I Built a Multi-Tenant SaaS for 50+ Tenants — Here's the Complete Architecture

Six months into building CitizenApp — a GDPR-compliant citizen management SaaS — a customer asked: "Are you sure my data is completely separate from other organisations using this?"

I said yes. Then I went and checked the code. I found three endpoints that could theoretically return cross-tenant data if a specific race condition hit. Nothing had leaked. But it could have.

That conversation triggered a complete rearchitecture of our tenant isolation stack. This post documents every significant decision I made — and what I'd do differently if I started over today.

The First Decision: Choosing Your Isolation Model

I Built a Multi-Tenant SaaS for 50+ Tenants — Here's the Complete Architecture

Other newsrooms on this story

Related reading

Building Multi-Tenant Row-Level Security in PostgreSQL: A Production Pattern

Approaches to tenancy in Postgres — PlanetScale

Shipping at the Edge: Migrating a Coffee Subscription Platform to Cloudflare…

AWS vs DigitalOcean for SaaS: Why We Chose DigitalOcean for a Production Rails…

I Built an AI Data Chat Tool in My Portfolio App Using Gemma 4, CrewAI, DuckDB,…

How I vibe-coded a full SaaS product using Claude