Tenants as first-class citizens
SIVO is multi-tenant by design from the very first table. Each tenant has:
- Its own SIP domain (
acme.sip.sivocenter.com) — separate extensions, registrations and trunks. - Dedicated dashboard subdomain (
acme.app.sivocenter.com) — login, branding and URLs. - Row-Level Security in PostgreSQL across 23+ tables — the engine enforces filtering, not the app.
- JWT with
tenantSlug+sipDomain— every request carries its context, unforgeable. - AES-256-GCM keys per tenant — SIP passwords and provider secrets encrypted in DB.
Operational isolation
Beyond DB, isolation reaches the voice plane: separate SIP profiles, per-tenant trunk ACL, independent rate limits, independent recording policy, independent transcription retention. A tenant filling up their recording bucket does not affect the rest.
Cross-tenant superadmin
The superadmin role (SIVO cloud ops) can view and manage all tenants via the
X-Tenant-Id header, but is audited in audit_logs
(table partitioned monthly). Every cross-tenant action is traceable: who,
which tenant, which endpoint, which request.
Branding per tenant
- Logo in sidebar and transactional emails.
- Default language (6 languages: es/en/de/fr/it/pt).
- Customizable IVR greeting.
- Per-tenant feature flags — AI agents, transcription, Salesforce, etc. enabled on demand.
Typical use cases
- Agencies / BPOs operating multiple brands or campaigns — each with its own DID, queue and SLA.
- Holdings with subsidiaries that share infrastructure but not data.
- Partners reselling SIVO white-label to their own customers.
Migration between tiers
If a customer grows and needs a dedicated instance (Enterprise), SIVO migrates their data, recordings and config to a separate cluster with no service interruption. Their number, IVR and agents keep working through the cutover window.