Multi-Tenant Prize-Draw SaaS Platform

Overview

A multi-tenant SaaS platform I lead-architected for a UK marketing agency (under NDA) — a central CMS that programmatically spawns isolated Supabase, GitHub, and Vercel deployments per client campaign, with full rollback, template-sync, and a built-in probability and raffle engine. The platform has been live since late 2025 and currently powers 20+ campaigns for the agency's roster of brand clients.

Before this platform, every new campaign meant a bespoke build — branded micro-site, new database, new deployment, manual configuration. I collapsed that to a form.

Role division: The agency's product team owned campaign concept and brand direction. I was lead architect and primary engineer — designing the multi-tenant data architecture, building the cloud orchestrator, the central CMS, the template repo, the template-sync engine, the probability and raffle logic, and the GDPR-compliance and audit-logging layers. Roughly six months of active development; approximately 92% of the codebase by commit volume.

What I Built

Multi-Tenant Architecture

The platform is split into two distinct tiers by design:

• Central database stores users, clients, projects, prize metadata, and audit logs — the operational truth across all campaigns.
• Per-project Supabase instances store participation entries and winner records — isolated per tenant, with their own resource limits and security boundary per campaign.
• Unified API surface lets every campaign sub-frontend talk to the central system through a stable contract, regardless of which campaign it belongs to.

This split is what makes 20+ campaigns coexist without stepping on each other.

Cloud Orchestrator (with Rollback)

When a campaign manager creates a new project in the CMS, the orchestrator coordinates a transactional flow across three cloud providers: Supabase (new project, schema initialised), GitHub (repo forked from template, per-campaign customisations applied), and Vercel (new project provisioned, environment variables set, GitHub repo attached, first deployment triggered, custom domains added). If any step fails, the orchestrator rolls back every resource it has already created — no orphaned databases, no abandoned repos, no half-deployed projects. Every action is audit-logged with structured deployment logs for ops review.

Template Synchronisation

A naive multi-tenant build that forks a template per campaign creates a maintenance bomb: every bug fix has to be re-applied to N already-deployed forks. I engineered a template-sync engine that pushes selective updates from the template repo into already-deployed campaign repos — improvements travel out, per-campaign customisations are preserved.

Campaign Logic & Compliance

• Probability and raffle engine. Three instant-win modes (preset winning moments, probability-based draws, guaranteed/consolation prizes) and a draw engine for end-of-campaign raffles, with backup-winner support and re-draw capability.
• Prize allocation and stock alerts. Prize pools with daily caps, stock thresholds, single-user limits, and stock-running-low alerts.
• Coupon code distribution. Bulk generation, distribution, and expiration tracking.
• Three-tier role system. super_admin (full infrastructure access), campaign_manager (per-project scope), read_only (statistics only, no PII).
• GDPR compliance. Consent tracking, data retention policies, scheduled deletion, and full audit log on all mutations.
• Anti-fraud. reCAPTCHA verification, honeypot fields, and rate limiting at the API edge.

Why It Matters

Most agencies running 20+ campaigns a year build them as 20+ bespoke micro-sites — and pay for that choice in maintenance overhead, deployment friction, and engineering time-to-market on every new activation. The platform collapses that overhead: campaign managers self-serve new deployments, the orchestrator handles the infrastructure, the template-sync engine keeps the fleet healthy, and the central system handles all cross-campaign business logic and compliance. It's the kind of internal infrastructure investment that quietly turns a custom-build agency into a productised one.