Skip to content
solaerp
Security by design

Your team's data, isolated and protected

solaerp was built multi-tenant from the first migration. Isolation is enforced in the database — not just hoped for in application code.

Start free Ask a security question
Tenant isolation

Row-level security, enforced in Postgres

Every tenant-scoped row carries a tenant id, and PostgreSQL row-level security policies filter each query by the request's tenant. A bug in app code can't leak across tenants.

  • Per-request tenant context set on the connection, transaction-local
  • Composite foreign keys make a cross-tenant reference structurally impossible
  • Fail-closed: no tenant context means no rows
  • Isolation verified by an automated cross-tenant test on every table
Least privilege

The app can't bypass its own rules

The application connects as a role that cannot bypass row-level security. A separate privileged role is used only for migrations and explicit cross-tenant jobs.

  • App role: no superuser, no RLS bypass
  • Role-based access (owner / manager / employee) on top of RLS
  • Secrets in environment files, never in the repo
Encryption

Encrypted in transit

Traffic is served over TLS, and internal services bind to loopback behind the reverse proxy — never exposed directly to the network.

  • HTTPS everywhere with HSTS
  • App and worker bound to localhost behind the proxy
  • Dedicated, password-protected job queue
Backups

Nightly backups, tested restores

The database is backed up nightly with retention, and restores are verified — including that row-level security still isolates after a restore.

  • Automated nightly database dumps with retention
  • Restore tested into a scratch database
  • Append-only job-queue persistence
Auditability

Immutable history

Published schedules are frozen as versioned snapshots, and swap and consent workflows write append-only audit rows — enforced by database triggers.

  • Immutable publish snapshots (who / when / diff)
  • Append-only swap and consent audit logs
  • Database-level triggers block tampering
Messaging compliance

Consent-first SMS

Text messaging is opt-in with recorded consent, automatic STOP / HELP handling, and per-recipient consent state — aligned with TCPA and carrier (A2P 10DLC) requirements.

  • Explicit opt-in with stored consent + timestamp
  • Automatic STOP / HELP, honored immediately
  • Public messaging policy for carrier registration

Responsible disclosure

Found a security issue? We want to hear from you. Reach us at security@solaerp.com and we'll respond promptly.

Security shouldn't be an upgrade

Every plan gets the same isolation, backups, and audit trails. Start free today.

Start free Talk to us