At a glance
NEXT AI uses logical separation in a secure multi-tenant environment. Authorization is enforced by workspace-scoped identifiers in access tokens and API-level checks that restrict every request to the right tenant context. Enterprise Workspaces can choose physical separation (their own AWS account).
How separation is enforced
Tenant context in every call: The client authenticates into a chosen workspace; the workspace/customer identifier is embedded in the token, and the API only serves data for that identifier.
Data segmentation: Customer production data is segmented so it’s accessible only to authorized users of that workspace.
Least-privilege access: Infrastructure roles and permissions are designed using least-privilege principles to minimize cross-tenant risk.
Monitoring & auditability: Cloud-native logging (e.g., CloudWatch/CloudTrail) records access and operations for investigation and audit.
Need hard isolation? See Physical separation available to Enterprise customers in dedicated AWS accounts. For region choices, see Data processing location (data residency).
Standards & guidance
The model aligns with AWS tenant-isolation patterns for SaaS providers (including serverless designs).
FAQ
Q: What’s the difference between logical and physical separation at NEXT AI?
Logical separation = multi-tenant with strict token + API checks per workspace. Physical separation (available Enterprise customers) = dedicated AWS account per workspace (separate compute, data, APIs).
Q: How does NEXT AI technically prevent cross-tenant access?
Every request carries a workspace identifier in the access token. The customer-specific API instance enforces that identifier, ensuring only data for that workspace can be accessed. Cloud logs provide audit trails.
Q: Is logical separation enough for compliance (e.g., SOC 2) and security best practice?
Yes. Logical separation with least-privilege IAM and auditable controls is a recognized pattern for SaaS multi-tenant environments; Enterprise customers that need hard boundaries can opt for physical separation.
Q: Can customers keep our data in the EU with logical separation?
Yes—see Data processing location (data residency) for available regions and defaults (workspaces defaults to eu-west-1; customers on paid plans can choose region).
Q: Does logical separation mean data is mixed in the same tables?
Data is segmented and access-controlled at the service/API layer using workspace context. Whether storage is per-tenant or pooled, authorization and audit controls prevent cross-tenant access.
Q: How do customers upgrade to physical separation?
Upgrade to an Enterprise Workspace and NEXT AI will provision a dedicated AWS account for your workspace. See Physical separation for details.