Trust Center

Security at Indostra

We process millions of transactions for restaurants. Security isn't an afterthought; it's baked into every line of code. We align strictly with India's DPDP Act 2023.

Regulatory Compliance

DPDP Act 2023

Indostra operates as a Data Fiduciary aligned with the Digital Personal Data Protection Act. We implement lawful purpose processing, strict data minimization, and mandated deletion protocols.

IT Act (Section 43A)

We maintain "reasonable security practices" as defined under the SPDI Rules, including a documented Information Security Management System (ISMS) with regular audits.

Technical Controls

Encryption Everywhere

All data is encrypted in transit via TLS 1.2+ and at rest using AES-256 (database & backups).

Access Control

Strict Role-Based Access Control (RBAC). Staff access production data only via VPN with MFA enabled.

Resilient Infrastructure

Hosted on AWS (Mumbai Region) with automated failover, daily backups, and disaster recovery testing.

24/7 Monitoring

Real-time audit logging of all administrative actions. Automated alerts for suspicious activity.

Vulnerability Mgmt

Automated dependency scanning (SCA) and regular patching cycles for critical CVEs.

Breach Response Protocol

In the unlikely event of a personal data breach, Indostra has a documented Incident Response Plan (IRP). We are committed to notifying the Data Protection Board of India and affected users within regulatory timelines, providing full transparency on impact and remediation.

Report a Vulnerability

Found a security issue? We appreciate responsible disclosure.

hello@indostra.com

PGP Key available upon request.