# Research Findings ## Multi-Tenant Architecture Decisions ### Database Multi-Tenancy Strategy **Decision**: PostgreSQL with Row-Level Security (RLS) **Rationale**: - Provides strong data isolation between tenants - Supported by Django and FastAPI - Built-in security at database level - Cost-effective for 100 tenant scale - Malaysian data residency compliance **Alternatives considered**: - Separate databases per tenant: Too expensive at scale - Schema-based tenancy: Complex management and migration challenges - Application-level filtering: Higher security risk ### Backend Framework Selection **Decision**: Django + Django REST Framework **Rationale**: - Built-in admin interface for back office - Mature multi-tenant packages (django-tenants) - Strong ORM for complex data models - Authentication system built-in - Malaysian developer community support **Alternatives considered**: - FastAPI: Better performance but less built-in admin - Flask: Too minimal for complex business logic - Node.js: Not ideal for Malaysian enterprise market ### Frontend Framework Selection **Decision**: Next.js with TypeScript **Rationale**: - Server-side rendering for SEO - Type safety for large codebase - Malaysian SME users need fast, responsive UI - Strong component ecosystem - Easy deployment with Docker ### Authentication Strategy **Decision**: Multi-auth approach with Django Allauth **Rationale**: Supports all required methods: - Email/password with MFA - SSO integration - OAuth providers - Custom Malaysian National ID integration (future) ### Payment Processing **Decision**: Stripe + Midtrans dual integration **Rationale**: - Stripe: International standard, subscription management - Midtrans: Malaysian payment methods (FPX, e-wallets) - Both support recurring billing and one-time payments - Well-documented APIs for both frameworks ### Healthcare Compliance **Decision**: PDPA 2010 + additional safeguards **Rationale**: - Malaysian Personal Data Protection Act compliance - Audit trails for patient data access - Data encryption at rest and in transit - Role-based access control for healthcare data - Ready for future international standards adoption ### Performance & Scalability **Decision**: Vertical scaling first, with horizontal expansion path **Rationale**: - 100 tenants with 10 users each fits well on single server - PostgreSQL connection pooling for efficiency - Redis for caching and session management - Kubernetes-ready for future expansion - Container orchestration for consistent deployment ### Infrastructure **Decision**: Docker + Kubernetes **Rationale**: - Consistent development and production environments - Malaysian cloud provider support (AWS, Azure, Google Cloud) - Auto-scaling capabilities - Rolling updates without downtime - Malaysian data center options ### Module Architecture **Decision**: Django Apps with Plugin System **Rationale**: - Each industry module as separate Django app - Shared core infrastructure - Plugin-based activation based on subscription - Independent testing and deployment - Malaysian market-specific customizations per module ### Data Retention Implementation **Decision**: Automated cleanup with configurable periods **Rationale**: - 90-day retention period configurable per tenant - Soft delete with permanent cleanup - Audit logging for compliance - Tenant-level override capability - Malaysian legal compliance ### Testing Strategy **Decision**: Pyramid testing approach **Rationale**: - Contract tests for API compatibility - Integration tests for multi-tenant isolation - Unit tests for business logic - End-to-end tests for user flows - Performance tests for scalability validation ### Monitoring & Observability **Decision**: ELK Stack + Prometheus **Rationale**: - Malaysian developer community support - Multi-tenant usage monitoring - Performance bottleneck identification - Security event logging - Malaysian data residency compliance