Security & Infrastructure
How we protect your data in a hostile digital environment.
Architecture of Isolation
Sangathan is a multi-tenant platform, meaning many organisations share the same underlying database. However, we do not rely on simple software logic to keep data separate.
Row-Level Security (RLS)
We use PostgreSQL Row-Level Security. This means the database engine itself checks every single query to ensure you only access data belonging to your organisation ID. Even if our application code had a bug, the database would reject unauthorized access.
Role-Based Access
Within your organisation, permissions are enforced strictly. "Viewers" cannot edit. "Editors" cannot delete the organisation. These rules are baked into the core API.
Data Protection
- Encryption at Rest & Transit: All data is encrypted while stored on our disks and while traveling between your device and our servers (TLS 1.3).
- Soft Deletion: When you delete data, it enters a "soft-delete" state for a safety period (e.g., 7 days) to prevent accidental data loss or malicious wiping.
- Abuse Protection: We use intelligent rate limiting to block brute-force attacks and "credential stuffing" attempts against your account.
Verified Administration
We require phone verification for all Organisation Admins. This adds a layer of accountability and makes it significantly harder for bad actors to create disposable accounts for spam or harassment.
Third-Party Infrastructure
We rely on world-class providers rather than building our own servers. This ensures you benefit from their massive security teams.
- Supabase: Database & Authentication
- Firebase: SMS Verification
- Vercel: Global Edge Network
- Razorpay: PCI-DSS Compliant Payments