# Multi-Tenancy & Isolation SUMMARY: How Synapse isolates data between users and minds — security boundaries explained. Multi-Tenancy & Isolation Synapse is multi-tenant: multiple users, each with multiple minds, fully isolated from each other. This page explains the isolation model. Tenant Hierarchy [CODE BLOCK] Isolation Levels Level 1: User Isolation Each user account is isolated. Alice cannot: - See Bob's minds - Access Bob's memories (even with her JWT) - List Bob's account info Enforced by: column on all tables, JWT contains , all queries filter by . Level 2: Mind Isolation Within a user, each mind is isolated. Mind A cannot: - See Mind B's memories - Access Mind B's tasks, chat, scripts Enforced by: column on all data tables, Mind Key contains , all queries filter by . > [!CRITICAL] > Mind Key isolation is the primary security boundary. A leaked Mind Key > grants full access to that mind's data — but ONLY that mind. Authentication Tokens | Token | Scope | What it can access | |-------|-------|-------------------| | Mind Key | Single mind | That mind's data only | | JWT | User account | Account management (create/list/delete minds) | | Computer Token | Single computer | That computer's commands | Cross-Mind Access Within same user User can access all their minds via JWT (e.g. lists all). But to read/write memory data, they need the specific Mind Key. Across users Users cannot access each other's data — UNLESS they explicitly share a mind via the Sharing API: [CODE BLOCK] After sharing, Bob can access Mind A via his JWT (read-only if ). Security Boundaries [CODE BLOCK] Common Multi-Tenancy Patterns Pattern 1: Single User, Single Mind Most common for individual LLM agent users. - 1 user account - 1 mind - 1 Mind Key - All memories in one scope Pattern 2: Single User, Multiple Minds For users with multiple contexts (work, personal, projects). - 1 user account - N minds (e.g. "work", "personal", "project-x") - N Mind Keys - Each LLM session uses one Mind Key Pattern 3: Team Shared Mind For teams collaborating on a project. - 1 user creates the mind (gets Mind Key) - Creator shares with team members via JWT - All team members access via JWT (or shared Mind Key) > [!WARNING] > Sharing a Mind Key gives full read/write access. For team collaboration, > prefer the Sharing API (JWT-based) over sharing Mind Keys directly. Pattern 4: SaaS Provider For apps that embed Synapse as their memory layer. - Each customer = 1 user account - Each customer project = 1 mind - App stores Mind Keys per customer/project - Full isolation between customers Isolation Verification Test: Mind Key cannot access other minds [CODE BLOCK] Test: JWT cannot read memory data directly [CODE BLOCK] Best Practices > [!TIP] > - Use one mind per project/context — isolation is your friend > - Never share Mind Keys — use the Sharing API instead > - Rotate Mind Keys if compromised (delete mind, create new) > - Audit shared minds — review periodically > - Use JWT for human UI — never expose Mind Keys to end users Next Steps - Authentication - Mind Key vs JWT - Architecture