Totolaw Logo

Multi-Tenant Security

Understanding how Totolaw keeps your organisation's data secure and isolated

All DocsHome

What is Multi-Tenancy?

Multi-tenancy means multiple organisations (called "tenants") use the same Totolaw platform, but each organisation's data is completely separate and secure. Think of it like an apartment building: everyone shares the same building (platform), but each apartment (organisation) is private and locked.

Real-World Example:

High Court of Fiji

  • • Has 50 cases
  • • 15 staff members
  • • 200 documents
  • • Cannot see Magistrates Court data

Magistrates Court

  • • Has 120 cases
  • • 25 staff members
  • • 500 documents
  • • Cannot see High Court data

Both organisations use the same Totolaw platform, but they cannot access each other's data. Each organisation is completely isolated.

How Data Isolation Works

Automatic Organisation Filtering
Every query is automatically scoped to your current organisation

When you view cases, hearings, documents, or any data in Totolaw, the system automatically filters to show only data from your current organisation. You never accidentally see another organisation's information.

Example: Viewing Cases

1You navigate to the Cases page
2System checks: Which organisation are you viewing?
3System filters data to show only your organisation's records
Result: You only see YOUR organisation's cases
Organisation Context
The system always knows which organisation you're working in

When you log in, the system establishes your "organisation context" - which organisation you're currently working in. This context is used for every action you take.

Single Organisation User

  • • Automatically set to your organisation
  • • No switching needed
  • • Simple and straightforward

Multiple Organisation User

  • • Use organisation switcher in navigation
  • • Context changes when you switch
  • • All data updates to new organisation
System-Level Security
Multiple layers of protection built into the platform

Data Linking

Every record is securely linked to an organisation. You cannot create data without an organisation.

Optimized Performance

Fast, secure filtering ensures you only see your organisation's data.

Automatic Cleanup

If an organisation is removed, all its data is automatically cleaned up securely.

Strict Isolation

The system prevents access to data across organisations (except for Super Admins).

What Data is Protected

Cases

All case records, details, status, parties, and case history are isolated per organisation.

Hearings

Scheduled hearings, courtrooms, cause lists, and hearing outcomes are organisation-specific.

Documents

All uploaded documents, evidence files, and attachments are isolated and encrypted.

Users

User roles, permissions, and access are scoped to each organisation separately.

Audit Logs

All activity logs, changes, and audit trails are kept separate per organisation.

Evidence

Evidence items, transcripts, and recordings are securely isolated per organisation.

Additional Security Features

Access Control

Authentication Required

Must be logged in to access any organisation data

Organisation Membership

Must be a member of an organisation to view its data

Role-Based Permissions

Actions are further restricted by your role within the organisation

Data Encryption

Secure Transmission

All data traveling between you and our servers is encrypted

Protected Storage

Sensitive data is encrypted when stored on our servers

Secure File Storage

Uploaded documents are encrypted and stored securely

Audit Trail

Activity Logging

All actions are logged with user, timestamp, and organisation

Change Tracking

Before and after states are recorded for important changes

Compliance Support

Audit logs support compliance and security reviews

Common Questions

Can users from one organisation access another organisation's data?
No. Unless you are a member of both organisations, you cannot access data from an organisation you don't belong to. Even if you belong to multiple organisations, you can only view one organisation's data at a time (the one you're currently switched to).
What if I accidentally try to access another organisation's data?
The system will automatically block the request. You'll either see an "Access Denied" message or simply won't see any data. The security is built into every part of the system, so it's impossible to bypass.
Can Super Admins see all organisation data?
Yes. Super Administrators have platform-wide access and can view and manage data across all organisations. This is necessary for system administration, but Super Admin access is tightly controlled and logged.
What happens if someone shares a direct link to a case from another organisation?
Even with a direct URL, you won't be able to access the case if you're not a member of that organisation. The system checks your organisation membership before showing any data, regardless of how you arrived at the page.
How do I know which organisation I'm currently viewing?
The current organisation name is displayed in the top navigation bar. If you belong to multiple organisations, you'll see an organisation switcher that shows your current organisation and allows you to switch between them.
Is my data backed up separately from other organisations?
All data is backed up together at the platform level, but the organisation-level isolation is preserved in backups. If a restore is needed, your organisation's data integrity and isolation are maintained.

Security Best Practices

Do This
  • Always check which organisation you're in before creating data
  • Use the organisation switcher when you need to change context
  • Log out when finished, especially on shared computers
  • Report any suspicious access or security concerns immediately
  • Verify you're in the right organisation before uploading sensitive documents
Don't Do This
  • Share login credentials with anyone
  • Try to access data you're not authorized to view
  • Stay logged in on public or shared computers
  • Assume you're in the right organisation without checking
  • Share direct links to sensitive data outside your organisation
Security Summary

Totolaw's multi-tenant security ensures:

Complete Data Isolation - Your data is never mixed with other organisations
Automatic Protection - Security is built into every part of the system
Multiple Security Layers - Authentication, authorization, and data filtering
Full Audit Trail - All access and changes are logged

You can confidently use Totolaw knowing that your organisation's data is secure, private, and protected from unauthorized access.

Related Topics

RBAC
Learn about roles and permissions
Passwordless Login
How magic link authentication works
Getting Started
New to Totolaw? Start here

Your Data is Secure

Start using Totolaw with confidence, knowing your organisation's data is protected.

Sign In Securely