A hybrid-cloud topology designed for hostile network environments. Sentinel brings the intelligence to your data, not the other way around.

Data Plane (On-Premises)

Docker container inside your firewall. Handles PII scrubbing, Vector Search (RAG), vLLM, and stores chat logs in MinIO. “Sensitive logs never leave your environment.”

Control Plane (Azure Cloud)

Azure App Service & SQL. Handles Entra ID Auth, Billing (Stripe), Policy Governance, and Anonymized Telemetry. “We only process anonymized metadata.”

Network Hardening

Proxy Awareness

Financial Enforcer

Identity Enforcement

Defense in Depth: Security Layers

Layer 1: Sentinel sits behind Nginx Reverse Proxy, enforcing TLS 1.2+, HSTS. No inbound ports; traffic egresses via secure WebSocket.

Layer 2: Survives Zscaler/BlueCoat. Supports HTTPS_PROXY and custom Root CA injection for in-depth inspection.

Layer 3: Middleware checks budget caps in Redis before every request. Attacks are mitigated before they cost you. Layer 4: Integrated with Entra ID; disabling users in AD instantly locks them out of Sentinel.

Cryptographic Handshake.

No passwords. Provisioning uses a high-entropy Subscription Key that only fetches policies with least-privilege, never exposing databases.

vLLM

Qdrant

MinIO

Redis

Azure SQL

Compliance Badges: SOC 2 Type II & Evidence Vault

Designed for SOC 2 Type II compliance. Our ‘Evidence Vault’ cryptographically signs every governance action and generates PDF reports — audit-ready and verifiable for external review.

Validate our security posture.

Request admission to our audit vault or whitepaper.

Request Security Whitepaper

Platform

Overview

Features

Architecture

Legal

Security

Privacy

Compliance

Company

About

Careers

Contact

Resources

Docs

Blog

Status

Pricing

Plans

Hardware

Get Started