Overview
TrackProject is a multi-tenant SaaS platform. The browser and mobile clients talk to a serverless edge runtime, which talks to a managed Postgres database (with Row Level Security), encrypted object storage and the AI gateway. All Customer data lives in the UK / EU region by default.
Client tier
React-based web client and mobile apps. No Customer data is persisted client-side beyond short-lived caches and user preferences. All requests carry a per-session JWT bound to the User.
Data flow
Every arrow crosses a trust boundary that is authenticated, authorised, encrypted in transit and audited.
Edge runtime
Server functions and public API endpoints run on a hardened serverless runtime at the edge. The runtime validates JWTs, enforces rate limits, runs middleware-level authorization and forwards authenticated requests to the data tier.
Data tier
Managed Postgres with Row Level Security enforced for every Customer-facing table. GRANTs are explicit per role. Backups are continuous with point-in-time recovery. Encrypted object storage holds drawings, BIM models and uploads with per-workspace prefixes.
AI tier
The AI gateway routes prompts to vetted foundation-model providers under contracts that prohibit training on Customer data. Retrieval is bound by the calling User's RLS scope. Tool calls and responses are logged to the workspace audit log.
Integration tier
Outbound integrations run from the edge runtime under workspace-scoped credentials. Inbound webhooks are authenticated via signature verification and bound to the originating workspace.
Observability
Structured logs, distributed traces and metrics are aggregated in our monitoring stack. Personal data is scrubbed from logs at source. Alerts page on-call engineers with documented runbooks.
Trust boundaries
Every arrow in the data-flow diagram crosses a trust boundary that is authenticated, authorised, encrypted in transit and audited.