Tenant isolation
Each agency workspace is isolated by agency ID. PostgreSQL row-level security policies and tenant-safe relationship checks prevent agency users from reading or writing another agency's operational records.
Trust
SafarOS is designed for sensitive group-travel operations, including traveller contact information, passports, documents, payments, and booking records. Security is built into the product architecture rather than added as a presentation layer.
Each agency workspace is isolated by agency ID. PostgreSQL row-level security policies and tenant-safe relationship checks prevent agency users from reading or writing another agency's operational records.
SafarOS uses Supabase Auth for authenticated sessions. Role-based access controls distinguish owners, admins, agents, viewers, travellers, and tour leaders, with server-side checks and database policies enforcing access.
Traveller documents are stored in private storage. Access is evaluated through authenticated agency membership and scoped storage paths; permanent public document URLs are not used for sensitive files.
Ordinary product workflows use the authenticated user's database access. Service-role credentials are restricted to server-only administrative workflows and are never exposed to browsers.
SafarOS uses managed infrastructure for its database, authentication, and storage. Backup and recovery procedures are part of operational controls and are reviewed as the service grows.
If you believe you have identified a security issue, contact us privately with enough detail to reproduce it. Please do not include traveller documents, passwords, or other sensitive data in an email.
Send security reports to support@safar-os.com with the subject line “Security report”. We will acknowledge and investigate reports in good faith.