Skip to content

Security Policy

Last updated: May 30, 2025

At Netra, security isn't just a feature - it's the foundation of our product and our company. As a data security company entrusted with protecting sensitive business and personal information, we take security seriously at every level: people, processes, and technology.

Whether you're a fast-growing startup or a large enterprise, we understand that trust is earned. Here’s how we earn yours.

Physical Security and Data Hosting

Netra uses Amazon Web Service (AWS) data centers located in the United States

Product and Data Security

  • End-to-End Encryption: All data transmitted between customer environments and our platform is encrypted using TLS 1.2 or higher. Sensitive data is encrypted at rest using AES-256 and proprietary encryption.

  • Fine-Grained Access Controls: We enforce role-based access controls (RBAC) internally and provide customers with similar capabilities to manage who can access what.

  • Audit Logging: Key actions and system events are logged for traceability, anomaly detection, and incident response.

  • Data Residency & Isolation: Each customer’s data is hosted in logically isolated AWS resources dedicated solely to that customer. By default, data is stored in North America, with support for alternative regions available upon request, as supported by AWS.

  • Code-Signed Agents: Our endpoint sensor software is code-signed by Netra engineers using official Microsoft, Apple, and Google signing mechanisms to ensure authenticity and integrity before deployment.

Infrastructure Security

  • Hosted on AWS: Our infrastructure is hosted on Amazon Web Services, which meets SOC 2, ISO 27001, and other industry certifications.

  • Network Segmentation & Firewalling: We use VPCs, private subnets, and security groups to isolate and restrict services.

  • Vulnerability Management: We use automated tools to scan dependencies and containers for vulnerabilities. High-severity issues are remediated within defined SLAs.

Security Operations

  • Employee Access: Access to production systems is limited to a small number of vetted personnel, protected by multi-factor authentication (MFA) and audited regularly.

  • Incident Response: We maintain an internal incident response playbook and are committed to notifying customers promptly in the event of a breach.

  • Third-Party Risk Management: We maintain a list of subprocessors and ensure all vendors meet our data protection and security requirements. See our Subprocessors page.

Compliance and Data Protection

  • GDPR & CCPA: We are committed to complying with GDPR, CCPA, and other applicable privacy laws. We offer Data Processing Agreements (DPAs) and support data subject rights.

  • Data Minimization: We limit data collection to only what’s necessary for our services and give customers control over data retention settings.

Ongoing Security Commitment

We recognize that security is never “done.” We regularly conduct internal reviews, threat modeling exercises, and code audits. As we scale, we are actively working toward aligning with SOC 2 Type II and ISO 27001 standards.