CAP-033 — Tenant data isolation¶
| Category | Platform & SaaS |
| Business goal | BG-011 |
| Satisfying module | MOD-052 Role-scoped data access |
| Mode | GATE |
| BD owner | BD09 Technology |
| Human needed | No |
Complete data segregation between tenant institutions — no cross-tenant data access at the database, API, or identity layer. Each tenant's customer data, transaction records, and configuration live in isolated infrastructure. Even in failure modes, no tenant can access another tenant's data. This is a hard architectural guarantee, not a configuration setting.