Ideanote is hosted on a multi-tenant system. All customers are isolated within their own Postgres database with unique and randomly generated credentials, secured and encrypted using Kubernetes Secrets. All customers are isolated inside of their own namespace within Kubernetes, with network policies, roles, and other security measures in place to ensure each tenant is truly isolated.
All sensitive Customer data is only accessible after the successful exchange of a session token from our API that carries with it varying degrees of access rights to a specific Customer’s data depending on multiple factors such as the settings of the workspace, the specific user trying to access the resource, as well as the operation that is attempted to be performed on that resource. This provides logical separation between data belonging to different customers. Customer Data resides on database systems which house data belonging to multiple Customers, but our logical authentication and authorization controls separate one Customer’s data from another Customer’s data.