One organization can never see another's documents.
Every table carries an organization ID, and Postgres Row-Level Security policies enforce that a query can only return rows belonging to the requesting user's organization — at the database layer. An application bug can't leak across tenants, because the database itself won't return the rows.
The data-layer guarantees.
Row-Level Security on every multi-tenant table
Organizations, users, files, document chunks and audit logs all carry an organization ID, and Postgres RLS policies restrict every query to the caller's own organization — at the database, not the application.
Five enforced roles
super_admin, org_admin, group_admin, member, viewer. These aren't just UI labels — the same RLS policies that enforce org isolation also gate what each role can read and write.
Tamper-resistant audit log table
The audit_logs table has a database trigger that blocks UPDATE and DELETE outright, so a written entry can't be quietly edited or removed after the fact.
Per-organization credential storage
Where credentials need to be stored — like a future bring-your-own-LLM endpoint and API key — the design scopes them per organization, not in a shared pool.
Said plainly, for your security review.
QueryLlama has not yet had a third-party security audit, and several capabilities described on this site are still in development (see below). If you're evaluating QueryLlama for a regulated environment, talk to us directly about your specific requirements and timeline.
What's running today, and what's next.
QueryLlama is pre-launch. Rather than blur the line, every capability on this site is labeled by build status — so a design partner or security reviewer knows exactly what they're evaluating today.
Multi-tenant isolation (Postgres RLS)
Every table scoped by organization; enforced at the database layer.
Document ingestion: chunking + embeddings
Upload to R2, chunk on a sliding window, embed via Cloudflare Workers AI, store in pgvector.
Keyword search (Postgres full-text)
Full-text search over indexed document chunks.
Semantic + hybrid search (RRF)
Vector similarity search and a reciprocal-rank-fusion blend of keyword and semantic results.
RAG question-answering with citations
Ask a question, get an answer grounded in retrieved chunks with a link back to source.
Bring-your-own-LLM (enterprise)
Point the answering step at your own OpenAI-compatible endpoint.
Audit-log event writes
The append-only table exists; wiring every action through to it is in progress.
Group-level permissions & tier billing
Finer-grained access rules within an org, and metered plan enforcement.
Read the full technical reference.
Data model, RLS policy structure, and the architecture behind every claim on this page.