Spotrak
Product team
A multi-tenant SaaS is a single database holding everyone's customers. The question that should keep any software vendor up at night: what guarantees that one business's query will never return, through a bug or bad intent, a customer record belonging to another business?
The bad answer, and the most common one, is "our code filters by account." Code gets forgotten. A developer writes a query, leaves out the filter, and the leak is there. Resting isolation on developer discipline is a leak waiting for its day.
Isolation lives in the database, not in the code
At Spotrak, the separation is enforced by Postgres itself, through Row Level Security. Every table carries a rule: a session can only read rows belonging to its account, full stop. Even if a query forgets its filter, the database returns nothing else. Isolation no longer depends on a developer's memory, it's structural.
Closed by default, opened by exception
The usual instinct is to open access and then restrict. We do the opposite: everything is denied by default, and we open only the strict minimum, table by table. A table we forget to configure isn't a wide-open table. It's a table no one can reach. The error leans toward safe.
Sensitive data isn't exposed directly
Session tokens, one-time codes, internal events don't live in tables the client queries. They sit in a separate schema, reachable only through privilege-controlled functions that validate before they answer. The user's browser never talks to those tables directly.
None of this shows up in the interface, and that's exactly the point. Security you can see is friction; security done right is an absence of noise. When you hand your customers' data to a piece of software, that invisible layer is what you're really buying.