20% OFFCode FOUNDING20 — 20% off first year

LAUNCH OFFERApply code FOUNDING20 at checkout for 20% off your first year.Claim Offer →

GoRefer.io
PricingAffiliatesNEWMeet
Gio AI
BlogAbout
Login
Get Started Free

GoRefer Trust Center

Infrastructure

Updated April 2026

GoRefer is built on a cloud-native infrastructure stack that prioritizes availability, resilience, and security. Our entire production environment runs on AWS, with Cloudflare at the edge for DDoS mitigation and MongoDB Atlas for the database layer.

AWS-Hosted
99.9% SLA
Multi-AZ
DDoS Protected
Encrypted Backups

AWS Cloud Hosting

us-east-1

Updated April 2026

GoRefer's application servers and storage are hosted on Amazon Web Services (AWS). AWS operates SOC 1/2/3 certified, ISO 27001-compliant, and HIPAA-eligible data centers. We inherit AWS's physical and environmental security controls.

Compute & Networking

  • Application hosted on EC2 / ECS (containerized deployment)

  • Primary region: us-east-1 (Northern Virginia)

  • Load balancer with health checks and automatic failover

  • Virtual Private Cloud (VPC) with private subnets for backend services

  • Security groups restrict inbound access to minimum required ports

Storage

  • AWS S3 for all user-uploaded files (documents, logos, exports)

  • Signed URLs only — no public bucket access at any time

  • Signed URL expiry: maximum 1 hour

  • Bucket policies enforce HTTPS-only access

  • S3 versioning enabled for document audit trail

Database — MongoDB Atlas

Multi-AZ

Updated April 2026

GoRefer uses MongoDB Atlas as the managed database service. Atlas provides multi-AZ replication, automated backups, point-in-time recovery, and built-in encryption.

Database Architecture

  • Complete data isolation: each firm's data lives in its own dedicated database

  • Multi-AZ replica sets for automatic failover and high availability

  • All database connections are encrypted — no plaintext connections permitted

  • Network access restricted to GoRefer's private infrastructure

Atlas Security Controls

  • Network access restricted to GoRefer VPC IP ranges

  • Database user credentials rotated on a schedule

  • AES-256 encryption at rest (Atlas-managed keys)

  • SOC 2 Type II, ISO 27001 certified

  • GDPR-compliant (Data Processing Agreement available)

Availability & SLA

99.9%

Updated April 2026

GoRefer targets 99.9% monthly uptime across all production services. Planned maintenance windows are communicated to tenants at least 48 hours in advance.

Service ComponentTarget UptimeFailover Mechanism
API Server99.9%Load balancer auto-routes to healthy instances
Primary Database (managed)99.95%Automatic primary election (replica set)
File Storage (cloud object store)99.99%Provider-managed regional redundancy
Email Delivery99.9%Retry queue with backoff; dead-letter queue for manual retry
Edge Network / DNS99.99%Global anycast network with automatic node failover

Backups & Disaster Recovery

Updated April 2026

Backup Strategy

  • Continuous backup (oplog streaming)

    Point-in-time recovery (PITR) to any second within the last 48 hours

  • Daily full snapshots — 7-day rolling retention

    Enterprise plans: 30-day retention available on request

  • Weekly snapshots retained for 90 days

    Monthly snapshots retained for 12 months

  • File storage versioning enabled

    All uploaded files versioned; previous versions recoverable by admin

  • All backups encrypted at rest

    Same AES-256 encryption as primary storage; stored in a separate geographic region

Recovery Objectives & Testing

  • RTO (Recovery Time Objective): 4 hours

    Target time to restore full service from a complete infrastructure failure

  • RPO (Recovery Point Objective): 1 hour

    Maximum acceptable data loss window in a catastrophic failure scenario

  • Monthly automated restore verification

    Database backup integrity and completeness validated monthly by automated tooling

  • Quarterly full DR drills

    End-to-end disaster recovery exercises conducted quarterly with documented results

  • Runbook maintained and version-controlled

    Step-by-step failover procedures documented and reviewed after each drill

For full RPO/RTO tables and DR plan details, see Business Continuity & Disaster Recovery.

Edge Network & DDoS Mitigation

Updated April 2026

Edge Security

  • Global anycast edge network — sub-millisecond DNS failover

  • DDoS mitigation at L3/L4 (volumetric) and L7 (application) layers

  • Web Application Firewall (WAF) with OWASP Top 10 rule set

  • Rate limiting enforced at the edge before reaching application servers

  • Bot protection and automated challenge pages for suspicious traffic

Monitoring Stack

  • Application performance and error monitoring with automated alerting

  • Error tracking configured with PII scrubbing rules — no sensitive data in error logs

  • Uptime monitoring with < 5-minute detection and on-call paging

  • Database performance metrics and slow query alerting

  • 24/7 on-call rotation for P0/P1 incident response