[AaronM]

The big challenge that I remember from building a product is making sure customer A never sees customer B data.

So all of your messages end up passing some sort of customer identifier everwhere and you need to enforce checking it at the lowest possible levels

[barnabas-szoke]

How did you solve that? Did you go for a siloed model or a pool/hybrid model with some kind of row-level security (or something else)? Did you have any specific reason to build your custom solution instead of using a managed service offering like Auth0 / Clerk, etc...?