Blog

Behind the scenes: how your inspection and violation records are stored

One app, many companies — and strict walls between them

SafetyInspect runs on Cloudflare Workers with a SQLite database (Cloudflare D1). Think of D1 as a single filing cabinet: every row of data that belongs to your company is tagged with your organization ID. When the server answers a request, it only loads rows for the organization you are allowed to see. Other customers never appear in your queries — that separation is enforced in the application layer, not something you have to remember to filter by hand on every screen.

Locations: the anchor for everything on site

A location is a site, building, yard, or facility you name and optionally address. Almost everything safety-related in the app hangs off a location: inspections happen at a location, and violations are tied to both the inspection and that same location. That way, when you run a report filtered by location, the database can summarize counts and open items without guessing.

Inspections: the event on the calendar

An inspection is a scheduled or completed walkthrough: title, type (such as OSHA-style or general), dates, status (scheduled through completed), and notes. It points to one location and to your organization. The inspection is the “container” for what you found that day — so auditors can see a clear story: we went to this place on this date under this inspection record.

Violations: the actual findings

Each violation row is a single finding: description, category (for example electrical, chemical, fire), severity, regulatory code references where you enter them, status (open, in remediation, cleared), corrective action text, due dates, and optional custom fields that your org names in settings. Violations link to both the inspection and the location so reporting stays consistent even if you later change how you name locations.

Photos: evidence and clearance, not just pretty pictures

When you attach images to a violation, the file is processed through the app’s image pipeline (typically Cloudflare Images). The database does not store the raw image bytes in the main violation row — it stores references (IDs), whether the image is evidence (the problem) or clearance (proof of fix), and sort order. That keeps the database fast while still letting exports include URLs to the photos in CSV downloads for your records.

Why this structure matters

  • Traceability: Inspection → violations → photos gives a defensible chain for internal review.
  • Reporting: Filters by date and location map cleanly to SQL queries the server already understands.
  • Scale: SQLite/D1 suits many organizations; the shape of the data stays the same as you grow.

This article describes behavior at a high level. Deployments may vary slightly (for example exact image hosting), but the relationships — organization, location, inspection, violation, images — are the core model.