security

Soft-delete + super-admin restore

Mistakes happen. Data does not disappear.

Seven tenant-scoped tables (cars, customers, owners, guarantors, drivers, bookings, rent_agreements) carry a deleted_at column. DELETE requests set the timestamp instead of issuing a real DELETE. Super-admin restores in one click.

No ORM global filter — every SELECT filters explicitly (greppable)
Super-admin view: /api/superadmin/deleted across all tenants
One-click restore clears deleted_at
Foreign keys stay intact — no orphan cascades

How it works

SoftDeleteMixin on 7 models adds the column. Alembic migration 0001_soft_delete applies it. Routes use .where(Model.deleted_at.is_(None)) on list; DELETE sets Model.deleted_at = NOW().

Super-admin tools at /superadmin/deleted (coming soon as a UI).

Start free Sign in

More security features

Multi-tenant isolation
One codebase, many companies, zero crosstalk.
2FA (TOTP)
The standard second factor, in every account.
OIDC / SAML single sign-on
Corporate accounts signing in via your IdP.
Audit log
Every change, with who + when + what.