End-to-End Encryption
All data transmitted between customer environments and our platform is encrypted using TLS 1.2 or higher. Sensitive data is encrypted at rest using AES-256 and proprietary encryption.
Back to Home
Compliance
Security Policy
Last updated: May 30, 2025
At Netra, security isn't just a feature — it's the foundation of our product and our company. As a data security company entrusted with protecting sensitive business and personal information, we take security seriously at every level: people, processes, and technology.
Whether you're a fast-growing startup or a large enterprise, we understand that trust is earned. Here's how we earn yours.
Physical Security and Data Hosting
Netra uses Amazon Web Services (AWS) data centers located in the United States.
Product and Data Security
Fine-Grained Access Controls
We enforce role-based access controls (RBAC) internally and provide customers with similar capabilities to manage who can access what.
Audit Logging
Key actions and system events are logged for traceability, anomaly detection, and incident response.
Data Residency & Isolation
Each customer's data is hosted in logically isolated AWS resources dedicated solely to that customer. By default, data is stored in North America, with support for alternative regions available upon request, as supported by AWS.
Code-Signed Agents
Our endpoint sensor software is code-signed by Netra engineers using official Microsoft, Apple, and Google signing mechanisms to ensure authenticity and integrity before deployment.
Infrastructure Security
Hosted on AWS
Our infrastructure is hosted on Amazon Web Services, which meets SOC 2, ISO 27001, and other industry certifications.
Network Segmentation & Firewalling
We use VPCs, private subnets, and security groups to isolate and restrict services.
Vulnerability Management
We use automated tools to scan dependencies and containers for vulnerabilities. High-severity issues are remediated within defined SLAs.
Security Operations
Employee Access
Access to production systems is limited to a small number of vetted personnel, protected by multi-factor authentication (MFA) and audited regularly.
Incident Response
We maintain an internal incident response playbook and are committed to notifying customers promptly in the event of a breach.
Third-Party Risk Management
We maintain a list of subprocessors and ensure all vendors meet our data protection and security requirements. See our Subprocessors page.
Compliance and Data Protection
GDPR & CCPA
We are committed to complying with GDPR, CCPA, and other applicable privacy laws. We offer Data Processing Agreements (DPAs) and support data subject rights.
Data Minimization
We limit data collection to only what's necessary for our services and give customers control over data retention settings.
Ongoing Security Commitment
We recognize that security is never "done." We regularly conduct internal reviews, threat modeling exercises, and code audits. As we scale, we are actively working toward aligning with SOC 2 Type II and ISO 27001 standards.