Multi-tenant product
❔Advice
Questions (Convex noobie here)
Context: We're building a multi-tenant AI chat platform for fitness gyms. The system includes an embeddable chat widget with real-time messaging, a RAG pipeline (vector search + LLM), a WhatsApp/SMS message bridge via Twilio webhooks, trial booking with email/SMS notifications, and an admin dashboard with analytics. We're targeting 50+ tenants initially, scaling to hundreds, with thousands of conversations per month.
---
1. Multi-Tenant Data Isolation
Convex has no row-level security (RLS) at the database level. In Postgres, we can enforce
tenant_idtenant_id filtering at the database layer as defense-in-depth, so even a buggy query can't leak data across tenants.- What is Convex's recommended pattern for enforcing strict tenant data isolation?
- Is there any database-level mechanism to prevent a function from accidentally reading another tenant's data? (e.g., something analogous to Postgres RLS policies)
- Are there plans to add row-level security or table-level access policies?
- For a multi-tenant SaaS handling sensitive customer data (phone numbers, emails, conversation history), what safeguards do you recommend beyond function-level checks?
---
2. Concurrent Subscription Limits at Scale
Each open chat widget on a gym's website holds at least one active query subscription. With 50+ tenants and potentially many simultaneous website visitors, we need to understand the ceiling.
- The Professional plan lists 256 concurrent queries. Does each active
useQuery()useQuery() subscription from a connected client count toward this limit?- If we have 200 simultaneous widget users each subscribing to their conversation's messages, does that consume 200 of the 256 concurrent query slots?
- What happens when the concurrent query limit is hit — are new subscriptions queued, degraded, or rejected?
- Is there a plan tier above Professional for higher concurrency, or is this negotiable?
---
