Yes, we are using postgres and my plan was to use separate schemas, if going the single db route.

The only thing that worried me is that one product might need SOC 2 sooner than another. I thought separate databases would give a smaller compliance surface to worry about. However, this will be my first time going through this process, so I am pretty uninformed here.