Hi @zachwhitt
You are on the right track, but I would also use an “account” qualifier linked to the user and the company. So create a new table call it Account and for each new account generate an account number or create one manually, add in this account table the company (you can link to your exist company table if you have one) and any other details you need about the account add in the account table. I also would add list of administrators if you have any.
When anyone logs in they must belong to the account and then instead of using company use account in the query.
Use privacy settings but you need to get used to adding “account” to all your data queries.
We have a very large app and lots private data and works very well.
You can keep company as a data qualifier too but you may find this becomes restrictive.
You would also need to link the account table with you user table so create a new field in the user table and add the Account. So when you create the user also add the account number for the company. You may find you need to add account number to other tables by linking to the account table as I described the user table above.