01 · Isolation
By design
Multi-tenant row-level security
A single hardened Postgres with FORCE Row-Level Security keyed to app.tenant_id. A query that forgets its tenant filter returns zero rows — isolation is enforced by the database, not by code review.
Postgres RLStenant_id keyedfail-closed
02 · Encryption
By design
Encryption in transit & at rest
TLS in transit; data at rest encrypted with AES-256-GCM using KMS-wrapped, versioned per-tenant keys. A full database dump yields no readable PII without the per-tenant key unwrap.
AES-256-GCMPer-tenant keysTLS
03 · Audit
By design
Immutable audit trail
Every mutation writes a before/after audit record tied to a user and timestamp. Operator access to tenant data is stamped and the tenant is notified. Append-only by design.
Before/afterAppend-onlyOperator-stamped
04 · Access
By design
Role-based access
Eight operational roles model a real D2C ops floor; permissions merge across roles and the UI hides what a user can't do rather than greying it out. MFA supported.
8 rolesLeast privilegeMFA
05 · Residency
Active
India data residency
Primary data is stored in India (blr1 / Bangalore), aligned to the DPDP Act 2023. Per-tenant region pinning is available.
blr1 / BangaloreDPDP-alignedRegion pinning
06 · Backups
By design
Backups & recovery
Automated, encrypted backups with point-in-time recovery and documented restore runbooks, tested on a regular cadence.
EncryptedPoint-in-timeRestore-tested
07 · App security
In progress
Secure development
Code review and dependency/vulnerability scanning in the development pipeline. Independent penetration testing is planned ahead of broad GA; results shared under NDA.
Code reviewDependency scansPentest (planned)
08 · Network
Active
Network & edge
Cloudflare sits in front for TLS, WAF and DDoS mitigation. Application data stores are not exposed on public endpoints.
Cloudflare WAFDDoS mitigationNo public DB
09 · Endpoints
By design
Workforce security
Company devices use full-disk encryption and least-privilege access. Production access is limited, logged and reviewed.
Disk encryptionLeast privilegeAccess logged
10 · Vendors
By design
Subprocessor governance
We keep the subprocessor list short and review it. The current list is published below, a DPA is available on request, and tenants are notified of material changes.
Short listDPA availableChange notice
11 · Incident
By design
Incident response
A documented incident-response process. Confirmed security incidents affecting your data are communicated without undue delay, with a remediation summary — in line with DPDP breach-notification expectations.
Documented IRPrompt noticeRemediation summary
12 · Compliance
Roadmap
Certification roadmap
DPDP-aligned today. SOC 2 Type II (~12 months) and ISO 27001 (~18 months) are on the roadmap. We publish status here and won't claim a certification before it's earned.
DPDP todaySOC 2 ~12moISO ~18mo
