Trust, in the open.
For a security vendor, a trust center is table stakes. Here is how Centeye secures its own platform, handles your data, and where we're headed on compliance — in plain terms, with no adjectives doing the work.
How Centeye is built and operated.
We hold our own platform to the standard we ask of yours.
Reversible response
Every automated action Centeye takes is reversible and denyset-protected, so containment never causes more harm than the threat it stops.
Tamper-evident audit
Every step is written to a hash-chain audit trail — what happened, when, and exactly what was done about it.
Human in the loop
You set how much autonomy Centeye has — per action and per client — with approval gates on higher-blast-radius actions.
Least-privilege access
Each integration is granted only the access it needs to detect and respond — nothing more.
How we treat your data.
Centeye is positioned in the path of sensitive signals — email, identity, endpoints. We designed the data path to take only what a decision needs, and keep only what it must.
Zero-content email retention
Email is scanned for threats in the pipeline; message bodies are not retained after a verdict is reached. We store the signal, not your mail.
PII redaction
Sensitive fields are redacted before data is logged or sent to a model, so personal data is not over-collected on the path to a decision.
Tenant isolation
Multi-tenant architecture keeps each client's data logically separated across the entire fleet — row-level isolation, not shared tables.
Encryption
Data is encrypted in transit, and sensitive data is encrypted at rest.
Purpose-bound processing
Customer data is processed to deliver detection, response, and reporting — not for unrelated purposes, and never sold.
Scoped logging
Operational logs are scoped to avoid retaining sensitive content beyond what is needed to run the service.
A Data Processing Addendum is available for MSP and partner agreements — see DPA.
Who helps us deliver the service.
Our current list of sub-processors is maintained operationally and provided on request, and will be published here. To receive the list or be notified of changes, contact security@centeye.io.
The standards we hold ourselves to.
| Milestone | Status | Notes |
|---|---|---|
| SOC 2 | In progress | Building toward SOC 2 as the platform matures; controls are designed with the audit in view. |
| Cyber-insurance control alignment | Available | Continuously proves the eight control families carriers weight in underwriting. |
| WCAG 2.2 AA (this website) | Committed | See our accessibility statement below. |
We publish only what is accurate today and update this page as our posture matures.
Responsible disclosure
We welcome reports of suspected vulnerabilities and will work with you in good faith. Please email security@centeye.io. Our machine-readable policy is published at /.well-known/security.txt.
Accessibility statement
Centeye is committed to meeting WCAG 2.2 AA on this website — keyboard navigability, sufficient color contrast, alt text on imagery, and captions or transcripts on video. If you encounter a barrier, contact hello@centeye.io.
Have a security or trust question?
We're happy to walk through our posture, share our sub-processor list, or scope a DPA for your agreement.