Security
Our commitment to security and how to report vulnerabilities.
Security Practices
Code Security
Static analysis — All code scanned with CodeQL
Dependency auditing — Daily scans for vulnerable packages
Code review — All changes require peer review
Signed commits — GPG-signed commits for authenticityInfrastructure Security
TLS everywhere — All traffic encrypted in transit
Edge deployment — Cloudflare for DDoS protection
Isolated runtimes — Agents run in sandboxed containers
No persistence — Validated content not storedAuthentication
Wallet-based auth — Cryptographic identity verification
Signature verification — All votes cryptographically signed
Session management — Short-lived JWTs with secure refreshCompliance
GDPR — Privacy-first design, data minimization
SOC 2 Type II — In progress for enterprise customers
EU AI Act — Built-in compliance checkingVulnerability Disclosure
Reporting
If you discover a security vulnerability, please report it responsibly:
Email: security@sentinelseed.dev
PGP Key: Available at /security/pgp-key.asc
What to Include
Clear description of the vulnerability
Steps to reproduce the issue
Potential impact assessment
Your contact informationResponse Timeline
| Stage | Timeline |
|---|
| Initial response | Within 24 hours |
|---|
| Triage | Within 72 hours |
|---|
| Resolution target | Within 30 days |
|---|
| Public disclosure | After fix deployed |
|---|
Bug Bounty
We offer rewards for responsibly disclosed vulnerabilities:
| Severity | Reward |
|---|
| Critical | $5,000 - $10,000 |
|---|
| High | $1,000 - $5,000 |
|---|
| Medium | $500 - $1,000 |
|---|
| Low | $100 - $500 |
|---|
Bounties are paid in USDC or $SENTINEL tokens (your choice).
Security Headers
All pages include security headers:
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: [configured per page]
Audits
Third-Party Audits
| Date | Auditor | Scope | Status |
|---|
| Q1 2026 | Pending | Smart contracts | Planned |
|---|
| Q1 2026 | Pending | Platform security | Planned |
|---|
Audit reports will be published here after completion.
Continuous Security
Daily dependency scans
Weekly penetration testing
Monthly security reviews
Quarterly external assessmentsContact
For security inquiries: security@sentinelseed.dev
For general support: support@sentinelseed.dev