A secure, human-in-the-loop system for managing client information with AI-powered ingestion and self-service portals.
Client data comes from everywhere â forms, emails, documents, phone calls, CRM systems. It's scattered, often outdated, and there's no single source of truth. Staff waste hours chasing confirmations and manually updating records.
Web forms clients fill out directly
Xero, Salesforce via webhooks
PDFs, payslips, meeting notes
Manual entry from calls/meetings
Structured data maps directly to fields. Validated against schema rules.
Unstructured documents (PDFs, notes) are processed by AI to extract facts.
AI extractions are flagged for review
Nothing from AI goes directly into the database. Staff always verify first.
John Henderson
Salary: $85,000 â $92,000
Mike Thompson AI Extracted
Income: $120,000, Dependents: 3
Full Audit Trail
Every change tracked with who, what, when
Encrypted & Secure
PII encrypted at rest and in transit
Clients can review, confirm, and propose changes to their own data
$85,000
$92,000
"Got a raise in January"
â Goes to Pending Queue for staff approval
Ask questions about your client data in natural language
"What's John Henderson's current salary?"
"Which clients have income over $100k?"
"Who hasn't confirmed their details in 6 months?"
Instant Answers
"John Henderson's salary is currently $85,000. There's a pending update to $92,000 awaiting approval (submitted 2 hours ago)."
TLS 1.3 encryption
Clients see only their data
Every access tracked
Secure authentication
EXTERNAL
API
Validate & Extract
PENDING
Human Review
DATABASE
Source of Truth
OUTPUT
Production-ready, secure, and scalable
React / Next.js
Staff dashboard & client portal
Tailwind CSS
Styling & components
shadcn/ui
Pre-built UI components
FastAPI
High-performance Python API
PostgreSQL
Database + row-level security
Redis
Caching & rate limiting
Ollama / OpenAI
Document extraction & queries
Auth0 / Clerk
Authentication & MFA
HashiCorp Vault
Secrets management
Clients can only access their own data at the database level
Encrypt PII fields at rest (name, email, salary)
Flexible schema for varying client data structures
Triggers log every change with timestamp and user
Handle thousands of concurrent connections
OpenAPI/Swagger documentation out of the box
Type-safe request/response validation
Clean auth middleware and DB session management
Run on your own hardware for full control and data sovereignty
âĸ Docker Compose setup
âĸ Cloudflare Tunnel for access
âĸ Local backups
Deploy to DigitalOcean, Hetzner, or AWS for reliability
âĸ Single VM or Kubernetes
âĸ Managed PostgreSQL option
âĸ Auto-scaling available
Use managed services for minimal ops overhead
âĸ Vercel (Frontend)
âĸ Railway / Render (API)
âĸ Supabase (Database)
# Ingestion (creates pending changes)
POST /api/ingest/form # Customer form submission
POST /api/ingest/webhook # External app webhooks
POST /api/ingest/document # Document upload (AI extract)
# Approval (staff only)
GET /api/pending # List pending changes
POST /api/pending/{id}/approve
POST /api/pending/{id}/reject
# Query (read approved data)
GET /api/clients # List clients
GET /api/clients/{id} # Get client facts
POST /api/query # Natural language query
# Client Portal
GET /api/portal/me # Get own data
POST /api/portal/confirm # Confirm data is correct
POST /api/portal/propose # Propose a changeExtract structured data from unstructured documents (PDFs, meeting notes, payslips)
Ask questions about client data in plain English
Privacy-first: Use local Ollama models (Llama, Mistral) - data never leaves your server
Best accuracy: Use GPT-4o or Claude for complex document extraction
Hybrid: Local for queries, cloud for document extraction only
Cost control: Set spending limits and fallback to local models
HTTPS Only
TLS 1.3
HSTS
Force HTTPS
Rate Limiting
100 req/min
WAF / DDoS
Cloudflare
Staff Login
Client Portal
đ¤ Client
đ Staff
âī¸ Admin
At Rest
In Transit
Access Logs
Who viewed what, when
Change History
Every modification tracked
Failed Logins
Alert on 3+ failures
Data Exports
Logged & approved
Session Token Structure (JWT)
{
"jti": "unique-session-id", // For revocation
"sub": "client:123", // User identity
"iat": 1706745600, // Issued at
"exp": 1706747400, // Expires (30 min)
"scope": ["read:own", "propose"], // Permissions
"ip": "203.118.x.x" // IP binding (optional)
}Privacy Act NZ
Compliant data handling
Right to Access
Client portal provides this
Data Retention
Configurable auto-delete
# Clone and run with Docker
git clone
https://github.com/yourorg/roost-client-data
cd
roost-client-data
cp
.env.example .env
docker-compose up
-d
# â API at localhost:8000
# â Dashboard at localhost:3000