The MDM you'd actually trust with your fleet.
Sentinel was designed by a team that's been on the receiving end of security questionnaires for a decade. Hash-chained audit, data residency you choose, AES-256 at rest, and one-click bundles for every regional regulation we've audited against.
What's actually in place.
Encryption everywhere
TLS 1.3 in transit on every wire — agent → backend, backend → backend, dashboard → API. AES-256 at rest, with per-tenant column-level encryption for PII (emails, phone numbers, IMEI).
Hash-chained audit
Every write produces a SHA-256 chain entry. Backfilling, editing, or deleting historical rows breaks the chain — the dashboard surfaces a red banner and the inconsistent block.
Data residency
EU (Frankfurt) and UAE (Dubai) on Growth+. US-East and APAC on Scale+. Contractual — you pick the region during onboarding, and your tenant never leaves it.
Scope-tagged API keys
API keys carry granular scopes: devices:read, devices:write, policies:write, etc. SHA-256 hashed at rest. Plaintext shown once at issue and never again. Per-key rate limits.
RBAC + SSO
Per-user roles: Owner, Admin, Operator, Read-only. Per-feature gating. SSO via OIDC and SAML 2.0 (Enterprise). SCIM provisioning for Okta, Azure AD, Google Workspace.
Hardware-bound device tokens
Each enrolled device gets a 32-byte token bound to its hardware identifiers. Heartbeats with mismatched tokens are rejected and emit a tamper alert in threat intel.
Investigation timeline (per device)
Every command, threat match, ticket, admin note, and policy change for a device — chronological, filterable, hash-chained, exportable as CSV for legal and HR.
Privacy-preserving telemetry
Geofencing is in/out only — we never store coordinates. Optional analytics anonymize fleet rollups before they leave your tenant. Federated learning trains models without raw data leaving.
Vendor sub-processors
Short, public list: Neon (Postgres), Vercel (Next.js), Anthropic & OpenAI (optional AI), Cloudflare (DDoS). No data brokers. Full DPA available pre-contract.
Your data, your jurisdiction.
Region is chosen at tenant creation and contractually fixed. Cross-region replication only inside your chosen jurisdiction unless you opt in. Backups encrypted with a key that never leaves the region.
You'd see it before they did.
Every write to a sensitive resource — a command, a policy change, a role grant, a compliance toggle — produces an audit row. Each row's hash is SHA-256 of the prior row's hash plus its own payload.
Backfilling a row, editing a historical entry, or deleting a block all break the chain. The /audit page surfaces a bright-red banner the next time a tenant admin loads it, with the first inconsistent block called out.
For legal and HR investigations, the per-device timeline exports to CSV with the chain references intact, so an external auditor can independently verify integrity.
{
"id": "alog_01HF...",
"tenantId": "tnt_dental_dubai",
"actorId": "usr_mira_h",
"action": "device.command.issued",
"resource": "device:LEN-TAB-001",
"after": { "command": "LOCK_SCREEN" },
"createdAt": "2026-05-19T07:13:42Z",
"prevHash": "a3f1...e9c2",
"hash": "b4e2...f1d8"
}The bundles your auditor asks about.
Each bundle is a checklist of controls (encryption, log retention, region pinning, app allowlist enforcement, MFA, etc). Enabling a bundle auto-toggles the controls and blocks tenant-level overrides that would weaken them.
EU GDPR
European Union
gdprUAE PDPL
United Arab Emirates
uae_pdplSaudi PDPL
Saudi Arabia
saudi_pdplHIPAA
US healthcare
hipaaPCI DSS
Card payments
pci_dssSOC 2
Type II in progress
soc2Responsible disclosure
If you've found a vulnerability, please email security@sentinelmdm.com with the details and a way to reach you. We respond within 48 hours, acknowledge by name (if you wish) in our security log, and reward critical reports.
Need our SIG / CAIQ / SOC 2 report?
We share the full security packet under NDA. Most procurement teams clear us in under a week. Book a call and we'll route you to security@.