Section 7: Security & Governance

7.1 Data Isolation

Sangathan uses Row-Level Security (RLS). This means the database engine physically prevents any user from accessing data belonging to another organisation ID.

7.2 Audit Logging

Every critical action is logged in the Audit Trail.

• Who: The user (Actor ID).
• What: The action (e.g., "Deleted Member").
• When: Exact timestamp.
• IP Address: Origin of the request.
• Note: Audit logs cannot be deleted by Admins.

7.3 Compliance

• Soft Deletion: Deleted data remains in a recovery bin for 14 days before permanent erasure.
• Legal Hold: In compliance with Indian law, data may be frozen (prevented from deletion) if a valid legal order is received.

---