If you're building a SaaS product — software that multiple businesses will sign up for and use independently — one of the first architectural decisions is how to handle "tenancy." This sounds technical, but the concept is simple and the choice has real consequences for your costs, security, and ability to scale.
What "multi-tenant" means
Imagine an apartment building. Every tenant has their own unit with their own lock, but they share the building's structure, plumbing, and electricity. That's multi-tenancy. One application serves many customers, and each customer's data is kept separate even though they're running on the same infrastructure.
The alternative is single-tenancy: every customer gets their own building. Their own server, their own database, their own deployment. More isolated, but much more expensive to run and maintain.
The three common approaches
1. Shared everything (pooled)
All tenants share the same database, the same application instance, and the same infrastructure. Tenant data is separated by a column in each table (like tenant_id). This is the cheapest to run and the simplest to deploy.
Good for: Most SaaS products, especially early-stage. If your tenants are small businesses with similar needs, this is usually the right starting point.
Watch out for: A bug that forgets to filter by tenant_id can leak data between customers. You need disciplined code and good testing.
2. Shared application, separate databases (bridge)
All tenants use the same application code, but each tenant gets their own database. This gives you stronger data isolation without the cost of separate deployments. If one tenant's data gets corrupted, the others are unaffected.
Good for: Products where data isolation matters (healthcare, finance, legal) or where tenants might need their data exported or deleted cleanly.
Watch out for: Database management gets more complex as you scale. Migrations need to run across every tenant database.
This is the approach we used for Smart Scheduler — each business gets its own SQLite database, so their appointment data is completely isolated, but the application code is shared.
3. Fully isolated (siloed)
Each tenant gets their own application instance and database. Maximum isolation, maximum cost. This is what enterprise customers sometimes demand, and it's what you see in products that charge $10K+/month per customer.
Good for: Enterprise SaaS with strict compliance requirements, or when tenants have wildly different performance needs.
Watch out for: Operational complexity scales linearly with customer count. 100 customers means 100 deployments to update.
How to choose
For most small-business SaaS products, start with approach 1 (shared everything) or approach 2 (shared app, separate databases). Here's a quick decision framework:
- Are you pre-revenue or early-stage? Start with shared everything. You can migrate later if needed.
- Does your product handle sensitive data? Separate databases give you a clean isolation boundary without the cost of full isolation.
- Will tenants have very different usage patterns? If one tenant might generate 100x the traffic of another, you'll want at least separate databases so a heavy user doesn't slow everyone down.
- Are you selling to enterprises with compliance requirements? They'll likely require full isolation, and they'll pay for it.
What this means for your costs
The tenancy model directly affects your infrastructure bill:
- Shared everything: One server, one database. Costs are nearly flat regardless of tenant count. A small SaaS can run on $40–80/month of AWS infrastructure.
- Separate databases: One server, many databases. Slightly more storage cost, but still very manageable. The main cost is operational complexity, not dollars.
- Fully isolated: Costs scale linearly with tenants. Each new customer adds another server and database to your bill. This only makes sense if your pricing supports it.
The middleware pattern
Regardless of which approach you choose, the implementation usually involves middleware — a layer that runs on every request and figures out which tenant is making the request. It might check the subdomain (acme.yourapp.com), a URL path (/book/acme), or a header/cookie. The middleware then scopes all database queries to that tenant.
Getting this middleware right is critical. It's the single point where a mistake can cause data leakage. We test it heavily with property-based testing — throwing thousands of random inputs at it to make sure tenant boundaries hold under every condition.
Can you change later?
Yes, but it gets harder the longer you wait. Moving from shared-everything to separate databases is a significant migration. Moving from separate databases to shared-everything is even harder (and rarely done). The good news: most SaaS products never need to change. Pick the right approach for your first 100 customers and you'll likely be fine for your first 10,000.
The bottom line
Multi-tenancy isn't something your users see, but it's one of the most consequential decisions in your SaaS architecture. Get it right and your product scales smoothly and cheaply. Get it wrong and you're either overpaying for infrastructure or dealing with data isolation headaches.
If you're planning a SaaS product and aren't sure which approach fits, that's exactly the kind of question we help with in our SaaS development service.
Planning a SaaS product?
We'll help you pick the right architecture from day one — so you don't have to rebuild it later. First conversation is free.
Get a Free Consultation