Data Storage & Architecture

Understanding how Eden2Olive stores and manages your data

Multi-Tenant Database Architecture

Eden2Olive uses a sophisticated multi-tenant architecture that ensures complete data isolation between different church organizations. This architecture provides enhanced security, scalability, and data integrity.

System Administration Layer

  • System administrators
  • Tenant registry
  • System-wide settings
  • Shared data (states, FAQ)
โ†’

Tenant Data Layer

  • Church users & members
  • Family & member records
  • Financial data
  • Activity logs

System Administration Data

The system administration layer contains system-wide administration data and tenant management information.

๐Ÿ‘ค Admin Users

  • Admin user accounts
  • Admin user profiles
  • Admin role assignments
  • Password reset tokens

๐Ÿข Tenant Management

  • Tenant registry
  • Tenant information
  • Tenant owner details
  • Tenant configuration

โš™๏ธ System Settings

  • System-wide settings
  • Admin roles & permissions
  • Admin activity logs
  • FAQ content
  • States/regions data
Important: The system administration layer does NOT contain any church member data, financial records, or tenant-specific operational data. This separation ensures that system administrators cannot accidentally access tenant data.

Tenant Data Storage

Each church organization (tenant) has its own isolated data storage. This ensures complete data separation and security.

๐Ÿ‘ฅ User Management

  • Tenant user accounts
  • User profiles
  • User role assignments
  • Password reset tokens

๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Members & Families

  • Church members
  • Member status tracking
  • Family records
  • Family relationships

๐Ÿ’ฐ Financial Data

  • Fund accounts
  • Offering records
  • Expenditure records
  • Expenditure types
  • Financial events

๐Ÿ” Roles & Permissions

  • Tenant role definitions
  • Role permissions
  • Ability definitions

๐Ÿ“Š Other Data

  • Membership types
  • Tenant-specific settings
  • Activity logs
  • Notifications

Data Isolation & Security

๐Ÿ”’ Complete Data Separation

Each tenant has its own isolated data storage with no shared data structures. This means:

  • No cross-tenant data access possible
  • Complete isolation of sensitive information
  • Independent data management
  • No risk of data leakage between organizations

๐Ÿ›ก๏ธ Access Control

Multi-level access control ensures data security:

  • Storage Level: Each tenant's data is stored separately
  • Application Level: System routes requests to correct data storage
  • User Level: Role-based permissions control what users can see/modify
  • Admin Separation: Admin users cannot access tenant data

๐Ÿ“ Audit Trail

Complete activity logging for accountability:

  • All CRUD operations are logged
  • User who performed the action is recorded
  • Field-level changes are tracked
  • Timestamps for all activities
  • Separate logs for admin and tenant activities

Data Management Practices

๐Ÿ—‘๏ธ Soft Delete

Data is never permanently deleted immediately. Instead, records are marked for deletion with timestamps, allowing for recovery if needed. This protects against accidental deletions.

๐Ÿ’พ Regular Backups

Regular data backups are performed to prevent data loss. Each tenant's data is backed up independently, ensuring quick recovery if needed.

๐Ÿ”„ Data Migration

Data structure updates are applied separately to system administration and tenant data storage. This ensures that changes don't affect other tenants and allows for independent versioning.

๐Ÿ“Š Data Integrity

Data integrity constraints and indexing ensure data consistency and optimal performance across all data storage.

What Data is Stored Where?

Data Type System Administration Tenant Data Storage
User Accounts โœ… Admin users only โœ… Tenant users (church members, staff)
Roles & Permissions โœ… Admin roles & abilities โœ… Tenant roles & abilities
Members & Families โŒ Never โœ… All member & family data
Financial Records โŒ Never โœ… All financial data
Activity Logs โœ… Admin activity logs โœ… Tenant activity logs
Settings โœ… System-wide settings โœ… Tenant-specific settings
Tenant Registry โœ… Tenant list & info โŒ Never

Key Principles

1. Data Isolation

Each tenant's data is completely isolated in its own storage. One tenant cannot access another tenant's data under any circumstances.

2. Separation of Concerns

Admin operations and tenant operations are completely separate. Admin users manage the system, tenant users manage their church data.

3. Security First

Security is built into the architecture at every level - database, application, and user access.

4. Scalability

The multi-tenant architecture allows the system to scale by adding new tenant data storage without affecting existing tenants.

Back to Home Read Privacy Policy