Skip to main content
HomecareHQ is a multi-tenant platform. Two ideas govern every request: who you are (authentication) and which organization you’re acting in (tenancy).

Authentication

Users authenticate with email and password, which establishes a session. Application requests carry that session; HomecareHQ resolves it to a verified user before doing any work. Requests that aren’t authenticated are rejected before any data is touched.
Programmatic API credentials (for server-to-server integrations) are part of the upcoming public API. Today, access is through an authenticated user session.

Tenancy & isolation

A user belongs to one or more organizations through a membership. Every request acts within exactly one organization, and all data access is constrained to that organization by row-level security in the database.
The organization a request acts in is derived from the verified identity, never from a value supplied in the request body. This is what keeps one tenant from reading another’s data.

Authorization

Within an organization, what a user can do is governed by permissions tied to their role (owner, admin, manager, member, caregiver). Permissions are checked server-side on every sensitive operation. Examples of the permission families HomecareHQ uses:
Permission familyGoverns
source_document:*Uploading and reviewing source documents
connected_data:readReading connected-system data in chat and dashboards
organization:* / membership:*Managing the organization and its team
registry_check:*Running and reading registry checks
Permissions are enforced by the server regardless of what a client requests — prompts and client-side checks are never the security boundary.