GoRefer Trust Center
Infrastructure
Updated April 2026
GoRefer is built on a cloud-native infrastructure stack that prioritizes availability, resilience, and security. Our entire production environment runs on AWS, with Cloudflare at the edge for DDoS mitigation and MongoDB Atlas for the database layer.
AWS Cloud Hosting
Updated April 2026
GoRefer's application servers and storage are hosted on Amazon Web Services (AWS). AWS operates SOC 1/2/3 certified, ISO 27001-compliant, and HIPAA-eligible data centers. We inherit AWS's physical and environmental security controls.
Compute & Networking
Application hosted on EC2 / ECS (containerized deployment)
Primary region: us-east-1 (Northern Virginia)
Load balancer with health checks and automatic failover
Virtual Private Cloud (VPC) with private subnets for backend services
Security groups restrict inbound access to minimum required ports
Storage
AWS S3 for all user-uploaded files (documents, logos, exports)
Signed URLs only — no public bucket access at any time
Signed URL expiry: maximum 1 hour
Bucket policies enforce HTTPS-only access
S3 versioning enabled for document audit trail
Database — MongoDB Atlas
Updated April 2026
GoRefer uses MongoDB Atlas as the managed database service. Atlas provides multi-AZ replication, automated backups, point-in-time recovery, and built-in encryption.
Database Architecture
Complete data isolation: each firm's data lives in its own dedicated database
Multi-AZ replica sets for automatic failover and high availability
All database connections are encrypted — no plaintext connections permitted
Network access restricted to GoRefer's private infrastructure
Atlas Security Controls
Network access restricted to GoRefer VPC IP ranges
Database user credentials rotated on a schedule
AES-256 encryption at rest (Atlas-managed keys)
SOC 2 Type II, ISO 27001 certified
GDPR-compliant (Data Processing Agreement available)
Availability & SLA
Updated April 2026
GoRefer targets 99.9% monthly uptime across all production services. Planned maintenance windows are communicated to tenants at least 48 hours in advance.
| Service Component | Target Uptime | Failover Mechanism |
|---|---|---|
| API Server | 99.9% | Load balancer auto-routes to healthy instances |
| MongoDB Atlas (Database) | 99.95% | Automatic primary election (replica set) |
| AWS S3 (File Storage) | 99.99% | AWS-managed regional redundancy |
| Mailgun (Email Delivery) | 99.9% | Retry queue with backoff |
| Cloudflare (DNS / Edge) | 99.99% | Global anycast network |
Backups & Disaster Recovery
Updated April 2026
Backup Strategy
MongoDB Atlas continuous backup
Point-in-time recovery (PITR) to any second within the last 48 hours
Daily snapshots retained for 7 days
Weekly snapshots retained for 4 weeks
S3 versioning
All uploaded files versioned; previous versions recoverable
All backups encrypted
Same AES-256 encryption as primary storage
Recovery Objectives
RTO (Recovery Time Objective): 4 hours
Time to restore service from a major failure
RPO (Recovery Point Objective): 1 hour
Maximum data loss window in a failure scenario
DR testing
Disaster recovery procedures reviewed and tested on a defined schedule
Runbook maintained
Step-by-step failover procedures documented and accessible to on-call team
Edge Network & DDoS Mitigation
Updated April 2026
Cloudflare Edge
DNS hosted on Cloudflare — sub-millisecond failover
DDoS mitigation up to L3/L4 and L7 attacks
Web Application Firewall (WAF) rules for known attack patterns
Rate limiting at edge before reaching application servers
Bot protection and challenge pages for suspicious traffic
Monitoring Stack
Application performance monitored via AWS CloudWatch
Error tracking via Sentry (with PII scrubbing rules)
Uptime monitoring with alerting (< 5-minute detection SLA)
Database performance metrics via Atlas monitoring
On-call rotation for P0/P1 incident response