Security

Built on Mumbai-region infrastructure

Forkcast handles real restaurant operating data. We treat it accordingly. Hosting, encryption, access, and DPDP-aligned data lifecycle below.

The stack

Compute runs on Vercel (region bom1, Mumbai). Database is Supabase Postgres (region ap-south-1, Mumbai). Background jobs use Inngest. Email is Resend. Errors and performance are tracked through Sentry. WhatsApp briefs go through Twilio.

We use first-party cookies for authentication only. Product analytics runs through PostHog, gated by user consent under DPDP — declined by default, no third-party ad pixels.

Controls

What we do operationally

  • TLS 1.2+ on all traffic. HSTS preloaded for forkcast.in.
  • Encryption at rest for Postgres + backups.
  • Per-account data isolation enforced at the application layer; SQL row-level security on sensitive tables.
  • SSO + 2FA for all engineering access.
  • Production read access logged; quarterly access review.
  • Vulnerability scanning on every deploy. Renovate keeps dependencies current.
  • Penetration test scheduled annually.
FAQ

Security FAQ

Security | Forkcast