Use a single database and RLS + session id to ensure queries already come filtered for that tenant without the need to add "where tenant_id = ?" around the application layer.