Security Transparency

Zero Exfiltration. Local Sovereignty. Read-Only Intelligence.

1. The Zero Exfiltration Promise

Netra tools are architected for high-security environments where data sovereignty is paramount. Unlike SaaS-based identity tools, Netra performs all analysis locally.

Your Active Directory metadata, Entra ID configurations, and security findings never leave your infrastructure. There is no cloud backend that mirrors your identity core.

2. Local Data Sovereignty

Because Netra operates as a standalone binary, you retain absolute control over the audit lifecycle.

  • Data Residency: Scan results are stored in memory or local JSON/HTML reports on the machine where you run the tool.
  • No Piling: We do not aggregate customer findings into a central "threat intelligence" database. Your vulnerabilities are your business alone.
  • Minimal Telemetry: The application performs a single license validation check at startup. No usage patterns or discovered security gaps are reported back.

3. Cryptographic Integrity

We ensure the code you run is the code we signed.

  • Signed Binaries: All Netra executables are code-signed to prevent tampering and provide provenance.
  • Secure Licensing: License keys use RS256 JWT signatures. Validation occurs over TLS 1.2+ encrypted channels.

4. Anti-VPN & Behavioral Integrity

To comply with international export controls and prevent unauthorized acquisition, Netra uses multi-layered identity verification.

  • Metadata Conflict Detection: Our registration plane identifies discrepancies between IP location and system telemetry (Timezone/Language). This ensures that forensic software is never distributed to restricted or sanctioned jurisdictions.
  • Export Control: Hard-blocks are in place for sanctioned TLDs and high-risk behavioral profiles, maintaining the highest standards of global security hygiene.

5. Least-Privilege Execution

Netra is designed to run with standard user or specialized read-only permissions whenever possible.

  • AD Explorer: Operates using standard LDAP queries. Does not require Domain Admin rights to identify most attack paths.
  • Entra Explorer: Requests strictly limited Microsoft Graph `Directory.Read.All` scopes. We never request write or delete permissions.

5. Procurement & Audit Support

We provide comprehensive documentation to accelerate Information Security (InfoSec) reviews.

Security Package Includes:

  • Standard Information Gathering (SIG): Pre-filled questionnaire for third-party risk.
  • Privacy Manifest: Verifiable truth of Zero-Exfiltration architecture.
  • Export Certification: Proof of compliance with EAR/ITAR frameworks.
View Privacy Manifest Request Security Pack