Privacy Policy
Effective 2026-06-01.
Plain-English summary. When you sign up to evaluate SamvraCore ERP we collect the minimum data needed to operate your account. We do not sell it, share it for advertising, use it to promote other products, or expose it to other tenants. Only you and the people you invite can read your tenant's data — not even other SamvraCore customers can see it. You can request deletion at any time.
1. What we collect
At signup and during ongoing use, the platform records:
- Account profile — email address, first & last name, optional phone, optional job title.
- Organisation profile — organisation name and any business details you choose to fill in.
- Authentication artefacts — a bcrypt-hashed password (never the plain text), refresh-token records, and last-login timestamps.
- Operational data you enter — invoices, journal entries, employees, inventory, customers, vendors, etc. This is the data SamvraCore exists to manage.
- Server-side technical logs — request IP addresses, user-agent strings, and audit-trail entries for sensitive actions (login, permission change, data export). Retained for security and compliance, not analysis.
We do not embed third-party analytics, advertising trackers, or social-network pixels on the application or this marketing page.
2. How we use it
The data above is used exclusively to:
- Operate your SamvraCore tenant — authenticate you, render screens, run reports, send the operational notifications you've enabled.
- Maintain the platform — investigate errors, prevent abuse, restore from backup, defend against security incidents.
- Fulfil legal obligations — tax records, statutory data-retention windows, response to lawful requests.
We do not use evaluation or production data to:
- Market other products or services to you.
- Build aggregate or "anonymised" datasets that we sell or share.
- Train external AI / ML systems.
- Generate sales leads for our partners or resellers.
3. Who can see your data
Your tenant is isolated from every other tenant via PostgreSQL row-level security; queries from other tenants are physically incapable of reading your rows.
Within your tenant, visibility follows the role-based access model you configure:
- Super user — full read/write on the tenant. The first account you create at signup is the super user.
- Other roles — limited to the modules and actions you grant. Permission changes are audit-logged.
- Other SamvraCore customers — cannot see your data under any circumstance.
- SamvraCore staff — do not browse customer tenants. Production access is restricted to a small operations team, gated by SSH key + audit logging, and only invoked at your request (e.g. you've opened a support ticket and explicitly asked us to look at a record).
4. Security
- In transit — TLS 1.2+ between your browser and the platform.
- At rest — encrypted on the underlying disk; passwords stored only as bcrypt hashes (cost 10).
- Tenant isolation — every query carries the tenant ID and is enforced by row-level security policies at the database layer, not just application code.
- Access controls — JWT access tokens with short TTL, refresh tokens revocable per session, RBAC middleware on every API surface.
- Audit log — sensitive actions (login, permission grant, data export, sub-user creation) are written to an append-only audit trail with timestamp, user, action, IP, and user-agent.
Self-hosted note. The "encrypted at rest" guarantee above applies to the SamvraCore SaaS service running at samvracore.tech (where we operate the volume). If you self-host SamvraCore on your own server using the built-in database option, PostgreSQL writes its data files to ${dataDir}/pgdata/ without application-level encryption — that's how stock PostgreSQL works. We strongly recommend enabling OS-level disk encryption (BitLocker on Windows, LUKS on Linux, FileVault on macOS) on the server hosting your install. The recommendation is the same if you choose to bring your own PostgreSQL server: encryption-at-rest is the host operator's responsibility on every self-hosted deployment.
5. Data retention
- Active accounts — your data is retained as long as your tenant is active.
- Closed accounts — when you close your tenant we delete your data from active databases within 30 days. Encrypted backups roll off according to our backup-retention schedule (currently 90 days).
- Audit and security logs — retained for up to 24 months for incident-response purposes, then purged.
6. Your rights
At any time you can:
- Export your tenant's data via the in-app export endpoints.
- Edit or delete individual records yourself, with the audit trail preserved.
- Request full account closure by emailing support@samvracore.com from the registered super-user address.
- Ask for a copy of any technical log entry that references your account.
7. Cookies and local storage
The application uses browser localStorage to keep your JWT access + refresh tokens so you stay signed in across page loads. No advertising cookies, no cross-site trackers. The public marketing pages (this page, the home page) do not set any cookies at all.
8. Changes to this policy
If we materially change how we handle your data we'll update the "Effective" date at the top, notify active super users by email at the registered address, and surface a banner in the application until acknowledged.
9. Contact
Questions, data-export requests, deletion requests, or anything else: support@samvracore.com.