the security research community. If you've discovered a potential vulnerability in SenAsset, please report it to us privately. We commit to acknowledging your report within 24 hours and to working with you on a coordinated disclosure timeline.
Report a vulnerabilityhello@edconusa.com · PGP key available on request
Questions about our security practices? hello@edconusa.com · Privacy Policy · GDPR