Skip to content
KodSpot
Engineering

The platform behind every KodSpot product.

One multi-tenant core. Three production surfaces. Built around the discipline that determines whether a SaaS scales: data isolation, cost-controlled AI, container hardening, and audit-everything compliance.

Clients Restaurant Customers Hotel Owners Hospital Supervisors Workers / Electricians (PWA) Edge Caddy 2 · auto-TLS · HSTS · CSP · rate limits · gzip/zstd Application Tier — multi-tenant Fastify services KodSpot Menu QR menu · billing · UPI · analytics Razorpay · per-tenant plans In-memory menu cache (60s TTL) KodSpot Housekeeping Attendance · cleaning · tickets Multi-floor supervisor flows Selfie / QR / geo validation KodSpot Electrical Inspections · assets · failures Alert & escalation engine Public QR complaints + review Platform Services PostgreSQL 15 Per-tenant rows · audit · retention AI Routing Layer SQL-first · token caps · multi-provider Cloudflare R2 Photos · evidence · QR cards SES · Razorpay · Webhooks Email · payments · alerts

Stack

The tools we run in production.

Application

  • Node.js 20
  • Fastify 4
  • Prisma 5
  • TypeScript / Modern JS

Data

  • PostgreSQL 15
  • Soft-delete + scheduled purge
  • Encrypted PII (AES-256-GCM)
  • Audit-log everywhere

AI / ML

  • Vertex AI
  • Gemini
  • Azure OpenAI
  • SQL-first cost router · per-org token caps

Infra

  • Docker Compose
  • Caddy 2 (auto-TLS)
  • Cloudflare R2 object storage
  • GCP Compute Engine — multi-cloud ready

Delivery

  • PWA · offline queues
  • GitHub Actions CI/CD
  • Health-checked containers
  • Encrypted DB backups

Security

  • JWT + bcrypt + pepper
  • Rate-limited per-IP / per-tenant
  • Strict CSP, HSTS, frame-deny
  • DPDPA-aligned retention

AI / ML

Cost-controlled AI, not a chatbot bill.

SQL-first router

Roughly 80% of operational questions are answered by classified SQL queries with zero LLM tokens.

Cost ceilings

Per-organisation monthly token cap, per-user daily query cap, and a global rate limit. Usage is logged with provider, model, latency, and key source.

Multi-provider

Vertex AI (GCE metadata auth), Gemini (API key), and Azure OpenAI / OpenAI-compatible — chosen per workload and per organisation.

Safe prompts

Domain-locked system prompts, prompt-injection detection, input length limits, and PII sanitisation in error alerts.

Security

Hardened by default.

Compliance

DPDPA-aligned data lifecycle.

DPDPA-aligned

Built around the Digital Personal Data Protection Act framework: consent capture, audit, retention windows, and data subject controls.

Soft-delete + scheduled purge

Deleted hotels are anonymised immediately and hard-purged after 30 days. Visitor analytics rows expire after 90 days.

Privacy-safe analytics

Visitor uniqueness is determined by hashed identifiers — never raw IPs. Plan-aware soft caps prevent the menu from going dark on overage.

Audit by default

Privileged actions write old/new value JSON, actor, IP, user agent, device class, and session ID — across all three platforms.

Cloud strategy

We run today on Google Cloud Platform — Compute Engine VMs, Docker Compose orchestration, Cloudflare R2 for object storage, AWS SES for transactional email, Razorpay for payments. The architecture is intentionally portable: the same containers can move to AWS ECS / Fargate or Azure Container Apps without code changes.

We are actively expanding to a multi-cloud footprint to leverage AWS Bedrock, Azure OpenAI and the broader managed-AI ecosystem alongside Vertex AI — chosen per workload, controlled per organisation.

Want the architecture deep dive?

We share an annotated walk-through of the multi-tenant core, AI router and compliance pipeline with prospective partners and cloud reviewers.

Request a walk-through See products