OpenCentric is SOC 2 Type II certified and runs a continuous security programme — penetration testing, automated CVE scanning, encryption by default, and a public responsible disclosure policy.
All data in transit uses TLS 1.3. Data at rest is AES-256 encrypted in AWS. Encryption keys managed via AWS KMS with automatic rotation.
Role-based access control enforced across all resources. MFA required for all employee accounts. SSH key authentication only — no passwords.
Annual third-party penetration test by an independent firm. Last test: Q1 2026. Results and remediation available under NDA to Enterprise customers.
All workloads run in AWS (us-east-1 primary, eu-west-1 secondary). VPC isolation, private subnets, and no public EC2 endpoints.
OpenCentric is SOC 2 Type II certified. The report is available to customers and prospects under NDA from our Trust Center.
Automated CVE scanning across all dependencies (Snyk) and container images (Trivy) on every build. Critical findings require remediation within 24 hours.
We operate a responsible disclosure programme. If you've found a security issue, email security@opencentric.ai with details. We respond within 24 hours, keep you informed throughout remediation, and publicly credit researchers who report valid findings (if desired).
Report a vulnerability