Architecture
Three layers
- Frontend (browser) — the whole UI, all calculations (financial health,
FIRE, projections, insights), in-app notifications, end-to-end encryption
of the data, and local mode (
localStorage). Works without a server. - Managed backend — Supabase — database (households, subscriptions), Auth, Row Level Security and Postgres functions (access logic running in the database).
- Custom server code — serverless functions (
/api/*routes in Next.js) needed wherever a secret or a trust boundary is involved — above all payments (webhook, checkout) and sending email / web push.
What needs a server
- Payment webhook — verifies the signature and writes subscription status with the service-role key (which must never reach the browser).
- Creating checkout — calls the provider's API with a secret key.
- Email / web-push notifications — require scheduling and keys.
What a server is NOT needed for
Storing the plan, signing in, financial calculations, insights, in-app notifications and encryption — handled by the frontend + Supabase. The encryption key is derived on the device and never sent to the server.
PWA
The manifest + service worker enable installing on a phone and offline use in local mode. They're also the foundation for future web push.