SpiderIQ
SpiderIQ
Get Started
S
SpiderIQ
Back to Blog Multi-Tenant Isolation: How We Keep Agency Data Separated

Multi-Tenant Isolation: How We Keep Agency Data Separated

Marc Duval
Marc Duval May 07, 2026 · 1 min read
RSS
Title
Multi-Tenant Isolation: How We Keep Agency Data Separated — SpiderIQ Main
Description
Multi-Tenant Isolation: How We Keep Agency Data Separated — SpiderIQ Main.
Canonical URL
https://spideriq.ai/blog/multi-tenant-isolation
Published
2026-05-07T10:57:38
Author
Marc Duval
Cover Image
https://images.unsplash.com/photo-1555949963-ff9fe0c870eb?w=1200&h=630&fit=crop
Tags
engineering, security, multi-tenant
Reading Time
1 min
Slug
multi-tenant-isolation

When agencies trust you with their client data, isolation is not optional. Here is how we built multi-tenant isolation into every layer of SpiderIQ.

Row-Level Security

Every table in our PostgreSQL database enforces row-level security policies. A tenant_id column exists on every table, and RLS policies ensure queries only return rows belonging to the authenticated tenant.

Encrypted Secrets

API keys, SMTP credentials, and OAuth tokens are encrypted at rest using AES-256-GCM with per-workspace encryption keys derived from a master key via HKDF.

Audit Trails

Every MCP tool call, every data access, every configuration change is logged to an append-only audit table with tamper-evident checksums.

engineeringsecuritymulti-tenant
Back to Blog