How we run your data.
Single Oracle VPS, 2-of-5 backup layers active, 8/8 restore drill passed, age-encrypted archives, SHA-256 audit chain on the WhatsApp Vault. DPDP-aligned. Written down, not vibes.
Last reviewed: 2026-06-03
01
Infrastructure
Production runs on a single Oracle Cloud VPS, behind Cloudflare. The application stack is Astro (static site), nginx (origin), and — for the CRM, telephony and brain modules we operate on our own ops — PHP/CodeIgniter and Python services on the same box. MariaDB is the system of record. No multi-tenant SaaS plane runs there today; every operate-it-for-you engagement is a single-tenant deployment on infrastructure you own.
02
Data residency
Our own ops run in Asia-South (Mumbai). Customer deployments default to the cloud region you choose; we'll deploy in whatever region your data needs to live. AI extraction calls go to Vertex AI's asia-south1 region — no data leaves the geography by default.
03
Authentication & access
SSH to the VPS is key-only (no passwords); a single ops user holds passwordless sudo, audited via the system shell history. CloudPanel manages per-site Linux users with isolated docroots — the parish directory app cannot read the CRM's files. Database access is over local socket only; the public DB port is closed.
04
Backups & disaster recovery
A 5-layer architecture is designed; 2 are active in production today (nightly mariabackup + 15-min binlog shipping) and 3 more are scoped but not yet enabled. Restore is exercised — the most recent restore drill passed 8/8 checks on an 885 MB archive (decrypt, manifest, mariabackup coherence, encryption-key readability, WP config validity, exact upload-count match, nginx vhosts present, replay confirmation). RPO target on the active layers is 15 minutes; RTO on a full restore is under an hour.
05
Encryption
Archives are age-encrypted at rest. TLS terminates at Cloudflare (Full Strict to origin) for the marketing site and at nginx (Let's Encrypt) for the operations stack. Media URLs in WhatsApp Vault are HMAC-signed and short-lived; the raw bytes on disk are not directly addressable from the public internet.
06
Audit & immutability
The WhatsApp Vault audit log is append-only, with each row's SHA-256 chaining the previous row. The audit-log database user is granted INSERT + SELECT only — no UPDATE, no DELETE, no override. Vault tables refuse DELETE unless an explicit session flag is set (the three-flag DPDP tool, not a button). A verification script walks the chain and alerts if any link breaks. Original message text columns are immutable across re-imports.
07
AI / data handling
Transcription runs once per audio file, keyed by SHA-256, in a shared filesystem cache. The transcription model is Gemini 2.5 Flash on Vertex AI (Asia South). LLM extraction runs on Vertex AI (Asia South) — moved off AI Studio after that path hit ~50% HTTP-503 rates on our workload. We don't send raw customer data to third-party AI providers outside this Vertex pipeline.
08
DPDP posture
Customer data is treated as belonging to the customer's business. Deletion is supported via a deliberately friction'd three-flag tool — soft redaction first, hard deletion last — so an accidental request can't trash the audit chain. Logs and traces on the operations stack retain PII deliberately for debugging (it's a single-VPS, encrypted-backup, no external-log-shipping model). For multi-tenant SaaS — which is on the roadmap — log-side PII masking will be re-introduced.
09
Monitoring & incident response
~20+ anomaly rules run daily across the operations stack — billing/cost outliers, stuck cards, replication lag, ingestion gaps. The billing-detection rule was added after a real GCP billing outage went undetected for 7 days; it now surfaces inside ~24 hours. Incidents we've responded to are logged on the build log, with a one-line learning each.
10
Security disclosure
If you find a vulnerability or a data-handling concern, email [email protected] (or the founder address on the contact page). We acknowledge within one business day and write back with status; we don't run a bug bounty programme yet.
Need a written response for a security questionnaire?
The structure above maps to most SOC-2-style questionnaires. Send us the questionnaire; we'll answer it directly with this page as the source.
30 minutes · no obligation · we reply within 1 business day