Hosting, access & platform policy
How the WindoorERP cloud platform is operated — what the customer controls, what we manage on their behalf, and the boundaries that keep every tenant's database safe, portable, and secure.
You may commission or develop custom Odoo modules and send them to us; our team will install them into your database directory on the hosting platform. Modules are reviewed for safety and compatibility before deployment.
To protect platform integrity and other tenants, the customer is not granted file-system or SSH access to the hosting environment. All changes flow through controlled deployment by the WindoorERP team.
The customer can download a full backup of their database at any time from the customer portal at windoorerp.com. The backup is provided in standard Odoo format and is fully portable.
The customer retains the right to appoint any certified Odoo partner to implement, customize, or extend Odoo for their company. Implementation work is not limited to Nawah; we will collaborate with any partner of your choosing.
Each customer database is reachable via a dedicated subdomain — e.g. test.windoorerp.com. The customer may also point their own custom domain (e.g. erp.yourcompany.com) to the database via standard DNS configuration.
The platform exposes Odoo's standard external API (XML-RPC and JSON-RPC). Access is disabled by default; the customer requests a service user and an API key for a specific integration. Calls are served over HTTPS, obey the same access rights and record rules as the web client, and are throttled to approximately 1 call/second per key to protect platform stability. Keys are generated in the user profile, shown once, and can be revoked at any time.
windoorerp.com will perform emergency platform updates (security patches, critical fixes) whenever required to protect the service. These updates are applied without accessing customer data; they affect only platform code and infrastructure.
Non-emergency platform updates are deployed inside a recurring window of Fridays 02:00–04:00 Qatar time. Customers are notified at least 48 hours in advance via email and the customer portal so they can plan around brief service interruptions.
Upgrading the database to a newer major Odoo version (e.g. 18 → 19) can be performed on customer request as a separate engagement. Pricing depends on data volume, the number and complexity of custom-addon code lines, and any required functional regression testing. A written estimate will be provided before any work begins.
All traffic between the browser, mobile app, and the WindoorERP platform is served exclusively over HTTPS using current TLS standards. No plain-HTTP endpoints are exposed; all sessions, API calls, and file downloads are encrypted end-to-end at the transport layer.
In addition to the customer's self-serve backups, we run automated weekly snapshots retained for one month (a rolling window of 4 backups). These exist as our disaster-recovery safety net, separate from any backups the customer downloads from the portal.
After the subscription ends, the customer has a 30-day grace period to log into the customer portal and download a full backup. After 30 days the database and all associated backups are permanently deleted from our infrastructure.
Outbound email from the ERP — quotations, invoices, notifications — is sent through the customer's own SMTP relay (typically Google Workspace, Microsoft 365, or a transactional provider such as SendGrid or Mailgun). The platform does not include a shared outbound mail service; this guarantees deliverability under the customer's own domain reputation, SPF, and DKIM records.
Custom modules supplied by the customer pass through a security and compatibility review before installation. WindoorERP reserves the right to refuse a module, or remove an installed module, that threatens platform stability, security, or other tenants' data. The customer is informed of the reason and given the opportunity to remediate.
Third parties that may process customer data on our behalf: Contabo GmbH (data-center hosting, Germany — EU-grade infrastructure with 99.9% uptime SLA); Odoo S.A. (Enterprise-tier license & code updates — applies only to Enterprise subscriptions). Any additional integrations selected by the customer (WhatsApp Business API gateway, OCR vendor, SMS gateway, payment processor) become sub-processors for those specific data flows under the customer's own contract with that provider.