arrow_back All articles

One database per school: how Vidyora isolates your data

When a single platform serves many schools, one question decides whether it’s trustworthy: can one school ever see another’s data?

Plenty of systems answer this with a WHERE school_id = ? filter on shared tables. It works — until a query somewhere forgets the filter. Vidyora takes a stronger position: each school gets its own database.

Isolation by architecture, not by hope

In Vidyora, every school (a tenant) runs in a dedicated database. There is no shared table of everyone’s students that a stray query could leak across. Separation is physical.

A small central catalog does just one job: it maps a request to the right school and connects to that school’s database. Crucially, the catalog stores no database credentials — connection details are composed at runtime from server-side configuration, so the routing layer never becomes a set of keys to every school.

What this means in practice

  • A leak is contained by design. There is no cross-tenant table to expose.
  • Performance stays predictable. One large school can’t slow down another’s queries.
  • Failure is isolated. If one school’s database has an issue, every other school keeps running — problems are logged and skipped, never allowed to block the whole platform.
  • Onboarding is clean. Provisioning a new school creates and migrates its database, seeds its defaults, and only then registers it — so a catalog entry always implies a working school.

Scoping within a school, too

Isolation doesn’t stop at the school boundary. Inside a single school, data can be scoped by branch or campus, and a dynamic role-based access system controls exactly which modules and records each staff member can see. A manager hierarchy scopes who can see whose data.

Security all the way down

Database-per-tenant is the foundation, but it sits under a full stack of protections: modern authentication (hashed passwords, OTP with brute-force protection, rotating refresh tokens), a hardened web layer (content-security-policy, strict input validation, HTML sanitisation), and an automatic, field-level audit trail of who changed what.

For a school group, this is the difference between trusting a filter and trusting the architecture. We think schools — and the families who depend on them — deserve the latter.

Read more on our Security & Trust page, or request a demo.

arrow_back Back to blogRequest a demo

Ready to bring your whole school onto one platform?

See Vidyora with your school’s own scenario. A short, no-pressure walkthrough with our team.

No credit card · Works on web, PWA & Android · Set up with our team