Business Continuity Plan

Redhorse Technologies Private Limited

Version 1.2 • Effective March 11, 2026

Introduction

At Redhorse Technologies Private Limited, we recognize that our customers depend on React Native Stallion for critical over-the-air (OTA) update delivery to their mobile applications. This Business Continuity Plan (BCP) defines the framework for maintaining service continuity and restoring operations in the event of significant disruption affecting Stallion services.

The Company operates a cloud-native, remote-first architecture designed to minimize operational dependency on physical infrastructure. This document outlines our approach to business continuity planning, disaster recovery, and operational resilience.

Scope

This plan applies to production systems supporting OTA update delivery, backend APIs and service infrastructure, administrative and console systems, build and deployment pipelines, and supporting cloud infrastructure.

Governance and Responsibilities

The Information Security Officer is responsible for coordinating continuity and recovery efforts, assessing severity of disruption, activating Disaster Recovery when required, communicating with Directors, and overseeing restoration and validation.

Directors are responsible for providing governance oversight and supporting strategic decision-making during major disruptions. Due to the size of the organization, operational and technical recovery activities may be performed by the same personnel, with oversight applied.

Business Impact Classification

Services are classified based on operational impact. Critical Services include OTA update delivery infrastructure, production backend APIs, and bundle storage and retrieval systems. Important Services include the management console and build and submission workflows. Supporting Services include documentation and internal tooling.

Recovery Objectives

The Recovery Time Objective (RTO) represents the maximum acceptable time to restore service after formal disruption declaration. For Critical Services, the RTO is 4 hours. For Important Services, the RTO is 8 hours. For Supporting Services, the RTO is 24 hours. RTO is measured from the time a disruption is declared under the Incident Management Policy.

The Recovery Point Objective (RPO) represents the maximum acceptable data loss measured in time. For production databases, the effective RPO is up to 1 hour, with hourly backups retained for 7 days, daily backups retained for 7 days, and weekly backups retained for 4 weeks. For analytics and logs, the RPO is up to 24 hours. Backup configuration is defined in the Data Backup Policy.

Disruption Scenarios

The Company considers the following disruption scenarios: cloud infrastructure outage, database corruption or failure, cybersecurity incident, third-party vendor disruption, network routing degradation, and personnel unavailability.

Continuity Strategies

Stallion services are hosted in a cloud environment with multi-availability zone deployment within the primary region, managed database failover capabilities, auto-scaling infrastructure, and load-balanced service components.

In the event of data corruption or loss, the most recent valid backup is identified, restoration is performed in a controlled manner, and validation is completed before production reactivation.

Critical third-party services are monitored. Vendor-related disruptions are handled through our vendor management and incident management processes. Escalation to vendors occurs through official support channels.

The Company operates as a remote-first organization. Personnel are equipped to access systems securely from remote locations and continue operational and recovery activities without reliance on a physical office.

Disaster Recovery Procedure (DRP)

Disaster Recovery is activated when Critical Services are unavailable beyond standard incident handling capacity, confirmed data corruption impacts production systems, or infrastructure failure prevents restoration through normal operational measures. The ISO declares Disaster Recovery activation and records it in the Incident Register.

Depending on the disruption type, the following actions are taken:

Infrastructure Failure: Assess scope of impact, restart or re-provision affected infrastructure components, redeploy latest stable production build, and validate service health before public traffic restoration. If required, services may be restored in an alternate region.

Database Corruption or Data Loss: Identify last valid backup, restore database from backup, validate data integrity and application connectivity, and resume production operations after validation. Restoration must meet defined RPO requirements.

Deployment Failure: Identify last stable release, perform rollback through CI/CD pipeline, and validate API and OTA functionality.

Cybersecurity Incident: Isolate affected systems, rotate impacted credentials, restore clean infrastructure and/or database if required, and validate integrity before restoring public access. Incident handling continues under the Incident Management Policy.

Recovery is considered complete when Critical services are operational, database connectivity is verified, core OTA delivery functionality is tested, and monitoring confirms stable operation. The ISO formally closes Disaster Recovery in the Incident Register.

Incident and Communication

Service disruptions are managed under the Incident Management Policy. For significant disruptions, Directors are notified, customers may be notified based on severity and contractual obligations, and post-incident review is conducted.

Testing and Validation

The Company validates continuity and recovery capabilities through backup restoration testing at least annually, rollback testing during controlled deployments, and review of recovery procedures during significant infrastructure changes. Evidence of testing is retained in accordance with the Data Retention Policy.

Cloud Infrastructure Responsibilities

The Company relies on reputable cloud service providers for storage durability, redundancy mechanisms, and managed backup infrastructure controls. The Company maintains responsibility for configuration, access control, and oversight of its backup settings.

Plan Maintenance

This Business Continuity Plan is reviewed at least annually and updated upon significant infrastructure or operational change. The plan is also reviewed following any declared Disaster Recovery event.

Policy Review and Updates

This plan is reviewed periodically and updated when necessary to reflect changes in our systems, infrastructure, or operational practices. Reviews are conducted at least annually or upon significant operational, technical, or regulatory change.

Related Documents

• Information Security Policy
• Risk Management Policy
• Service Level Agreement

Contact Us

If you have questions regarding this plan or our business continuity practices, please contact us at:

support@stalliontech.io