Security architecture, in the detail your team will ask for

SalesPort runs on Amazon Web Services in the Mumbai region (ap-south-1). Application servers sit behind managed load balancing; databases are not directly exposed to the public internet and are reached only through the application tier. Indian client data stays resident in India, which matters for DPDP Act 2023 expectations and for government empanelment.

The platform is the same Django + MySQL backend and Flutter front-end that runs ₹8,572 Crore of GMV and ~12 Lakh daily transactions in production — so the architecture is load-tested by real distribution traffic, not a reference design.

SalesPort uses per-client database isolation by default. Rather than a single shared multi-tenant table keyed by a tenant ID, each client's distribution data sits in its own logical database boundary. This reduces the blast radius of any single-tenant issue, makes per-client backup and restore clean, and makes contractual data-ownership and data-export clauses simple to honour.

For enterprise and government buyers who require physical separation, a dedicated-instance deployment is available. The choice between shared-cloud, dedicated-cloud, and on-premise is made at deployment time and written into the service agreement.

Server APIs require authenticated, token-scoped access; a request is authorised against the caller's role before any data is returned, so a distributor token cannot read another distributor's data. Rate limiting protects against abuse and runaway clients. Integration endpoints (Tally, SAP B1, payment gateways) are scoped to the specific data they need.

The SalesPort field-force, retailer, and distributor apps are built in Flutter with offline-first sync — orders and visits captured with no connectivity are stored locally in encrypted form and synced over TLS when the device reconnects. Sessions are token-based and revocable, so a lost or reassigned device can be cut off centrally. Device-hardening controls (such as root/jailbreak awareness and certificate pinning) are applied to protect against tampered devices in the field.

Code changes go through review before reaching production. Dependencies are tracked and updated to address known vulnerabilities, and deployments are automated so production matches a known, reviewed state rather than ad-hoc manual changes. Administrative and privileged actions are written to audit logs, MFA is enforced on admin accounts, and the platform undergoes quarterly third-party penetration testing — all under an ISO 27001-aligned control framework.

Procurement and security teams routinely send a security questionnaire as part of vendor onboarding. We complete these directly. Request the current questionnaire, our sub-processor list, and an architecture walkthrough by emailing info@sortstring.com, and we will route it — usually within one business day, under NDA where required.