Security isn't a feature.
It's the foundation.
Every line of code, every architectural decision, every deployment choice — security comes first.
AmanERP uses a three-brain security architecture: ZITADEL for identity, OpenFGA for relationship-based access control, and Go with PostgreSQL for data execution. Every action is logged in an immutable audit trail.
Three-Brain Architecture
Modular security architecture — identity, policy, execution
Three specialized systems, one unified platform. Each brain handles what it does best — together, they're designed to provide security without complexity.
Identity Brain
via ZITADEL
Who you are. Authentication, SSO, MFA — identity is never an afterthought.
Policy Brain
via OpenFGA
What you can do. Relationship-based access control designed for single-digit millisecond decisions.
Execution Brain
Go + PostgreSQL
Where data lives. Type-safe business logic with ACID-compliant storage.
Every team member sees exactly what they need
Relationship-based access control for enterprise ERP
ReBAC (Relationship-Based Access Control) via OpenFGA. Not just roles — relationships. The warehouse manager in Mumbai sees Mumbai inventory. The CFO sees everything. Designed for authorization decisions in single-digit milliseconds.
One identity, many organizations
Multi-organization access management with audit trails
Auditors, consultants, contractors — explicitly granted access across organizations. Switch between client companies without logging out. Every cross-tenant action is logged, time-bounded, and revocable.
No more password sharing.
Switch organizations instantly. Every action logged.
Every action, recorded forever
Immutable audit trail — every action logged and searchable
Immutable audit logs for every create, read, update, and delete. Who did what, when, from where. Searchable, exportable, and tamper-proof.
Because "I don't know what happened" is not an acceptable answer.
invoice.created2 min agoPriya S. — INV-2026-0847 — Apex Manufacturing
payment.approved8 min agoRahul M. — PO-4521 — vendor advance ₹2,40,000
user.role_changed1 hour agoAdmin — Neha K. → role "Branch Manager (Pune)"
report.exported3 hours agoAmit D. — Q3 P&L — PDF, 42 pages
inventory.adjustedYesterdaySanjay R. — SKU-8812 qty: 150 → 143 (breakage)
Your data, your terms
Full data export in standard formats, anytime. No proprietary lock-in. No hostage situations. If you decide to leave, your data leaves with you — completely and immediately.
Standard formats
CSV, JSON, PDF — your data in formats every tool understands.
Complete export
Not a summary. Not a subset. Every record, every attachment, every audit log entry.
No lock-in
PostgreSQL underneath. Standard APIs on top. Your data is never held hostage.
Built on modern infrastructure, designed for reliability
Cloudflare edge delivery
Global CDN with automatic DDoS protection
AES-256 encryption at rest
Every byte encrypted before it touches disk
TLS 1.3 in transit
Modern encryption for every connection
Security headers
HSTS, CSP, X-Frame-Options — defense in depth
Neon PostgreSQL
Serverless, auto-scaling, branch-aware database
Automated backups
Point-in-time recovery with continuous WAL archiving
Honest about where we stand
We don't claim certifications we don't have. Here's our actual compliance posture:
SOC 2 Type II
Aligned (in progress)Architecture follows SOC 2 controls. Formal audit planned post-launch.
GDPR / DPDP
AwareData export, deletion, and consent capabilities built in. Privacy by design, not bolted on.
MCA Rule 3
Designed forImmutable financial records with cryptographic verification for Indian companies.
Questions about security?
We're happy to walk through our architecture with you.