Back to Selected Work
Insivo App campaign detail
47msp95 query
RLStenant isolation
Postgres · RLS · Whisper

Insivo App

A multi-tenant SaaS web app for AI-powered employee interviews. Voice-first. The LLM is the core actor — question generation, live conversation, post-hoc synthesis.

Scroll

The product behind the Insivo SaaS site. Organisations onboard, create research campaigns, and let employees speak to an LLM interviewer. Themes, sentiment and recommendations are synthesised automatically — backed by row-level-security in Postgres, streaming Whisper transcription, and Claude-driven synthesis with structured outputs.

Services

Web AppMulti-tenantVoice AINext.js 14SupabaseCompliance

Year · Role

2026 · Full Stack Developer

Live at

app.insivo.ai →
Insivo App dashboard floating on cream plaster wall with blurred palm-frond shadows

/ Four layers of isolation

Tenant data cannot leave its tenant.

01 JWT Claims Signed per session
02 Middleware Gates Route-level scoping
03 RLS Policies Postgres row-level
04 Materialised Views Tenant-filtered aggregates
Quiet customer-interview room with Scandinavian chair, indigo cushion, whiteboard noting interview goals

01 · Architecture

Tenant isolation enforced at four layers.

A multi-tenant HR platform leaks data if isolation lives only in the UI. So tenant scoping is enforced at four layers: JWT claims, middleware route gates, Postgres RLS policies, and materialised view filters. A missing scope at any one layer fails closed — never falls through.

Every server action runs inside a request-scoped transaction that SET LOCAL app.tenant_id from the JWT before any query. RLS policies read this and filter every row touched. No accidental cross-tenant joins are possible.

4isolation layers
JWT → RLS
"Fails closed, never through."Security principle
Insivo App brand panel — multi-tenant configuration interface

Stack

Compliance enforced at the data layer.

Next.js 14App Router · server actions
Supabase RLSPostgres row-level security
Whisper StreamingVoice transcription
Claude Tool UseStructured outputs only
RealtimeLive tenant subscriptions
Zod + PlaywrightSingle source of truth · Cross-tenant E2E

03 · Engineering Decisions

Trade-offs that paid off.

  • RLS over app-layer scoping

    Putting tenant rules in the database means even an SQL injection or a developer mistake in a server action still can't leak data. Slight performance cost (~3ms per query) traded for a much stronger security posture.

  • Materialised views for dashboards

    Aggregating sentiment and themes across 500+ responses live would be too slow. Refreshed on a 90-second cadence — operators don't need second-level freshness, p95 stays under 200ms.

  • Tool-use for LLM outputs, never free-text

    Claude returns themes through a typed tool call validated by Zod. Free-text-then-parse breaks in production on long or non-English responses. Tool use means the dashboard can render synthesis without prompt-injection risk.

  • Chunked Whisper streaming over batch

    Employees see partial transcripts as they speak. Reduces perceived latency from 30s to under 2s. The full audio is also retained for re-processing during quality reviews.

~3msRLS query cost
Tool-use only
"Free-text breaks in production."Engineering note
Insivo App booking and consent flow

From interviewer to insight

Consent gates before recording.

A typed consent record is written into consent_events before any microphone permission is requested. Each tenant ships its own AVV (Auftragsverarbeitung) PDF and a per-language consent script. One-click subject-access export pulls every response, transcript, audio file and consent record by user ID into a signed zip.

Numbers from the production tenants.

0msp95 query time
0+Responses / campaign
0%RLS coverage
0sTranscript first-token
DSGVO · AVV Tenant-scoped consent + audit
Data Pipeline Whisper → Claude → Postgres
EU Residency fra1 · cdg1 · arn1

Compliance enforced at every layer.

Row-level security in Postgres. Tenant-scoped consent before recording. AVV per organisation. One-click subject-access export.

Insivo App features overview

Next case study

CLAYMR Pipeline