For holding companies, banking groups & multi-entity enterprises

One umbrella. Every entity still sovereign.

Enterprise Groups give a group CISO or group DPO a single console over every member tenant's compliance posture — without merging a single consent record, audit trail, or encryption key between them.

Who this is for

Built for organisations that already run more than one tenant

A holding company. A bank with subsidiaries. A hospital chain. Any structure where one legal or operational parent needs consolidated privacy oversight across entities that must otherwise stay separate.

Holding companies

Consolidated compliance visibility across every operating subsidiary, without forcing them onto a shared tenant.

Banking & financial groups

A group CISO or DPO sees posture across retail, insurance and other regulated arms — each still governed independently.

Hospital & healthcare chains

Group-level oversight of consent, rights requests and breach status across every facility, each with its own sensitive-data boundary.
The core guarantee

Group oversight — without a shared blast radius

Four isolation layers stay intact

JWT scope, Prisma middleware, PostgreSQL Row-Level Security and Redis DB segregation — the same guarantees every tenant already has — are untouched by group membership.

+

The group layer sits above, not across

Enrolling a tenant into a group is a thin, one-way pointer. It never merges, copies or cross-links a member's consent ledger, audit trail or encryption keys with any other member.

= Consolidated oversight — with every member's data exactly as isolated as before
What rolls up

One dashboard, six views across every member tenant

Dashboard & Analytics

Aggregate compliance posture across every member tenant, in one view.

RoPA — Activities Register

A combined processing-activity view across members, without merging the underlying records.

Data Principal Rights

Rights requests across the group, grouped by the member tenant that owns each one.

Breach status

Incident status across the group, so a group CISO isn't chasing five separate consoles during an incident.

Notices

Notice publication status per member, at a glance.

Data processors

Shared or per-member processor relationships, visible at the group level.
Cross-entity federation

A pointer, never a merge

Sometimes the same person has a relationship with more than one member — a customer of both a bank's retail arm and its insurance subsidiary. Enterprise Groups has one deliberate way to handle that, and it's opt-in every time.

Explicit, staff-initiated only

An authorised group user links that person's records across the two tenants by hand. Nothing federates automatically.

Members keep the final say

A member tenant can dispute or unlink a federation it doesn't recognise — sovereignty over its own data principals is never overridden.
Group-level roles

A distinct role set for people who work across the group, not inside one tenant

group_admin

Full group administration

Enroll or remove member tenants, manage group-portal users.
group_ciso

Security oversight

Read access across the group's security posture.
group_dto

Data trust oversight

Read access across the group's data-trust posture.
group_privacy_head

Privacy oversight

Read access across the group, plus federation-link management.
group_auditor

Independent audit

Read-only access across every member tenant, for an independent audit.
Who sets this up

Provisioned by the platform operator, not self-service

Creating a group, enrolling or removing member tenants, and granting group-portal access are platform-operator actions — not something a tenant admin configures inside their own tenant. Talk to us to bring your entities under one group.

Bring your entities under one view — without merging a single record

Enterprise Groups is provisioned by our team. Tell us how your entities are structured and we'll set up the group and its member tenants with you.