🛡️ Security

Enterprise-grade security.
India-first compliance.

Built from the ground up for DPDP 2023, with JWT auth, bcrypt passwords, row-level tenant isolation, and encrypted offline storage.

🔐

Authentication

  • JWT HS256 tokens with 2-hour expiry
  • Secure refresh token rotation
  • bcrypt password hashing (cost factor 12)
  • API keys bcrypt-hashed before storage
  • 30-minute inactivity session timeout for enumerators
🛡️

DPDP 2023 Compliance

  • Consent tracking field on every form
  • Purpose declaration field per form
  • Full audit logs for all data changes
  • Data erasure endpoint — anonymizes data_json on request
  • Designed for India's Digital Personal Data Protection Act 2023
📱

Offline Security

  • Data stored in browser OPFS (Chrome/Android) or IndexedDB (Safari/iOS)
  • Not stored in localStorage or plain cookies
  • Local data bound to origin — inaccessible to other sites
  • Sync uses HTTPS with TLS 1.3
  • No sensitive data written to disk unencrypted
👥

Access Control

  • 4-tier role hierarchy: master_admin → org_admin → supervisor → enumerator
  • Tenant isolation via SQLAlchemy RLS on every query
  • Enumerators see only their assigned forms
  • Supervisors see only their tenant's submissions
  • No cross-tenant data leakage — enforced at DB layer
📁

Media Security

  • Photos and audio stored on private VPS storage
  • Not on public cloud buckets (no AWS S3 public URLs)
  • Presigned download URLs with short TTL
  • Media filenames include UUID — not guessable
  • Stored outside web root — not directly browseable
📋

Audit Trail

  • Every status change (flag / approve / reject) is logged
  • Timestamps, actor ID, and previous state recorded
  • Submission history panel visible to supervisors
  • Non-repudiable — log entries are append-only
  • Available for export alongside submission data
❓ Security FAQ

Common security questions

Where is data stored?

All submission data is stored on an India-based VPS. We do not use third-party cloud databases (AWS RDS, Google Cloud SQL, etc.). Media files (photos, audio) are stored on private server storage — not in public S3 buckets or CDN.

Can enumerators see each other's data?

No. Row-level security is enforced at the SQLAlchemy query layer — every database query includes a tenant_id filter. Additionally, enumerators can only see forms assigned to them and their own submitted records. Supervisors can see all submissions within their organization only.

How do I delete respondent data?

FieldGovern provides a DPDP-compliant erasure endpoint. When called, it anonymizes the data_json field for a given submission — replacing identifiable fields with null values while preserving the submission record for audit purposes. The action is logged in the audit trail with actor and timestamp.

What happens to data stored offline on an enumerator's device?

Offline data is stored in the browser's OPFS (Chrome/Android) or IndexedDB (Safari/iOS). These are sandboxed storage APIs — other websites cannot access them. When the enumerator syncs, data is transmitted over HTTPS and then cleared from local storage. If a device is lost before sync, only locally-captured unsynced records are at risk.

Are API keys stored securely?

Yes. API keys are bcrypt-hashed before storage — the plaintext key is shown once at creation and never stored. This means even a database breach would not expose usable API keys. Keys can be revoked instantly from the Org Admin panel.

Built with security from day one.

Questions about compliance or data residency? Talk to us.

Contact Us →