Infrastructure
We use a multi-AZ AWS deployment in us-west-2 (Oregon), with the aim of multi-region support coming soon. All traffic goes through managed load balancers with health checks and automatic failover. Instances are autoscaled with rate limits in front.Security
All routes are protected by WAF and go through a variety of API Gateways depending on usage. Our ALB then forwards requests to the appropriate ECS Fargate service running in private subnets. Authorization is done through JWTs asymmetrically signed by AWS KMS. RBAC is enforced at HTTP and database layers in order to ensure your data is only visible to you.Data
We use PostgreSQL as our primary data store in a high-availability configuration with automated backups. All personally identifiable information is encrypted end-to-end in transit and at rest before reaching our application layer — we never handle raw PII. All traffic is encrypted in transit via TLS 1.2+.Operations
We maintain Business Continuity and Disaster Recovery plans. Our compliance policy mandates regular testing of these plans.Status
We maintain a status page at status.natural.co.Related
- Idempotency — Safe retries during transient failures
- Error Handling — Handling 5xx errors