Version: 2.0 | Status: Business Review | Date: 2026-01-15
Previous Version: 1.0 (Technical Draft) | Author: Product Team
Change Log
| Version | Date | Changes |
|---|
| 2.0 | 2026-01-15 | Converted to business-focused format; added measurable outcomes and success metrics |
| 1.0 | 2026-01-09 | Initial technical draft |
1. Executive Summary
1.1 Purpose
Enable Toprent.app to serve multiple vehicle rental companies within a single platform while maintaining complete data isolation. Each rental company operates independently with their own customers, vehicles, orders, and business settings.
1.2 Business Value
| Value Area | Measurable Outcome | Timeframe |
|---|
| Infrastructure Savings | Reduce hosting costs by 60-70% compared to single-tenant deployments | Within 12 months |
| Faster Onboarding | Provision new rental companies in <24 hours vs. 2-4 weeks for dedicated systems | Immediate |
| Data Security | Zero cross-tenant data breaches or compliance incidents | Ongoing |
| Market Expansion | Enable 50+ new tenant acquisitions annually without infrastructure scaling delays | Within 12 months |
| Revenue Growth | Unlock marketplace revenue stream (5-10% transaction fees on cross-tenant rentals) | Within 18 months |
1.3 Target Users
| User Type | Business Context |
|---|
| Company Owners | Manage rental business operations, branding, and policies |
| Rental Staff | Handle reservations, customer service, and daily operations |
| Delivery Personnel | Perform vehicle handoffs and pickups |
| Partner Companies | Share vehicle fleets through marketplace |
| Platform Operations | Manage tenant provisioning and platform health |
1.4 Scope
Included:
- Complete data isolation between rental companies
- Company-specific branding, pricing, and policies
- Cross-company user access (consultants, multi-location operators)
- Independent payment processing per company
- Optional marketplace for fleet sharing between partners
- Per-company subscription plans and usage tracking
Excluded:
- Self-service tenant provisioning (manual process)
- Data migration/export tools (future consideration)
2. Success Metrics
| Metric | Definition | Baseline | Target | Measurement Method |
|---|
| Infrastructure Cost per Tenant | Monthly hosting cost ÷ active tenants | N/A (new) | <$50/tenant/month at 100+ tenants | Cloud billing reports |
| Tenant Onboarding Time | Hours from contract to operational system | 80-160 hours (est.) | <24 hours | Provisioning timestamps |
| Data Isolation Compliance | Cross-tenant data access incidents | 0 | 0 (maintain) | Security audit logs, penetration tests |
| Tenant Activation Rate | % of provisioned tenants actively using system within 7 days | N/A (new) | >90% | Login analytics |
| Marketplace Participation | % of tenants enabling marketplace features | N/A (new) | 30% within 12 months | Feature flag analytics |
| Cross-Tenant Revenue | Monthly GMV from marketplace transactions | $0 | $50K/month within 18 months | Payment processor reports |
| Tenant Retention | % of tenants renewing annually | N/A (new) | >85% | Subscription records |
| Support Ticket Volume | Tenant isolation-related support tickets | N/A (new) | <5/month | Help desk categorization |
3. User Stories
Company Owners (P0 - Critical)
| ID | Story | Acceptance Criteria |
|---|
| US-01 | As a company owner, I want my company data completely isolated from competitors so customer privacy is protected | Given I’m logged in, when I access any data, then only my company’s records are visible; attempting to access another company’s data returns “not found” |
| US-02 | As a company owner, I want my branding on all customer materials so my brand identity is consistent | Given I’ve configured my logo and colors, when documents/emails are generated, then 100% display my branding with zero defaults |
| US-03 | As a company owner, I want my own pricing rules so I can run my business independently | Given I’ve configured pricing, when quotes are generated, then my rules are applied with zero influence from other companies |
Company Owners (P1 - Important)
| ID | Story | Acceptance Criteria |
|---|
| US-04 | As a company owner, I want my own payment processor so funds flow to my account | Given I’ve connected Stripe, when customers pay, then 100% of funds route to my account |
| US-05 | As a company owner, I want customizable legal documents so I comply with local regulations | Given I’ve configured templates, when agreements are generated, then they use my templates with my legal language |
Company Owners (P2 - Nice to Have)
| ID | Story | Acceptance Criteria |
|---|
| US-06 | As a company owner, I want to optionally rent partner vehicles so I can serve customers when my fleet is unavailable | Given marketplace is enabled, when staff searches vehicles, then partner inventory appears with clear partner branding |
Rental Staff (P0 - Critical)
| ID | Story | Acceptance Criteria |
|---|
| US-07 | As rental staff, I want to see only my company’s data so I work efficiently without confusion | Given I’m logged in, when I view vehicles/orders/customers, then only my company’s records appear |
| US-08 | As rental staff, I want automatic pricing on reservations so quotes are consistent | Given I create a reservation, when pricing calculates, then my company’s rules apply automatically |
Rental Staff (P1 - Important)
| ID | Story | Acceptance Criteria |
|---|
| US-09 | As rental staff, I want customers scoped to my company so I never access wrong data | Given I search customers, when results appear, then only my company’s customers are shown |
Delivery Personnel (P0 - Critical)
| ID | Story | Acceptance Criteria |
|---|
| US-10 | As delivery personnel, I want to see only my company’s tasks so I focus on my work | Given I’m logged in to mobile app, when I view tasks, then only my company’s deliveries/pickups appear |
| ID | Story | Acceptance Criteria |
|---|
| US-11 | As platform operations, I want automatic data isolation so no bugs cause data leakage | Given any user query, when executed, then tenant filtering is enforced at infrastructure level |
| US-12 | As platform operations, I want fast tenant provisioning so new companies start quickly | Given a new contract, when provisioning runs, then tenant is operational within 24 hours |
