Legal · Security

Security

Last updated: 28 June 2026

Security is foundational to EventQuery Sentry. We process sensitive endpoint telemetry, so the platform is built around encryption, strict tenant isolation, least-privilege access, and an auditable trail of every action.

Encryption

Architecture & isolation

Agent security

Identity & access control

Auditability

A tamper-evident audit trail records authentication, administrative actions, remote commands, and ticket activity, scoped per tenant and exportable for review.

Compliance alignment

Our controls and our Compliance Evidence Engine are designed to align with and map to leading frameworks — SOC 2, ISO/IEC 27001, NIST CSF, PCI DSS v4.0.1 (Req 10), and HIPAA §164.312. The engine produces audit-honest, point-in-time evidence mapped to specific controls and never reports a false pass (controls without confirmed signal read NO_DATA).

SOC 2 — alignedISO 27001 — alignedNIST CSF — alignedPCI DSS v4 — alignedHIPAA §164.312 — aligned
"Aligned" means our controls are designed and mapped to these frameworks. It does not by itself assert a completed third-party certification or attestation. [Update this section to state held certifications/attestations once available — e.g. "SOC 2 Type II report available under NDA".]

Vulnerability & threat management

Data residency & retention

Hosting region and retention windows are described in our Privacy Policy. Customer data is deleted or returned on termination per the applicable DPA.

Responsible disclosure

We welcome reports of security issues. Please email security@eqsentry.io with details and reproduction steps. We commit to acknowledging valid reports and will not pursue good-faith research that respects user privacy and avoids service disruption. [Confirm disclosure policy / safe-harbor wording with counsel.]