Multi-tenancy is one of those architectural decisions that is easy to get wrong early and extraordinarily expensive to fix later. After building SaaS platforms for six clients across HR-tech, ed-tech, and logistics, we have settled on an approach that balances isolation, performance, and operational simplicity: shared database with row-level tenant isolation, powered by NestJS guards and PostgreSQL Row Level Security policies.
The architecture works as follows. Every table that holds tenant-specific data includes a tenant_id column. A NestJS guard extracts the tenant identifier from the authenticated JWT token and injects it into a request-scoped service. Every database query automatically includes a WHERE tenant_id = ? filter, and PostgreSQL RLS policies act as a safety net — even if application code accidentally omits the filter, the database will not return rows belonging to another tenant. This defence-in-depth approach means a single bug in application code cannot cause a data leak across tenants.
The NestJS module system makes multi-tenancy elegant. We define a TenantModule that provides a TenantService (request-scoped) and a TenantGuard (applied globally). The TenantService resolves the current tenant from the request context and provides it to any service that needs it via dependency injection. Prisma's middleware layer intercepts every query and automatically appends the tenant filter, so individual feature developers never need to think about multi-tenancy — it is handled transparently by the framework.
Scaling from 10 to 10,000 tenants introduces challenges around noisy neighbours and data volume. We implement per-tenant rate limiting using Redis, with configurable limits based on the tenant's pricing tier. For large tenants that generate disproportionate data volumes, we offer the option to migrate to a dedicated database — our abstraction layer makes this a configuration change, not a code change. The Prisma client is initialised with the tenant's specific connection string, and all queries route accordingly. This hybrid approach gives us the cost efficiency of shared infrastructure for small tenants and the performance isolation of dedicated infrastructure for enterprise clients.