When a single platform serves many schools, one question decides whether it’s trustworthy: can one school ever see another’s data?
Plenty of systems answer this with a WHERE school_id = ? filter on shared tables. It works — until a query somewhere forgets the filter. Vidyora takes a stronger position: each school gets its own database.
Isolation by architecture, not by hope
In Vidyora, every school (a tenant) runs in a dedicated database. There is no shared table of everyone’s students that a stray query could leak across. Separation is physical.
A small central catalog does just one job: it maps a request to the right school and connects to that school’s database. Crucially, the catalog stores no database credentials — connection details are composed at runtime from server-side configuration, so the routing layer never becomes a set of keys to every school.
What this means in practice
- A leak is contained by design. There is no cross-tenant table to expose.
- Performance stays predictable. One large school can’t slow down another’s queries.
- Failure is isolated. If one school’s database has an issue, every other school keeps running — problems are logged and skipped, never allowed to block the whole platform.
- Onboarding is clean. Provisioning a new school creates and migrates its database, seeds its defaults, and only then registers it — so a catalog entry always implies a working school.
Scoping within a school, too
Isolation doesn’t stop at the school boundary. Inside a single school, data can be scoped by branch or campus, and a dynamic role-based access system controls exactly which modules and records each staff member can see. A manager hierarchy scopes who can see whose data.
Security all the way down
Database-per-tenant is the foundation, but it sits under a full stack of protections: modern authentication (hashed passwords, OTP with brute-force protection, rotating refresh tokens), a hardened web layer (content-security-policy, strict input validation, HTML sanitisation), and an automatic, field-level audit trail of who changed what.
For a school group, this is the difference between trusting a filter and trusting the architecture. We think schools — and the families who depend on them — deserve the latter.
Read more on our Security & Trust page, or request a demo.