Comment by redwood

It'd be useful to understnad the nature of that logical separation: for example is data from different tenants stored on disk using different encryption keys? what about in memory? or perhaps there's no encryption-level isolation but you're relying on an authorization layer to authorize to different pieces of data: if that's the case is that built on Postgres's row-level security, for example?

These are fundamental points to be open and transparent about to instill confidence