Skip to content
Cube coverageMH-362,64,583 clusters × 492Pan-India653 districts × 39reference →
Security & Trust

Bharat's data, on Bharat's substrate, under Bharat's law.

Plain-English summary of how we keep your data and your callers' data safe. For a deeper read, see the security whitepaper PDF below.

Data residency

All cube parquets, audit artefacts, and customer data stored in AWS ap-south-1 (Mumbai). Aurora reader + writer endpoints in same VPC. No cross-region writes. CloudFront POPs in India serve the public-facing surface.

Encryption

TLS 1.3 in transit. AES-256 at rest (Aurora, S3, DDB). KMS-managed keys with annual rotation. Secrets in AWS Secrets Manager; no env-var secrets in any image.

Identity

login-service (RS256 JWTs, 1h TTL, JWKS-published). API keys hashed with bcrypt. RFC 7591 dynamic client registration for agents. OAuth 2.1 client_credentials.

Network

VPC-only ALBs for internal traffic. WAF in front of every public endpoint. SizeConstraint + IP rate-limit + Bot Control + UA blocklist. Geo allowlist for anonymous traffic.

Observability

CloudWatch Logs Insights for every service. Per-tenant audit log in iot-admin. Anti-key-sharing entropy detector running hourly. Alarm SNS to platform-oncall.

Compliance

GDPR + DPDP-aligned data export and deletion in iot-admin Console. SOC 2 Type 1 in flight (Q3-2026). Annual third-party penetration test.

Reporting a vulnerability

Email founders@galigali.in with a clear reproducer. We acknowledge within 24 hours and patch within 7 days for high-severity findings. We participate in coordinated disclosure with a 90-day window.