Security

Security at Centraleyezer

Name: Centraleyezer
Price: 599 EUR
Availability: InStock
Author: Centraleyezer

We build vulnerability management software, so we hold our own platform to the same standards we help our customers meet. This page summarises how we protect customer data, manage vulnerabilities in the platform itself, and support procurement reviews.

Self-hosted by default

Customer vulnerability data never leaves your infrastructure on Enterprise and MSSP plans. The platform deploys as a Docker container into your own cloud or on-premises environment. The SaaS tier is hosted on EU-based infrastructure, capped at 10 GB per tenant.

EU data residency

For SaaS deployments, all data is stored within the European Economic Area. We do not transfer customer data outside the EEA without an adequate transfer mechanism in place.

Authentication

The platform supports SSO via SAML 2.0, OIDC (Entra ID / Azure AD), LDAP / Active Directory, and 2FA (TOTP). Local authentication uses bcrypt-hashed credentials with rate-limited login attempts.

Audit logging

Every finding-state change, risk acceptance, and user action is logged with timestamp, actor, and context. Logs are retained for the full licence term and are exportable.

Air-gap capable

Enterprise and MSSP licences support fully air-gapped deployments with no call-home requirement for licence validation, suitable for government, defence, and high-security environments.

Vulnerability disclosure

We operate a coordinated vulnerability disclosure programme. Researchers can report security issues to [email protected] and we commit to acknowledging within one business day.

Reporting a vulnerability

If you discover a vulnerability in the Centraleyezer platform or website, please report it responsibly:

Email [email protected] with details and reproduction steps.
We will acknowledge within one business day and provide a tracking reference.
We commit to remediating critical and high-severity findings within our published SLAs.
Please do not exploit the vulnerability beyond what is necessary to demonstrate it, and do not access data that is not yours.

We support and acknowledge security researchers who report responsibly. A security.txt file is published at /.well-known/security.txt.

Procurement reviews

Enterprise and MSSP prospects can request our security questionnaire pack — covering architecture, data flow, encryption, access controls, incident response, and sub-processors — by emailing [email protected]. We typically respond within three business days.

See also: Privacy Policy, Terms of Service.