Organization membership is checked first
Customer routes resolve the signed-in user and an active organization membership before loading workspace data. The active workspace cookie is a preference, not authority. Server-side membership remains the access decision.
Every data path carries the organization boundary
AppsResolve's own public help catalog is separate from customer knowledge and is used only for the AppsResolve website and support widget.
- Database queries include the organization identifier and run inside tenant context.
- Row-level database policies provide an additional boundary for organization data.
- Inbound email validates the private recipient before assigning a message to an organization.
- Widget sessions are signed, short-lived, and scoped to one active organization.
- AI retrieval searches approved knowledge from the ticket's organization only.
Report a suspected issue
Email support@appsresolve.com with the organization, approximate time, route or channel, and a description that avoids unnecessary sensitive data. Do not include passwords, authentication codes, private keys, full access tokens, or payment-card data.
