Network Security

Yes, our production environment is hosted within a Google Cloud VPC, which provides a secure, isolated network environment. While we use a single VPC for both testing and production, service.s are logically separated and access is tightly controlled through firewall rules, IAM policies, and namespace-level isolation within Google Kubernetes Engine (GKE).

No internal APIs, databases, or backend services are publicly exposed. All such components are assigned private IP addresses only, and communication is restricted within the cluster or VPC using Kubernetes network policies and GCP firewall rules, ensuring secure, segmented access even within a shared network.

All network configuration changes (such as updates to VPC rules, firewall settings, or IP access control lists) are performed manually but undergo multiple layers of review before implementation. Changes are reviewed by relevant engineers and release managers, ensuring that no modifications are applied without proper oversight and risk assessment. This review process ensures network changes align with our security and operational standards.

Yes, all network traffic to and from the production infrastructure over public networks is secured using cryptographically sound encryption protocols, primarily HTTPS with TLS 1.2/1.3. We enforce HTTPS at the edge using Cloudflare, which proxies and secures all external-facing services. There are no plaintext connections to production systems over public networks, and no ports or services are exposed without encryption. For internal communication, GCP’s infrastructure provides encryption in transit by default, and traffic within Kubernetes (GKE) clusters is restricted to private, secured channels.