Trust Center

Security, privacy, and accountability by design

How Regentra approaches security, data protection, compliance, and responsible platform operation — plainly, without marketing language.

Start Free TrialRequest Demo
Trusted by MSPs
AI-native Platform
Zero Trust Architecture
Our approach

Security is a foundation, not a feature

We assume sensitive operational and compliance data must be protected at every layer, at all times.

Security is designed into the architecture, not added later. Every decision passes through clear access controls, deliberate system boundaries, and platform-wide accountability.

Security by design

Architecture-first — controls are never bolted on after the fact.

Least privilege

Every user and system component gets only what it needs — nothing more.

Deliberate boundaries

Tenant isolation is explicit and enforced, not assumed.

Accountability by default

Every action is attributed to a verified identity with a full audit trail.

Data protection

Protecting customer data is a core responsibility

Data is handled with restraint and used only to run and improve the platform.

Encryption everywhere

AES-256-GCM at rest, TLS 1.2+ in transit. Passwords are hashed with bcrypt-12 and screened against known breach databases.

Tenant isolation

Each customer environment is fully isolated. Client data and operational data never share space, even within the same MSP dashboard.

Controlled access

Only authenticated, authorized users reach customer data. Internal access to production follows formal review and full audit logging.

Access management

Access controls and accountability, clearly defined

Permissions are granted intentionally. Every action traces back to a verified user.

Role-based access

Roles define what each user can view, modify, or approve — permissions never expand without explicit configuration.

Full audit trail

Every action is logged with identity, timestamp, and change detail — including ticket updates, policy approvals, and context switches.

Session security

Every request is validated at the session level. Sessions are scoped, time-limited, and invalidated on suspicious activity.

Tenant context separation

Switching between client tenants is context-isolated by design. No data bleeds across tenant boundaries.

Compliance posture

We hold ourselves to the same standard

Our internal compliance status, stated plainly. We do not claim certifications we have not completed.

We are progressing toward formal certification programs. Our security controls are active now; formal certification is underway.

Start Free TrialView Trust Center Repository
Current Compliance Status

SOC 2 Type II — Certification in progress

AES-256-GCM — Encryption deployed & active

TLS 1.2+ — Enforced on all connections

Bcrypt-12 — Password hashing with breach screening

Zero Trust — Request-level identity validation

HSTS Preload — 2-year strict transport security

RBAC — Role-based access enforced platform-wide

Updated as certifications are completed. This page exists for accountability, not optics.

Reliability

Built for production from day one

Compliance and service operations cannot afford instability.

Cloud Infrastructure

Modern, scalable architecture

Production-grade cloud infrastructure with redundancy, automated failover, and rollback-capable deployments.

Data Integrity

Data portability

Automated backups run continuously. Data export is a first-class feature — you can leave without losing anything.

Change Management

Controlled deployments

Every change is reviewed and tested before reaching production. Breaking changes come with advance notice and a clear migration path.

Monitoring & Response

Active monitoring

Real-time alerts cover performance, errors, and security signals. Incident response follows defined runbooks with internal post-mortems.

Responsible AI

AI assists.
Humans decide.

Every AI output is reviewable, editable, and requires human approval before it takes effect.

AI handles the heavy lifting — analysis, drafting, triage suggestions. Final decisions remain with your team, always.

Compliance advisor

Surfaces gaps and prioritizes risks. You review and act.

Policy drafting

Generates audit-ready drafts. A human Approver decides what goes live.

Ticket analysis

Recommends triage and resolution paths. Your technician decides.

Questionnaire answering

Auto-fills from verified controls. You review before anything is submitted.

Shared responsibility

Security works when both sides hold up their end

Platform security and customer practices work together.

We maintain the platform. You manage access, users, and how it's configured. Clear ownership on both sides prevents gaps.

Area

Regentra's Responsibility

Your Responsibility

Platform Security

Infrastructure, encryption, network controls, vulnerability management

Customer

Secure access from your devices and networks.

Identity & Access

RBAC framework, session management, MFA enforcement capability

Customer

Configuring roles, enabling MFA, offboarding users.

Data

Encryption, backups, isolation, export availability

Customer

Accuracy and classification of data entered into the platform.

Platform Security

Automated evidence collection, control mapping, framework support

Customer

Reviewing evidence, implementing technical controls, managing exceptions.

Platform Security

Platform-level incident detection, notification, and remediation.

Customer

Internal incident handling, regulatory notification obligations.

Ongoing commitment

Trust is maintained, not achieved once

As regulations change and the platform grows, our security program grows with it.

Our security posture is reviewed continuously. When regulations shift or the platform expands, controls are updated to match.

Regulatory alignment

We track regulatory changes, including HIPAA 2026 NPRM, and update controls when the rules shift.

Security program maturity

SOC 2 Type II is our near-term target, backed by ongoing vulnerability management, penetration testing, and internal security reviews.

Transparent communication

This page updates when our posture changes, not on an annual marketing cycle. Certifications and material changes appear here first.

Next steps

See how the platform works

Explore the platform, see how it fits your workflows, or speak with us about security and compliance specifics.

Request DemoView Platform
Questions before signing up?
Contact the team