4. Functional Requirements
| ID | Requirement | Priority | Business Rationale |
|---|
| FR-01 | All company-specific data must be isolated at infrastructure level | P0 | Prevents data breaches, ensures compliance |
| FR-02 | Users can access multiple companies with different roles per company | P0 | Supports consultants, franchises, multi-location operators |
| FR-03 | Each company has independent settings (branding, policies, pricing) | P0 | Enables business autonomy |
| FR-04 | Vehicles can be owned or sourced from marketplace partners | P0 | Enables marketplace business model |
| FR-05 | Orders are company-specific with optional partner vehicle references | P0 | Supports cross-company rentals |
| FR-06 | Customer data is fully isolated per company (no sharing) | P0 | GDPR compliance, privacy protection |
| FR-07 | Payment processing routes to company-specific accounts | P0 | Financial isolation, regulatory compliance |
| FR-08 | Each company has independent subscription plan with enforced limits | P0 | Enables tiered pricing model |
| FR-09 | Company-specific integrations operate independently | P1 | Supports diverse third-party requirements |
| FR-10 | Documents and communications use company branding | P1 | Professional customer experience |
| FR-11 | Marketplace features respect company boundaries and opt-in settings | P1 | Controlled partner exposure |
| FR-12 | All operations are logged with company context | P1 | Audit compliance, security monitoring |
| FR-13 | Usage-based billing events are tracked per company | P2 | Enables consumption pricing model |
| FR-14 | Custom domains map uniquely to companies | P2 | Professional web presence |
5. Business Rules
| ID | Rule | Business Rationale |
|---|
| BR-01 | Users can belong to multiple companies with one role per company | Supports consultants, franchises, enterprise groups |
| BR-02 | Company assignment cannot change after record creation | Prevents accidental/malicious data transfer |
| BR-03 | Reference data (vehicle brands, models) is shared platform-wide | Reduces duplication, ensures consistency |
| BR-04 | Companies can customize shared reference data | Enables business-specific naming preferences |
| BR-05 | Partners are linked through explicit business relationships | Controls B2B marketplace access |
| BR-06 | Orders can reference partner vehicles for marketplace rentals | Enables cross-company revenue |
| BR-07 | Customers are never shared across companies | GDPR compliance, competitive protection |
| BR-08 | Financial records are always company-specific | Regulatory compliance, accurate reporting |
| BR-09 | Subscription plans apply to company, not individual users | Aligns billing with business entity |
| BR-10 | Marketplace participation is opt-in per company | Respects business autonomy |
| BR-11 | Account suspension preserves data but blocks access | Supports collections, regulatory holds |
| BR-12 | Account deletion cascades to all related data | GDPR “right to be forgotten” compliance |
6. Acceptance Criteria
AC-01: Data Isolation Verification
Given a user authenticated to Company A
When they query any business data (orders, vehicles, customers)
Then only Company A records are returned
And no information about other companies is accessible or inferrable
AC-02: Cross-Company Access Prevention
Given a user attempts to access a resource belonging to another company
When the request is processed
Then a “not found” response is returned
And no existence information is leaked
AC-03: Company Branding Application
Given a company has configured custom branding
When any customer-facing material is generated
Then 100% of materials display company branding
And zero platform defaults appear
AC-04: Marketplace Visibility Control
Given a company has enabled marketplace
When staff searches available vehicles
Then own vehicles and partner vehicles are visible
And non-partner company vehicles remain hidden
AC-05: Subscription Limit Enforcement
Given a company has specific plan limits
When they attempt to exceed limits
Then the action is blocked
And upgrade messaging is displayed
AC-06: Payment Routing Accuracy
Given a company has connected payment processing
When a customer payment is processed
Then 100% of funds route to that company’s account
And financial records reflect correct company
AC-07: Multi-Language Support
Given different companies operate in different regions
When each company sets their language preference
Then all interfaces, emails, and documents default to that language
And customers can override with their preference
7. Dependencies
7.1 Foundation Status
Multi-tenant architecture is the foundational layer. No upstream dependencies.
7.2 Downstream Dependencies
All platform features depend on this architecture:
- User Management & Authentication
- Vehicle Fleet Management
- Order & Reservation Processing
- Payment & Financial Processing
- Marketplace & Partner Features
- Reporting & Analytics
- Third-Party Integrations
- Public Booking Widgets
8. Glossary
| Term | Business Definition |
|---|
| Tenant/Company | A vehicle rental business using Toprent.app with isolated data |
| Marketplace | Feature enabling companies to rent vehicles from partner companies |
| Partner | Another company with an established business relationship for fleet sharing |
| Plan Limits | Subscription-based restrictions (vehicles, users, reservations) |
| Billable Events | Usage tracked for consumption billing (SMS, emails, storage) |
| Custom Domain | Company’s own web address mapped to their Toprent presence |
| Widget | Embeddable booking form displaying company branding and inventory |
9. Approval
| Role | Name | Date | Status |
|---|
| Product Owner | | | Pending |
| Engineering Lead | | | Pending |
| Business Stakeholder | | | Pending |
10. Unresolved Questions
- Self-service provisioning timeline? Currently manual - when to automate?
- Data export requirements? Legal/compliance need for tenant data portability?
- Marketplace fee structure? Fixed % or tiered by volume?
- Tenant deletion SLA? Time to complete cascade deletion for GDPR requests?
- Multi-region isolation? Separate data centers per geography for sovereignty?