Designed around reviewability and control.
Sentra is an analysis workspace for public information. The following describes the security and responsible-use posture Sentra is being built toward. It is not a list of certifications, attestations, or completed audits.
Cosint does not currently claim compliance certifications or enterprise-grade authorizations. Items below describe planned design direction, not completed certifications, attestations, or audits.
What Sentra is — and isn't — for.
Sentra is built for lawful, public-information analysis with human reviewers. The boundaries below are codified in workspace owner terms and enforced through the product roadmap.
Public-information workflows
Public web content, public documents, public registry data, open-source feeds, and customer-provided information that the customer is lawfully entitled to use. Analyst-reviewed briefs. Source-linked outputs. Investigations where reviewer accountability matters.
Not for covert monitoring or evasion
Sentra is not built for covert monitoring of individuals, doxxing, scraping at scale, evasion of access controls or terms-of-service, replacement of professional investigators, or any unlawful or harassing use. Workspace owners agree to these limits in writing.
Specifically, “public-source” does not include:
- Bypassing privacy settings or paywalls
- Scraping authenticated content without explicit permission
- Stolen credentials or breach data presented as “open”
- Private groups entered under false pretenses
- Purchased data-broker feeds rebranded as public
- Nonconsensual device-location or mobile-ad-ID feeds
- Leaked datasets whose possession or use is unlawful in the operator’s jurisdiction
Eight design principles.
Direction, not certification. Each principle is part of the platform roadmap and informs how Sentra is being engineered today.
Analyst-in-the-loop
AI-assisted outputs are proposals. A human analyst reviews and finalizes before any brief, alert, or report is released.
Source-linked outputs
Every claim attaches to the source it came from. Outputs without provenance cannot be finalized.
Source reliability indicators
Structured A–F source reliability and 1–6 information credibility ratings, surfaced everywhere they matter.
Evidence chain (append-only)
Artifacts and reviewer actions are preserved with hash, timestamp, and operator identity — and are not retroactively rewritten.
Workspace-scoped roles (roadmap)
Reviewer, approver, observer. Least-privilege defaults; sensitive actions require explicit elevation.
Audit logs
Append-only ledger of meaningful actions. Source provenance and dissemination markings travel with exports.
Data minimization & retention
Only what's needed for the task. Per-workspace retention policy. Deletion is a first-class operation, not a support ticket.
Encryption & secrets (roadmap)
Encrypted at rest, short-lived credentials, scoped tokens, key rotation built into deployment as the product matures.
Calibrated, cited, reviewable.
Sentra uses AI for retrieval, extraction, summarization, calibration, and alerting — within disciplines that make AI safer in analytical work.
RAG, not freeform
Copilot summaries are grounded in the workspace's evidence set. Out-of-scope claims are flagged, not silently invented.
Visible citations
Every Copilot statement carries inline source references. Reviewers can click into the underlying artifact in one step.
Calibrated confidence
"Probable (75–90%)", not "high confidence". Confidence vocabulary is consistent across analyst, Copilot, and report.
No silent action
AI never finalizes a brief, raises an alert externally, or modifies the evidence chain without a reviewer action.
Failure language
Where Sentra cannot determine reliability, it says so. "Truth cannot be judged (F-6)" is a valid analytical state.
Evaluation in the loop
Model behavior is evaluated against analyst-rated cases. Regression in calibration is a release blocker.
Vulnerability disclosure.
If you identify a security issue in Sentra or in Cosint's public infrastructure, please contact us at security@cosint.io.