Per-user isolation
Each customer gets their own dedicated server — never shared with another user.
What this is
Beach gives every customer their own server. Your agent, your data, and your secrets never share resources with anyone else's. This is different from most SaaS products, where many users live inside the same application and database.
One server per customer
When you sign up, Beach provisions a server that exists only for your account. Your conversations, memory, skills, and stored keys all live there — and only there. No other customer's data ever touches your server, and your data never touches anyone else's.
There's no shared application, no shared database, no shared agent process. If another customer's server were to crash, misbehave, or be compromised, it has no path to reach yours.
Permission scoping
The isolation goes deeper than "separate servers." Even at the cloud-provider level, your server is given permissions scoped only to your own secrets.
If another customer's server somehow tried to read your keys or tokens, the cloud provider would refuse — the permissions are bound to your specific account, not to Beach as a whole. This is enforced by the cloud provider itself, not by application code that could have a bug.
Why this matters
Most SaaS products are multi-tenant: thousands of customers share the same application servers and database, with logical fences keeping their data apart. Those fences work most of the time, but a single bug can blur the line between accounts.
Beach doesn't have those fences because it doesn't need them. There's nothing to share — your agent runs on hardware dedicated to you, with permissions scoped to you, period.