Architecture overview

High-level view of how the application is built, where data flows, and how it is deployed. No proprietary or unverifiable claims.

Last updated: March 2025

Application stack

  • Frontend and API: Next.js 14 (React), TypeScript. Server and API routes run on Node.js. Static and server-rendered pages; API routes under /api.
  • Database and auth: Supabase (PostgreSQL + Supabase Auth). Application data and auth/sessions live in the same Supabase project. Row Level Security (RLS) is enabled on application tables; policies enforce per-user and per-workspace access.
  • Payments: Stripe for subscriptions and billing portal. Customer and subscription state are stored in the app database; payment details stay in Stripe. Used when Stripe is configured (see Subprocessors).
  • Optional: Sentry for error/performance monitoring when NEXT_PUBLIC_SENTRY_DSN is set.

Request flow

Browser or client sends requests to the Next.js server. Middleware enforces auth for protected routes and applies rate limiting. API routes use Supabase with the user's session (cookies) so RLS applies; service role is used only for specific backend operations (e.g. GDPR delete, audit export with compliance key, report generation worker). No tenant data is served without passing through RLS for that user or workspace.

Data and isolation

All application tables that hold user or workspace data have RLS policies. Users see only rows where user_id = auth.uid() or where they are members of the workspace with the required role. Workspace membership and roles (owner, admin, editor, viewer) gate create/edit/delete and billing. There is no shared in-memory state between requests; horizontal scaling is supported (see On-prem deployment and scaling docs).

Deployment

The app can be run on any Node.js host (e.g. Vercel, Docker, on-prem). Environment variables configure Supabase URL/keys, optional Stripe and Sentry. Database migrations are applied separately (Supabase SQL editor or migration runner). Backups and restore are described in Data handling and in the backup/restore documentation.

Related