Multi-Tenant Security

Enterprise Security Requirements

Role memory contains some of the most sensitive institutional knowledge an organisation holds: vendor negotiation strategies, internal escalation paths, system vulnerabilities and workarounds, commercially sensitive decisions, and the operational intelligence that drives competitive advantage. The security model for a role memory platform must meet enterprise standards — not as a feature, but as a foundational requirement.

Tenant Isolation

RolegacyAI is architected for strict tenant isolation. Each organisation operates in a completely separate logical environment. Role memories, vector indexes, audit logs, and configuration data are partitioned at the tenant level with no shared data paths between tenants. Tenant isolation is enforced at the data layer, the retrieval layer, and the API layer — ensuring that a query in one organisation's environment cannot surface, leak, or reference data from another.

Role-Level Access Controls

Within a tenant, access to role memory is governed by role-level access controls. The default model is that role memory is accessible to the current holder of the role, to authorised HR and operations personnel, and to designated successors during the transition period. Cross-role access — where a senior leader might need visibility into the risk posture across multiple roles — is a separately authorised access level with its own audit trail.

Access control lists are configured by the tenant administrator and can be adjusted to match the organisation's existing RBAC model, including integration with Active Directory or other identity providers.

Encryption

Role memory is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed at the tenant level, with support for customer-managed keys for organisations with specific key management requirements. Vector embeddings, memory entries, audit logs, and configuration data are all encrypted independently.

Compliance Considerations

The multi-tenant security model is designed to support compliance with GDPR, UK GDPR, SOC 2 Type II, and ISO 27001 requirements as applicable to the organisation's jurisdiction and industry. Key compliance features include data residency controls (specifying the geographic location of data storage), retention and deletion policies (including the right to erasure for personal data), and audit logging of all data access and processing events.

Audit Logging

Every interaction with the role memory system is logged: who accessed which role's memory, what queries were made, what content was captured, what was sanitised, what was validated, and what was modified. Audit logs are immutable and available for export to SIEM systems. Logs are retained for a configurable period aligned with the organisation's compliance requirements.