Schema-per-tenant isolation
Each MFI has its own PostgreSQL schema. No shared tables, no cross-tenant leakage. Isolation enforced at app and DB level.
Security & compliance
Trust is not an option, it's the architecture.
Qredon is built to satisfy the requirements of regulators, auditors and MFI executives responsible for sensitive financial data.
Six security pillars.
Each addressing a concrete risk a modern MFI is exposed to.
Strong authentication
Three distinct JWT systems (Admin, MFI, Borrower). OTP for borrowers, hashed passwords for the rest. Strict rate limiting.
Encryption in transit and at rest
TLS 1.3 on all connections. AES-256 encryption of sensitive data at rest. Secrets managed via dedicated vault.
Comprehensive audit trail
Every action is tracked: who, when, what, before/after values. 10-year retention, CSV export for regulatory audits.
GDPR compliance
Right to be forgotten, data export, anonymization. Configurable data retention. Traced consent. Internal DPO reachable.
BCT compliance
Pre-configured regulatory settings for the Central Bank of Tunisia. Ready-to-file PAR reports.
Have a security team? Let's talk technical.
We can provide detailed architecture documentation, a security test plan and our audit results.