Last Updated at: 30 Dec, 2025
Krebzinstar Private Limited ("Tight The Nut", "TTN", "we", "our", or "us") is committed to maintaining appropriate administrative, technical, and organizational measures to safeguard the confidentiality, integrity, and availability of information processed through its platform. TTN provides technology solutions supporting mission-critical workflows for automotive workshops and end customers. Security and data protection are integral to the design, development, deployment, and operation of our systems to ensure trust, reliability, and scalability.
TTN follows a security-by-design and risk-based approach to platform development and operations. Our security practices are designed to reasonably mitigate risks associated with unauthorized access, data loss, service disruption, and misuse of information. Security controls are reviewed periodically and enhanced as the platform evolves, operational scale increases, or threat landscapes change.
All data transmitted between user devices and TTN systems is protected using industry-standard Secure Sockets Layer / Transport Layer Security (SSL/TLS) encryption protocols. This applies to both web and mobile applications and is intended to protect information in transit from unauthorized interception, alteration, or disclosure.
TTN's platform is hosted on Amazon Web Services (AWS), a globally recognized cloud infrastructure provider. AWS provides a secure and scalable environment with built-in physical, environmental, and network security controls. TTN leverages AWS capabilities to support system availability, access control, operational monitoring, and infrastructure resilience.
TTN operates a unified platform comprising web and mobile applications connected to a centralized backend architecture. All applications interact through secure APIs and operate on a single source of truth for transactional and operational data. This design supports real-time synchronization, data consistency, and controlled access across all user roles.
TTN implements role-based access control (RBAC) to restrict system access based on user roles, including administrators, workshop staff, and end customers. Authentication is required for all platform access. Multi-factor authentication (MFA) is enabled for cloud infrastructure and third-party service access to reduce the risk of unauthorized system access.
Databases are protected through network-level security controls, including IP whitelisting and restricted access policies. Direct public access to databases is disabled. Access to production data is limited to authorized systems and personnel and is governed by internal access management procedures.
TTN collects and processes data strictly for legitimate business purposes related to platform functionality and service delivery. Customer, vehicle, and transaction data are securely stored and accessed only by authorized systems and users. TTN does not sell user data and processes information in accordance with its Privacy Policy and applicable laws.
TTN performs incremental system backups at regular intervals of seven (7) days to mitigate the risk of data loss. Following account expiry or service termination, data may be securely retained for a period of up to twelve (12) months to support recovery requests, legal obligations, or compliance requirements, after which it may be deleted in accordance with internal data retention policies.
TTN integrates with Razorpay, a regulated payment gateway, to process financial transactions securely. Payment credentials and sensitive financial information are handled directly by Razorpay. TTN does not store card numbers, banking credentials, or other sensitive payment data on its systems.
TTN uses MSG91 for SMS-based notifications and the WhatsApp Business API for customer communications and service updates. These services are integrated using secure channels and are subject to the security and compliance standards of the respective providers.
TTN utilizes Firebase services to support mobile application functionality, including authentication support, push notifications, crash monitoring, and performance analytics. Firebase services are configured to align with TTN's security and access control practices.
TTN maintains continuous monitoring of system health, uptime, and operational performance. Logging, alerting, and monitoring mechanisms are used to identify potential issues and enable timely remediation. Backup and recovery procedures are maintained to support business continuity.
TTN maintains internal processes for identifying, assessing, and responding to security incidents. These processes are designed to contain potential impacts, investigate root causes, and implement corrective actions. Lessons learned from incidents are used to enhance security controls and operational resilience.
TTN engages only with established third-party service providers and cloud platforms that follow recognized security practices. Multi-factor authentication (MFA) is enabled for administrative access to third-party and cloud services. Vendor access is reviewed periodically to maintain appropriate security standards.
TTN endeavors to align its security practices with applicable Indian information technology laws, data protection requirements, and app marketplace policies. Compliance considerations are reviewed periodically and updated as regulatory frameworks evolve.
Security is an ongoing process. TTN regularly reviews and improves its technical controls, operational procedures, and security awareness to address emerging risks and support platform growth.
TTN remains committed to maintaining a secure, reliable, and trusted platform for workshops, customers, and partners. As the platform scales, TTN continues to invest in security, infrastructure, and governance practices to protect data, ensure service continuity, and support long-term growth.
This document provides an overview of TTN's security practices and is intended for informational purposes only. For any further queries on this topic, write to us at contact@tightthenut.com.
