Docs
Greenhaus architecture at a glance
This public excerpt provides a non-sensitive look at how we assemble security, data, and workflow components.
Client surfaces
Next.js app router, Expo mobile clients, and kiosk experiences share a design system powered by Tailwind and shadcn/ui.
Edge orchestration
Vercel Edge functions power public surfaces, rate limiting, and hCaptcha verification. Resend handles double opt-in emails.
Core services
Supabase Postgres with row-level security, Prisma service layer, workflow engine, and streaming analytics via Kafka.
Data platform
Snowflake secure share, dbt transformations, Looker and Mode connectors, and ELT jobs with automated lineage tracking.
Glossary
- RLS
- Row-level security. Restricts dataset rows based on policies tied to the authenticated identity.
- Default deny
- Baseline posture where all access is denied until explicitly granted through policy assignments.
- Tenant isolation
- Mechanisms that ensure data from one portfolio cannot be accessed by another, including schema separation and encryption keys.
- Observability fabric
- Streaming event system that powers dashboards, alerts, and compliance evidence packages.