> ## Documentation Index
> Fetch the complete documentation index at: https://docs.paygentic.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Organizations

> Resource ownership and access control

Organizations are the foundation of Paygentic's resource model. Everything in the system - products, metrics, plans, accounts - belongs to an organization.

## Two types of organizations

### Merchants

Sell services through Paygentic. They create products, define pricing, manage customer relationships, and receive payments.

### Consumers

Buy services from merchants. They hold accounts for payments and subscriptions to merchant offerings.

The same entity can be both - selling their own services while purchasing from others.

## Managed customers

Merchants often handle billing without requiring customers to interact with Paygentic directly. This is done through managed consumer organizations.

When you create a customer through the API, Paygentic automatically:

1. Creates a consumer organization
2. Links it to your merchant organization
3. Isolates their account funds to your relationship
4. Provides limited portal access for viewing usage

The customer never needs a Paygentic login. You maintain full control while they get transparency.

## Users vs. organizations

Organizations own. Users do.

Users are individuals who perform actions - creating products, viewing analytics, managing billing. Each user belongs to one or more organizations and inherits specific permissions within each.

## Permission boundaries

Every action requires two validations:

1. Does the user belong to the organization?
2. Does the user have permission for this action?

This dual-check prevents both unauthorized access and accidental modifications.

## Platform operations

A special platform organization exists for system-level operations. This handles:

* Cross-merchant settlements
* Platform fee collection
* System maintenance tasks
* Compliance operations

Regular organizations never interact with platform operations directly - it works transparently in the background.

## Identity federation

Organizations can connect external identity providers. This enables:

* Single sign-on for team members
* Automated provisioning/deprovisioning
* Centralized permission management
* Audit trail compliance

## Data isolation

Each organization's data is cryptographically isolated. Even within shared infrastructure:

* Queries are scoped to organization context
* Cross-organization access is impossible
* Backups maintain isolation boundaries
* Deletion is complete and irreversible

## Next steps

* [Accounts](/platform/payments/accounts) - Manage payment instruments
* [Products](/platform/pricing/products) - Create your offerings
* [Customer Lifecycle](/platform/billing/customer-lifecycle) - Onboard customers
