Information Security Policy

Redhorse Technologies Private Limited

Version 1.0 • Effective March 15, 2025

Introduction

At Redhorse Technologies Private Limited, security is foundational to everything we build. This Information Security Policy establishes the framework, principles, and practices we follow to protect our systems, safeguard customer data, and maintain the trust our users place in us.

This document serves as both our internal security governance standard and a transparent overview for customers, partners, and stakeholders who wish to understand our security posture.

Scope

This policy applies to all personnel associated with Redhorse Technologies Private Limited, including employees, founders, contractors, consultants, and temporary staff. It governs all systems, applications, cloud infrastructure, and data assets under our management, whether hosted internally or through third-party service providers.

Security Governance

Executive management holds ultimate responsibility for information security at Redhorse Technologies. The Founder and Technical Lead serves as the designated security owner, responsible for implementing and maintaining security controls, authorizing access to production environments, coordinating incident response activities, and conducting periodic reviews of security policies and practices.

Security decisions are made with input from relevant stakeholders, and significant changes to our security posture are reviewed and approved at the management level.

Risk Management

We employ a pragmatic, risk-based approach to security that balances protection with operational efficiency. Risks are systematically identified during system design, architectural changes, vendor evaluations, and operational modifications. Each identified risk is assessed based on its likelihood of occurrence and potential business impact.

Where risks exceed acceptable thresholds, appropriate mitigations are implemented. Residual risks that fall within acceptable bounds are documented and reviewed periodically by management to ensure continued alignment with our risk tolerance.

Asset Management

All cloud infrastructure, applications, and services are inventoried and tracked through our cloud provider management consoles. Critical systems have defined ownership and documented access requirements. We maintain up-to-date system architecture diagrams and data flow documentation to ensure clear visibility into how information moves through our environment.

Access Control

Access to systems and data is governed by the principle of least privilege. Users are granted only the minimum access necessary to perform their job functions. Multi-Factor Authentication (MFA) is mandatory for all cloud infrastructure access, administrative interfaces, and sensitive system operations.

Production environment access is strictly controlled and limited to authorized personnel with a demonstrated business need. Access rights are reviewed regularly, and permissions are promptly revoked upon role changes, transfers, or termination of employment.

Data Protection

We classify data based on sensitivity levels, including public, internal, and confidential categories. All sensitive data is protected using industry-standard encryption, both in transit via TLS 1.2 or higher, and at rest using encryption mechanisms provided by our cloud infrastructure partners.

Customer data is treated with the highest level of care and is accessed only when necessary for legitimate business purposes such as providing support, troubleshooting issues, or fulfilling contractual obligations.

Third-Party Services and Payment Processing

Redhorse Technologies partners with industry-leading third-party service providers for infrastructure and specialized services. All vendors are evaluated for their security practices before engagement.

Payment processing is handled exclusively by PCI DSS-compliant providers including Razorpay, PayPal, and Paddle. Redhorse Technologies does not store, process, or transmit payment card data directly, ensuring that sensitive financial information remains protected by specialized payment processors.

Secure Development Practices

Our engineering teams follow secure coding practices aligned with industry standards, including the OWASP Top 10 and other recognized security guidelines. Development, staging, and production environments are logically separated to prevent unauthorized access and reduce the risk of accidental data exposure.

All changes to production systems undergo review prior to deployment. We employ version control, automated testing, and deployment pipelines that include security checks as part of our continuous integration and delivery processes.

Logging and Monitoring

Comprehensive logging is enabled across critical systems, capturing access events, configuration changes, and security-relevant activities. Logs are retained for appropriate periods to support operational troubleshooting, security investigations, and compliance requirements.

Security alerts are configured for anomalous activities and are investigated promptly by our technical team. We continuously work to improve our monitoring capabilities and detection mechanisms.

Incident Response

Redhorse Technologies maintains a structured incident response process to ensure rapid and effective handling of security events. Our approach follows five key phases: identification of potential incidents through monitoring and reporting channels, immediate containment and mitigation to limit impact, thorough investigation to determine root cause and scope, notification of affected parties where required by law or contract, and post-incident review to identify improvements and prevent recurrence.

All personnel are instructed to report suspected security incidents immediately to management. We conduct periodic reviews of our incident response capabilities and update procedures based on lessons learned.

Business Continuity and Disaster Recovery

Critical systems and data are backed up regularly using automated, cloud-provider mechanisms. All backups are encrypted and stored in geographically separate locations to protect against regional outages or disasters. Recovery procedures are documented and reviewed periodically to ensure they remain current and effective.

Our infrastructure is designed with redundancy and fault tolerance in mind, minimizing single points of failure and enabling rapid recovery in the event of system disruptions.

Vulnerability Management and Security Testing

We perform automated vulnerability scanning on a periodic basis to identify potential security weaknesses in our systems and applications. Additional security reviews are conducted during major system changes, new feature releases, and infrastructure modifications.

Formal penetration testing is included in our security maturity roadmap, and we are committed to expanding our security testing program as the organization grows.

Responsible Disclosure

Redhorse Technologies welcomes responsible disclosure of security vulnerabilities from security researchers and the broader community. If you believe you have discovered a security issue affecting our systems or services, we encourage you to report it responsibly.

Please send your findings to support@stalliontech.io and include a clear description of the vulnerability, steps to reproduce the issue if applicable, and an assessment of the potential impact.

We ask that researchers refrain from publicly disclosing vulnerabilities until we have had reasonable opportunity to investigate and implement appropriate remediation. We are committed to acknowledging valid reports and working collaboratively with the security community.

Compliance and Security Posture

Redhorse Technologies is actively working toward SOC 2 Type I certification as part of our commitment to demonstrating security excellence. Security controls are implemented incrementally based on risk assessments and business requirements, with continuous improvement as a core principle.

This document reflects our current operational security posture and will be updated as our security program matures.

Security Awareness and Training

All employees receive security awareness guidance during onboarding, covering topics such as password hygiene, phishing recognition, data handling practices, and incident reporting procedures. Personnel are expected to adhere to acceptable use policies and follow security best practices in their daily work.

We foster a security-conscious culture where employees are encouraged to ask questions, report concerns, and contribute to our collective security efforts.

Policy Review and Updates

This Information Security Policy is reviewed at least annually or whenever significant changes occur to our systems, operations, organizational structure, or regulatory environment. Updates are approved by management and communicated to all relevant personnel.

Related Documents

• Privacy Policy
• Service Level Agreement
• Data Retention Policy
• Business Continuity Plan
• Risk Management Policy

Contact Us

If you have questions about this Information Security Policy or our security practices, please contact us.