How is our restaurant data isolated?

Indostra uses a shared database, separate schema multi-tenancy model. Every tenant operates in a dedicated PostgreSQL schema, isolated dynamically via backend middleware search-paths.

Can a manager from branch A view sales at branch B?

No. Role-based guards validate every database query server-side. Users are scoped to specific venue IDs, preventing privilege escalation or cross-venue data leaks.

How is the system connection pooled?

We pool TypeORM connections in memory, checking schema mappings and cleaning up idle connections automatically to keep database load low.

Security & Architecture

Multi-Outlet Data Isolation
& chain security

Secure your brand's growth. Indostra utilizes a separate-schema database architecture to isolate menus, customer records, and financial ledger data between branches automatically.

Request Enterprise Spec

Data security

Enterprise-grade architecture for multi-unit chains

Your operations data is a valuable asset. We protect it using banking-grade database isolation.

Schema Isolation

Every restaurant operates within its own dedicated PostgreSQL schema, strictly partitioned.

Permission Guards

NestJS authentication guards validate user scopes before routing any data requests.

Connection Pooling

Connections are cached and pooled for 5 minutes, resolving dynamically per venue API request.

Watertight Security Controls

PostgreSQL Schema Isolation

By maintaining separate database schemas per client, we eliminate the risk of SQL injection or query leaks exposing neighbor records, ensuring absolute tenant partitioning.

Continuation-Local Storage Scoping

Our NestJS backend captures the client context on every HTTP call, setting the database search path dynamically (`SET search_path TO "tenant_schema"`) within a secure execution context.

Role-Based Permission Guards

Enforce watertight separation of concerns. Cashiers, cooks, hosts, and managers are bound to specific schema roles, preventing privilege escalation.

Dynamic Outlets Provisioning

Opening a new branch? The database service provisions a fresh isolated schema and seeds default configuration automatically, getting your new outlet ready in under 60 seconds.

Frequently Asked Questions

Is there a centralized dashboard for the brand owner?

Yes. While branch databases are strictly isolated, brand owner accounts have cross-schema aggregation privileges to monitor consolidated sales and analytics from one unified superadmin profile.

How are database migrations managed?

Migrations run across all active schemas in sequence during releases, maintaining perfect consistency across your entire network without causing manual sync downtime.

Secure your restaurant chain operations

Speak to our architectural team about your brand's data security requirements.

Request Spec Sheets See Security Sandbox

Multi-Outlet Data Isolation & chain security