Trust center

Security at
Indostra

We process millions of transactions for restaurants. Security isn't an afterthought — it's baked into every line of code, aligned with India's DPDP Act 2023.

Regulatory alignment

Built for Indian compliance, end-to-end.

DPDP Act 2023

Indostra operates as a Data Fiduciary aligned with the Digital Personal Data Protection Act. We implement lawful purpose processing, strict data minimization, and mandated deletion protocols.

IT Act (Section 43A)

We maintain "reasonable security practices" as defined under the SPDI Rules, including a documented Information Security Management System (ISMS) with regular audits.

Technical controls

Defense in depth.

Six layers, working together to protect every order, every payment.

Encryption everywhere

All data is encrypted in transit via TLS 1.2+ and at rest using AES-256 (database & backups).

Access control

Strict Role-Based Access Control (RBAC). Staff access production data only via VPN with MFA enabled.

Resilient infra

Hosted on AWS (Mumbai Region) with automated failover, daily backups, and DR testing.

24/7 monitoring

Real-time audit logging of all administrative actions. Automated alerts for suspicious activity.

Vulnerability mgmt

Automated dependency scanning (SCA) and regular patching cycles for critical CVEs.

Incident response

Documented IRP with notification of the Data Protection Board within regulatory timelines.

Breach response

When the worst happens.

In the unlikely event of a personal data breach, Indostra has a documented Incident Response Plan (IRP). We notify the Data Protection Board of India and affected users within regulatory timelines, with full transparency on impact and remediation.

Responsible disclosure

Report a vulnerability

Found a security issue? We appreciate responsible disclosure.

hello@indostra.com

PGP key available upon request.

Security at Indostra