Multi-Tenancy

Septimius uses a shared-database, schema-isolated model to support multiple organisations across all products within a single PostgreSQL instance.

Tenant Hierarchy

The tenancy model follows a three-level hierarchy:

• Organisation — The top-level tenant boundary. All data isolation starts here.
• Teams — Subdivisions within an organisation. Teams share organisation-level resources but can have their own scoped data and permissions.
• Users — Individual accounts belonging to one or more teams within an organisation.

Data Isolation

Row Level Security (RLS) policies enforce data isolation at the database layer. Every table that holds tenant-scoped data includes an organisation_id column, and RLS policies ensure that queries only return rows belonging to the authenticated user’s organisation. This approach provides strong isolation without the operational overhead of managing separate schemas or databases per tenant.

Cross-Product SSO

Supabase Auth provides cross-product single sign-on. A user authenticates once and receives a session token that is valid across all Septimius Technology Group products. The session carries the user’s organisation context, team memberships, and permission tier, allowing each product to enforce access control without requiring separate login flows.

Platform API

The Platform API at /api/platform/v1 provides unified access for all products. It handles tenant resolution from the authentication context, applies RLS-backed data access, and exposes shared services such as user management, organisation settings, and cross-product analytics. Products call the Platform API rather than querying shared tables directly, ensuring consistent access patterns and centralised audit logging.