B2B SaaS products cannot treat all customer documents as one blob. Sales teams upload competitive intel; HR customers upload policies. Your architecture must guarantee corpus isolation without running a separate vector cluster per tenant on day one.
Isolation model
Oprag isolates data per company and project on our AWS infrastructure. Each customer workspace maps to:
- Dedicated document store for that project
- API keys scoped to that project only
- Dashboard access controlled by your team
Integration is API-first — Oprag does not deploy inside your customer’s AWS account. Your app proxies chat requests with the key for that tenant’s project.
Recommended tenancy mapping
| Your concept | Oprag concept |
|---|---|
| Customer org | Company account (yours) + project per customer |
| Environment | Separate projects or keys for staging |
| Product line | Separate projects if corpora must not mix |
Create projects programmatically as customers onboard. Store project_id and encrypted API key in your tenant record.
Onboarding flow
- Customer connects or uploads docs (your UI)
- Your backend creates an Oprag project + key
- You ingest files via dashboard or upload API
- Customer admin validates golden questions in dashboard (optional but recommended)
- Your app enables “Ask your docs” feature flag
Request path
End user → Your SaaS (tenant context) → Your backend selects tenant key → Oprag /v1/chatNever reuse one global key across tenants — that breaks isolation and auditing.
Compliance conversations
Security reviewers will ask:
- Where does data live? Oprag’s AWS, tenant-isolated by project
- Subprocessors? See privacy policy
- Customer AWS? No — customers integrate via API; data is not mirrored to their VPC by default
Link reviewers to security page early in enterprise deals.
Multi-tenant UX patterns
- Show citations with links back to their doc viewer routes
- Label answers as “from your uploaded documents”
- Offer delete/export when contracts end
Testing isolation
Before GA:
- Upload distinct marker files to two test projects
- Query project A for content only in project B — expect refusal or empty citations
- Automate this check in CI if you create projects via API
Related workflows
- REST integration for backend wiring
- Internal knowledge base search for your own ops team on the same pattern