The fastest way to build compliant software , wired together perfectly.

We shipped a small but serious web platform for capturing de identified clinical style data and exporting it for analysis - entirely on a modern serverless stack hosted in Australia.

The key was treating it like an engineering system, not “a form”.

Architecture (simple on purpose):

 

  • Frontend: Next.js app deployed on Vercel

  • Backend: Supabase (Postgres) in an Australian region

  • Security: Row Level Security (RLS) to enforce tenant isolation by default

  • API: Postgres-first operations exposed via Supabase RPCs (create, update, list, export)

  • Auth: passwordless Quick Link Authentication

  • Email: Amazon SES as the SMTP provider

  • Dev + CI: Cursor IDE with Grok Code, GitHub source control, push-to-deploy via Vercel

llm serverless block diagram

What AI actually did (and didn’t do):

AI was best at the boring leverage: shaping the PRD, tightening naming, stress-testing the schema, and proposing clean building block boundaries.
But every security decision, RLS policy, RPC contract, and deployment detail still needed human judgment and careful implementation by the team.

The workflow that made it fast:

We iterated schema + RPCs in Supabase, wired the frontend to those contracts, then shipped small commits to GitHub with automatic production deploys through Vercel. Tight loop, minimal ceremony, reliable outcomes. his is the pattern we keep coming back to: database-enforced security, serverless infrastructure, and AI used as an accelerator, not an autopilot.

Built on Cutting-Edge Technology

FRONTEND

Next.js

Web application layer for the user experience

Grok Code

LLM coding assistant used to draft/reshape PRDs

Vercel (Hosting + Deploy)

Serverless hosting and deployment platform that builds the Next.js app

BACKEND

Supabase

Managed backend providing Postgres, Auth, and API primitives,

Postgres

Source of truth for entities and records; stores structured data for submissions

Amazon SES

Transactional email provider used as SMTP for reliable delivery

Contact Us

More about the tech:

  • Vercel (Hosting + Deploy) – Serverless hosting and deployment platform that builds the Next.js app on every push and publishes production releases automatically.

  • Supabase (Backend Platform) – Managed backend providing Postgres, Auth, and API primitives, reducing ops overhead while keeping a “real database” foundation.

  • Postgres (Database) – Source of truth for entities and records; stores structured data for submissions, users, clinics, audit events, and export-ready views.

  • Row Level Security (RLS) – Database-enforced tenant isolation and access control, ensuring users only see what they’re permitted to see even if the client misbehaves.

  • Supabase RPC Functions (API Surface) – Database-side functions that expose controlled operations (create/update/list/export) as stable, permissioned endpoints.

  • Supabase Studio (DB Ops UI) – Admin console to design/iterate schema, manage policies, test queries/functions, and inspect data during development.

  • Supabase Auth (Authentication) – Identity and session management layer, configured for passwordless Quick Link Authentication.

  • Quick Link Authentication (Passwordless Login) – Email-based sign-in links to remove passwords and reduce support/security burden.

  • Amazon SES (Email Delivery) – Transactional email provider used as SMTP for reliable delivery of authentication links and system notifications.

  • GitHub (Source Control) – Version control system of record for code, reviews, history, and release traceability.

  • GitHub Webhooks (CI Trigger) – Push event trigger that notifies Vercel to build and deploy the latest commit automatically.

  • Environment Variables (Runtime Config) – Secure configuration for service URLs/keys per environment (dev/prod) without hardcoding secrets.