Data Isolation in BFF
BFF is a multi-tenant platform where multiple companies share the same infrastructure. Data isolation ensures that Company A can never see or access Company B’s data.
Two Walls of Defense
BFF implements dual-layer security for tenant isolation:
Wall 1: Application Layer
The NestJS backend enforces company scoping on every API request:
- Every request includes an
x-company-idheader - The TenantGuard validates that the user belongs to the specified company
- All database queries automatically include a
WHERE companyId = Xfilter - Invalid company context = request denied
Wall 2: Database Layer (RLS)
PostgreSQL Row Level Security policies provide a second, independent wall:
- Every table with company data has RLS policies enabled
- Policies check that
company_idmatches the current session context - Even if the application layer has a bug, the database will block unauthorized access
- Fail-closed — if no company context is set, zero rows are returned
What This Means for You
- Your data is completely isolated from other companies
- Other companies cannot see your tasks, SOPs, schedules, or team members
- Even BFF’s own application code cannot bypass the database-level protections
- This applies to all 17 entity types in the system
For Users in Multiple Companies
If you belong to multiple companies:
- You switch between them using the company selector
- Each switch changes the active company context
- You only see data for the currently selected company
- Your role may differ between companies
Security Practices
BFF also implements:
- JWT authentication via Supabase Auth
- Rate limiting to prevent abuse
- Security headers on all responses
- Error sanitization — no internal details leak in error messages
- Invitation-only access — no self-registration
Bottom line: Your operational data is protected by industry-standard multi-tenant security. No other company, user, or system can access your information without proper authorization.