PAR Technology, which supports over 300 restaurant businesses on its platform, built a production-ready multi-tenant LLM analytics system that enforces row-level security through three independent architectural layers (AWS Machine Learning Blog). The system enables business users to ask questions in plain English and receive data-backed answers while ensuring that each user—whether a franchise owner with access to two locations or a brand manager overseeing 200 locations—receives only the rows they are authorized to see (AWS Machine Learning Blog).
The three security layers operate independently at different points in the request pipeline: Layer 1 uses AWS Signature Version 4 (SigV4) for cryptographic request signing at the API entry point; Layer 2 applies semantic validation on Amazon Bedrock to verify intent before data access; and Layer 3 enforces programmatic data isolation via Split-Plane SQL at the database layer (AWS Machine Learning Blog). This architecture was necessary because LLMs are non-deterministic; a model that correctly applies filters thousands of times may silently omit them on the next query, making them insufficient as sole security enforcers in multi-tenant systems handling sensitive business data (AWS Machine Learning Blog).
For commerce platforms managing multiple merchants, brands, or customer segments, this pattern demonstrates why data isolation must be enforced at the architecture level rather than delegated to the LLM. PAR's approach—combining identity verification, intent validation, and deterministic SQL generation controls—provides a replicable model for any multi-tenant AI analytics system where cross-tenant data exposure poses compliance or competitive risk.