Every record in ZiplineOS is tagged with your organisation's ID, and the database itself refuses to return any row that doesn't belong to you. Your data and another customer's data may share the same platform, but you only ever see your own.
How it works
ZiplineOS is multi-tenant: many organisations use the same running platform. Being on the same platform never means sharing data. Everything you create — contacts, deals, files, forms, workflows — carries an invisible label with your organisation's ID.
The separation is enforced in the database, not just in application code, using a feature called row-level security. Our internal name for this protection is Ziplock.
In plain terms:
- When you sign in, your organisation's ID is attached to your database session — like stamping a badge on every query.
- The database returns only rows matching your badge. Other organisations' rows are invisible before any answer comes back.
- This applies to reads and writes, so you can't accidentally see, change, or delete another organisation's record.
Because the rule lives in the database, it holds even if application code forgets to filter. The safe default is baked in one layer deeper than the app.
Parent and sub-organisations
ZiplineOS lets one organisation contain others (for example, a head office with branch offices). Ziplock understands this hierarchy: a parent can see its children's records, but a sub-organisation cannot see its siblings or its parent. You see your data plus anything genuinely below you — nothing across the fence.
Fail-closed design
If a request ever reaches the database without a clear organisation stamp, ZiplineOS refuses the query outright rather than guess or show too much. The only thing that can go wrong is "you briefly can't see your own data" — never "you accidentally see someone else's."
A small number of background maintenance jobs run with broader access by design — they're trusted internal processes, not reachable from your account or any customer's session. Your day-to-day sign-in is always scoped to your organisation only.
For compliance or due-diligence questions, contact your ZiplineOS account team — they can walk you through the architecture in detail. The technical specifics (database roles, connection stamping, row-level-security policies) are available to engineering staff in internal documentation.
