Data Isolation

• All requests require organization context (org_id).
• Network and storage are segmented per organization.
• Access is enforced via RBAC and scoped tokens.
• Logs capture failed access attempts and webhook failures.