Security & Privacy Frequently Asked Questions

Customer data is protected with AES-256-GCM encryption at rest and TLS 1.2+ in transit with a 2-year HSTS preload. Credentials and secrets are encrypted using authenticated encryption. Passwords are hashed with bcrypt-12 and screened against known breach databases. Each layer of the stack is designed with security as a requirement, not an afterthought.

No. Customer data is used solely to provide and continuously improve the Regentra platform. It is never sold, rented, or shared for purposes unrelated to the delivery of the service. This is a foundational principle, not a policy statement.

Yes. Regentra enforces logical isolation between all customer environments. Cross-tenant data access is architecturally prevented, not just restricted by policy. This is especially critical for MSPs managing multiple client tenants from a single dashboard.

Regentra uses role-based access control (RBAC) and enforces the principle of least privilege across all user tiers. Access is scoped to what each role genuinely requires, technicians, compliance analysts, approvers, and administrators each operate within defined boundaries. Zero Trust is enforced on every request.

Yes. All platform actions are associated with authenticated user identities and retained as part of a full audit trail. This is particularly valuable for MSPs managing client compliance postures, context switches between tenants are logged, ensuring accountability and evidence integrity.

Yes. Customers have full control over user provisioning, role assignment, and access configuration within their tenant. MSPs managing multiple client tenants can configure access independently for each, with co-managed compliance options available when both MSP and client teams need shared access to the same workspace.

Regentra runs on modern cloud infrastructure built for scale, reliability, and compliance-grade availability. The platform leverages established cloud providers with regional redundancy and is designed to support the uptime requirements of production MSP and MSSP environments.

The platform is architected using established cloud reliability practices, including redundancy, controlled change management, and automated failover mechanisms. Infrastructure changes follow a structured deployment pipeline to minimize risk and maintain service continuity.

At this stage, uptime commitments are handled contractually on a per-customer basis rather than through a publicly published guarantee. If your organization requires a formal SLA as part of procurement, please reach out to discuss your requirements directly.

Regentra is actively progressing through the SOC 2 Type II certification process. We are a newly launched platform and believe in communicating honestly about where we are in that journey. The platform is built from the ground up with compliance-grade security controls, and formal certification is a near-term roadmap milestone, not a future consideration.

Because we do not claim certifications before they are formally completed and independently validated. In a market where many vendors overstate their compliance posture, we believe transparency is the stronger signal. You can track our progress in the Trust Center.

Yes. Regentra is built specifically to support audit readiness. The platform generates structured compliance evidence, exportable audit reports, and maintains operational audit trails by design. If you are preparing for HIPAA, SOC 2, CMMC, or another framework, Regentra helps you build and maintain the artifacts required, not just at audit time, but continuously.

AI is applied in four specific areas: compliance posture analysis and prioritization (AI Compliance Advisor), policy drafting from your adopted framework and control set (AI Policy Drafting), auto-filling vendor security questionnaires using your existing controls (AI Questionnaire Answering), and service desk ticket triage and resolution suggestions (AI Ticket Analysis). In all cases, AI outputs are advisory, not autonomous. Human review and approval is always in the loop.

Customer data is handled in strict accordance with platform functionality and privacy expectations. AI outputs are generated using your specific organizational context and are designed to remain under your control. We do not use customer compliance data or operational records to train shared models without explicit opt-in consent.

Yes, every AI-assisted output, from drafted policies to remediation roadmaps, is editable, rejectable, or ignorable by the user. Regentra's AI functions as an intelligent assistant, not an autonomous decision-maker. Your compliance team retains final authority over all documentation, evidence submissions, and workflow actions.

Regentra follows a defined incident response process covering containment, investigation, root cause analysis, and remediation. Processes are designed to minimize exposure time and restore service integrity. Post-incident reviews are conducted to improve both technical controls and response procedures.

Customers are notified in accordance with contractual obligations and applicable legal requirements. Notification timelines and formats are defined in customer agreements. Where regulatory frameworks (such as HIPAA's breach notification rule) impose specific notification windows, those timelines govern our response obligations.

Regentra is responsible for the security and availability of the platform infrastructure, core services, and the underlying compliance engine. Customers are responsible for configuring access controls appropriately, managing their user permissions, and following recommended operational practices. For MSPs, this includes managing how sub-tenant access is provisioned across your client portfolio.

For security, compliance, and privacy inquiries beyond what this FAQ covers, please contact Regentra's security team directly via the contact form or email. Our Trust Center also contains full documentation on security posture, controls, and compliance evidence.

The Regentra Trust Center is the primary destination for detailed security documentation. It covers adopted compliance frameworks, security controls, compliance score, published policies, and certifications status, all in one place. Visit trust-center.app or use the Trust Center link in the site navigation.

Yes. Regentra supports pre-sales security reviews for auditors, enterprise customers, and compliance evaluators. Please reach out to the security team with your specific requirements and we will respond with the appropriate documentation or arrange a security review session.