Security & trust
Engineered for the enterprise security bar.
Encryption, identity, compliance, and runtime defense — designed into the core of the platform, not bolted on. Cendryva Enterprise governance unlocks compliance-sensitive industries and an enterprise sales motion.
Encryption
- · AES-256 at rest (PostgreSQL)
- · AES-128-GCM at rest (ClickHouse)
- · TLS 1.3 enforced, HSTS, certificate expiry monitoring
Key management
- · HashiCorp Vault + HSM
- · Shamir 3-of-5 secret sharing
- · Automated secret rotation
Identity & access
- · OAuth 2.0: Google, Microsoft Entra, Okta
- · MFA / WebAuthn (FIDO2 passkeys)
- · LDAP, RBAC, scoped permission matrix
Runtime defense
- · RASP — runtime application security monitoring
- · OpenTelemetry tracing across the platform
- · OPA policies for Kubernetes and Terraform
Audit & compliance
- · Immutable audit log (SOC2 / GDPR-ready)
- · GDPR controls live; SOC2, HIPAA, PCI-DSS in progress
- · JWT auth flow with JWKS endpoint
Resilience
- · DNS failover automation
- · Multi-region failover planning
- · Backup + RPO validation, PgBouncer monitoring
Compliance status
GDPR
Controls implemented
SOC2 Type II
Audit engagement in progress
HIPAA
Certification in progress
PCI-DSS
Certification in progress
External SOC2 Type II, HIPAA, and PCI-DSS certifications are actively in progress.
Reporting
Found a security issue? Email security@cendryva.com with details. We respond within one business day and credit researchers in our hall of fame.