Trust

Bank-grade security, restaurant-friendly UX.

How we protect your data and your guests' data.

Security in plain English

Your restaurant's data and your guests' details live in our systems. We take that seriously. This page tells you exactly how we keep them safe — without the jargon — so you can hand it to your CFO, your bank, or your security questionnaire without rewriting a word.

Where your data lives

Restpy runs on AWS Mumbai (ap-south-1) primary, with disaster-recovery replication to AWS Singapore (ap-southeast-1). Everything sits inside a private VPC behind a load balancer with WAF rules tuned to the OWASP Top 10. Public access goes only through CloudFront with TLS 1.3.

  • At rest: AES-256 on all RDS volumes, S3 buckets and EBS snapshots.
  • In transit: TLS 1.3 with HSTS preload submitted.
  • Backups: daily encrypted snapshots, 35-day retention, point-in-time recovery.
  • Tenancy: single database, row-level tenant isolation via `restaurant_id` enforced at the query layer (BranchScope-style middleware on every model).
Server room rack lights
AWS Mumbai is our primary region. Singapore is the warm DR.

Application-layer protections

  • CSRF on every form (tokens rotated per session).
  • Role-based access control + per-staff permission overrides, audited.
  • Email-OTP 2FA — toggleable per-role (super admin, owner, manager, kitchen, etc.).
  • Brute-force protection with exponential back-off after 5 failed login attempts.
  • IP allow-listing for sensitive accounts (super admin, accountant).
  • Rate limiting on every public endpoint via Cloudflare and an in-app token-bucket fallback.
  • Auto-logout on idle (default 60 min for managers, 8 min for waiter / kitchen tablets shared between staff).
  • Strict CSP + X-Frame-Options + X-Content-Type-Options headers on every response.

Payments & PCI

Card data never touches Restpy's servers. Razorpay (PCI-DSS Level 1) and Stripe (also Level 1) handle tokenisation directly. Restpy only ever sees the opaque payment-intent id and the post-capture status webhook. Your customers' cards stay with the network. Your restaurant's own Razorpay keys can be plugged in — payments collected from QR/web orders go to your bank, not ours.

Compliance

  • SOC 2 Type II — certified Q1 2026 by Prescient Assurance.
  • ISO 27001:2022 — in progress, targeting Q3 2026.
  • GDPR (EU) — DPA available on request. EU guest data lives in the same encrypted store; data-subject deletion is a one-click action in the super admin console.
  • India DPDP Act — full compliance. Grievance officer reachable at team@ketpy.com.
  • GSTIN / e-invoice IRN — direct API integration with the IRP for B2B invoices over ₹50,000.

Reporting a vulnerability

We pay bug bounties up to ₹2,00,000 for critical issues. Email team@ketpy.com with proof-of-concept and reproduction steps. Please give us 90 days before public disclosure. We acknowledge every valid report within 48 hours.

Audit logs & forensics

Every change a staff member makes — menu edit, order status change, refund, login, settings change — is logged with timestamp, role, IP and user agent in an append-only activity table. Logs are immutable for 12 months minimum, exportable to CSV at any time. If anything ever goes wrong, you can answer "who did what" in under a minute.


Last updated: 22 Jun 2026  ·  Have a question? Get in touch.