Workspaces & Organizations

Multi-tenant isolation and workspace scoping.

All data in PeerLM is scoped to a workspace. Workspaces provide complete tenant isolation — library items, suites, runs, and billing are all separate per workspace.

Default Workspace

Every account gets a Default Workspace on sign-up. The workspace name appears in the sidebar footer and is used as the URL prefix for all workspace pages.

Organization & Workspace Relationship

Each workspace belongs to an organization (managed by Better Auth). Team members are invited to the organization and gain access to all its workspaces. The organization name and IDs are visible in Settings > Team.

Data Isolation

Every database query validates workspace ownership from your authenticated session. You can never access data from another workspace, even if you know its IDs.