This article explains how Altivo protects your school's data. It covers multi-tenancy and school data isolation, the authentication system, role-based access control, how soft deletes work, and what Altivo does and does not do with your data.
Data Security and Privacy
Altivo is a multi-tenant platform where multiple schools share the same application infrastructure, but their data is completely isolated. Think of it like an apartment building - everyone lives in the same building, but each apartment has its own locks and keys.
Every record (sponsors, assets, sponsorships, allocations, enquiries) is tagged with a school_id
The school_id is extracted from your verified authentication token on every request and cannot be spoofed or overridden
The backend validates that your token's school_id matches the data you are requesting - mismatches are rejected immediately with no data returned
Isolation is enforced at two independent levels: the application layer (FastAPI middleware) and the database layer (PostgreSQL Row-Level Security). Even if one layer had a bug, the other would still block unauthorised access
Altivo uses Supabase Auth. When you log in, Supabase issues a secure JWT (JSON Web Token) containing your identity and school_id. This token is sent with every request. Key security features:
Passwords are hashed: never stored in plain text
Tokens are cryptographically signed: cannot be forged or tampered with
Tokens expire: authentication tokens have a limited lifespan
HTTPS everywhere: all communication is encrypted using TLS
| Role | Can view | Can add/edit | Can delete | Can change settings |
|---|---|---|---|---|
| School Admin | Yes | Yes | Yes | Yes |
| School Manager | Yes | Yes | Yes | No |
| School Viewer | Yes | No | No | No |
Role enforcement happens at the backend level - even if a user tried to access a restricted feature through the interface, the backend would reject the request based on their role.
When you delete a record in Altivo, it is soft-deleted: marked as deleted and hidden from all views, but the actual data is preserved in the database. This ensures audit integrity for financial records and protects against accidental deletion. Data can be recovered by d6 support if needed.
Altivo does not sell, share, or transfer your school's data to any third party
Altivo does not use your data to train AI models
Altivo does not allow d6 staff to view your data without explicit authorisation and a valid support reason
No. Multi-tenancy is enforced at both the application layer and the database layer. School A can never see School B's sponsors, financial data, or any other records. There is no shared view and no admin override.
Yes, because all deletes are soft deletes. The data is preserved in the database. Contact d6 support with the record details and they can restore it.
This would be a critical security incident. Contact d6 support immediately with details of what was visible. Do not delay - security incidents must be escalated straight away.
No. The AI Advisor reads your live data on-demand to generate a response, but nothing is stored or used to train the AI model. Each AI session is independent.
Last updated: March 2026 | Version 1.0