Security posture, infrastructure, sub-processors.

Kestrel is hosted on Hostinger VPS (Mumbai region). We design with the assumption that any data we store can be requested for erasure, and so we keep operational surface as small as we can.

Encryption

TLS 1.3 in transit, Postgres at-rest encryption (LUKS), backups encrypted (AES-256) before upload to Backblaze B2. Application secrets stored as Docker secrets, sops- encrypted in the repo.

Backups

Nightly pg_dump compressed to a separate VPS, weekly mirror to Backblaze B2 (Mumbai region). 30-day daily, 26-week weekly, 60-month monthly. Restore drilled monthly.

Access control

Admin panel IP-allowlisted via Nginx. Super-admin actions audit-logged. Engineer SSH access via hardware-key 2FA. No bastion, direct keypair, fail2ban on every host. Quarterly access reviews.

Audit logging

Every admin action against a customer or data-principal record is written to audit_log (immutable, append-only). Customer-org audit logs visible in /app/settings.

Sub-processors.

We name every sub-processor with location and purpose. Any change is announced 14 days before activation.

VendorLocationPurposeData category

HostingerMumbai, INHosting, compute, storageAll

Backblaze B2Mumbai, INEncrypted backup storageBackups

RazorpayBengaluru, INPayments, GST invoicingBilling

ResendUnited StatesTransactional emailEmail

AnthropicUnited StatesAccount brief generationPublic data only

PlausibleEuropean UnionCookieless analyticsAggregate

Bright DataUnited States, IndiaProxy for scrapersNo PII

CloudflareGlobalDNS, DDoS protectionLogs only

Responsible disclosure.

Email security@kestrel.in. Please include reproduction steps and your contact. We acknowledge within 24 hours and aim to resolve within 30 days. We do not pursue legal action against good-faith researchers. Bounties paid in INR via NEFT or UPI.