SiteSentinel Security

SiteSentinel applies layered protection for accounts, organization data and monitoring mechanisms. This page describes current security principles and is not a guarantee that all risk is eliminated or a compliance certificate.

Service operator: SiteSentinel Development, development, development address, Polska, tax id: development, REGON: development. Contact: contact@sitesentinel.local. Privacy: privacy@sitesentinel.local. Support: support@sitesentinel.local. Security: security@sitesentinel.local. Phone: development.

Account security

Passwords are stored only as secure cryptographic hashes. Sessions use HttpOnly, Secure cookies and an appropriate SameSite policy. State-changing operations are protected by CSRF checks, permission validation and rate limits.

Organization isolation

Data belongs to an organization and every server-side operation validates access and role scope.

Monitoring security

The system normalizes and validates URLs, blocks private and local addresses, limits ports, redirects, response size and execution time.

Encryption and transmission

Communication uses HTTPS. Secrets are not placed in public code or sent to the browser unless required for a specific feature.

Backups

Database backups should be performed under the deployment backup procedure and stored outside the main application container.

Vulnerability reporting

Report suspected vulnerabilities to security@sitesentinel.local with reproduction steps and potential impact.

Limitations

SiteSentinel supports operational detection but does not replace a security audit, penetration test, system administrator or legal specialist.