Tenant isolation
The product model is multi-tenant from the start. Tenant-aware routing and backend enforcement are used so data access is scoped to the current tenant context rather than trusting client input alone.
Security overview
Tenant isolation, least privilege, and operational email governance.
TestOrchestrator is designed for organizations that need to separate workspaces, limit access by role and project context, and keep account-related email constrained to explicit user actions.
Role-based access control
Access is layered across workspace access level, global role, project membership, and optional project-level role overrides. This keeps broad admin powers separate from day-to-day project permissions.
Authentication controls
Workspace administrators can manage password policy and authentication settings. Verification and email-change flows are built into the account model, and external identity integration is part of the overall design direction.
Transactional email scope
Account email is limited to signup verification, invitations, onboarding-related notices, email-change verification, and account security alerts. The platform is not positioned as a bulk marketing sender.
Sending controls
- Recipients come from direct signup or named workspace invitations.
- Production sending is intended to use a verified domain and DKIM signing.
- Bounce and complaint monitoring should be enabled before sustained production sending.
- Request access is handled outside the tenant product backend to avoid accidental mail expansion.