Architecture
Tech stack by layer
| Layer | Technology | Role |
|---|---|---|
| Frontend | Next.js (App Router) | Web2 UI — no crypto terminology |
| Backend / API | NestJS | Orchestrates the complete flow |
| Database | Supabase (PostgreSQL) + RLS | Payment metadata, users, projects |
| Invisible wallets | Privy (embedded wallets) | Wallet per coordinator — email login |
| Disbursements | Stellar Disbursement Platform (SDP) | USDC disbursements to area wallets |
| Key custody | AWS KMS | Encrypted private keys — never in plain text |
| Blockchain | Stellar | Immutable transaction record |
| Indexer | Horizon API (polling every 30s) | Syncs on-chain data with Supabase |
| Fiat off-ramp | Bitso (CO/CR) · Belo / Lemon Cash (AR) | USDC to local currency |
| File storage | Supabase Storage | Attachments (invoices, photos) — off-chain |
| Frontend deploy | Vercel | |
| API / workers deploy | Railway | |
| Cloud DB | Neon (Postgres) + Upstash (Redis) |
System layers
+------------------------------------------+| FRONTEND (Next.js) | <- User sees: accounts, payments, reports+------------------------------------------+| API (NestJS) | <- Orchestrates: SDP, Privy, off-ramp, KMS+------------+----------+------------------+| Supabase | AWS KMS | Horizon Indexer | <- Data + Keys + On-chain sync| (off-chain | (private| (every 30 sec) || metadata) | keys) | |+------------+----------+------------------+| STELLAR NETWORK | <- Immutable txHash record| SDP · Privy Wallets · Soroban |+------------------------------------------+| OFF-RAMP (Bitso / Belo) | <- USDC -> COP / CRC / ARS+------------------------------------------+Multi-tenant data isolation
- Row Level Security (RLS) in Supabase — every query is automatically filtered by foundation
- Independent Stellar wallets per foundation
- Middleware validates the user token before any query
- A user from one foundation cannot access data from another under any circumstance