IsoStack

Isoblue’s foundation for modern, fast, secure and human-centred software

IsoStack is Isoblue’s curated, production-ready software foundation

Suitable for organisations, agencies, solo developers and micro-teams, who want custom software without the fragility usually associated with small-team builds or ‘AI Vibe Code’.

Harnessing the power and speed of AI but with clear guardrails - IsoStack combines a clean, modern development approach with the reliability, scalability, and security of leading cloud technologies.

To read more about IsoStack, select the approach you’d prefer:

Non-technical Summary
Technical Summary

IsoStack - a non-technical summary

You may want to modernise your current business processes or see opportunities to expand with automated / AI powered solutions - IsoStack is the solid foundation that enables just this, without the guesswork that is VibeCoding.

Think of it as the frame and foundations of a house:
You choose the layout, colours, and features - but the parts that need to be rock-solid (plumbing, electrics, heating, insulation) are already done to a professional standard. That’s what IsoStack does for software.

It also ensures that every app we build is:

  • Stable - designed to run for years with minimal fuss

  • Secure - built on proven, industry-standard components

  • Adaptable - to meet specific needs of your business processes

  • Fast to develop - AI-assisted tools with guardrails

  • Affordable - shorter development times, means cost are reduced

  • Easy to maintain - predictable structure, no brittle “developer magic”

  • Scalable - grows from a small internal tool to a public SaaS product

  • Cloud-native - backups, logging, monitoring, and version control baked in

This gives you confidence that your software isn’t experimental - it’s practical, dependable, and commercially sound.

Why It matters

Most small-team or low-code projects fail for the same reasons: No separation between development and live environments, poor data structure leading to slowdowns later, inability to test safely, no audit trail, fragile hosting, no ability to scale as usage grows

IsoStack is designed explicitly to avoid all of these traps and accelerate reliable building.

What you get

  • A clean, intuitive user interface

  • Responsive layouts for desktop, tablet, and mobile

  • Secure logins and access controls

  • Fast pages, even with large datasets

  • Clear dashboards, analytics, and reporting

  • Seamless email notifications and batch communication

  • Easy integration with services like Stripe, Resend, or Mailchimp

  • Long-term support and the ability to extend

IsoStack lowers risk, reduces cost, and increases speed

Get in touch

To arrange a friendly, no jargon call, please get in touch.
Email us →

IsoStack - technical summary

IsoStack Platform Architecture

IsoStack is a modern, production-grade SaaS foundation built for organisations that need reliability, security, and long-term maintainability. It combines a fully type-safe TypeScript codebase (Next.js 15, tRPC, Prisma) with a multi-tenant PostgreSQL architecture to ensure strict data isolation and predictable scaling. All business logic, API calls, and database operations are end-to-end typed, reducing entire classes of integration errors and delivering a level of robustness that older low-code or monolithic systems cannot match.

Authentication is handled by NextAuth.js with magic-link, OAuth, and password support. Every request is validated at runtime with Zod schemas, and all data access is permission-checked through a clean RBAC model (Owner, Admin, Member). The system enforces best practices by design: UUID primary keys, organisation-scoped filtering on every query, strict schema validation, and optional rate limiting. For storage, IsoStack uses Cloudflare R2 for secure, cost-effective file and media handling with S3 compatibility.

IsoStack’s architecture supports modular growth. Core features—authentication, user management, tenancy, audit logs, content storage—are always present, while advanced modules (billing, support, custom integrations) are plug-and-play. This creates a stable baseline for your project while allowing tailored functionality without forking the codebase. Deployment is designed for professional hosting environments such as Vercel, Neon, and Cloudflare, ensuring high availability, automated scaling, and global CDN performance.

Features & Benefits for Technical Reviewers
Multi-Tenant, Organisation-Scoped Data Isolation

Each tenant’s data is fully segmented through enforced organizationId constraints. This eliminates cross-tenant leakage risks and ensures compliance in environments involving sensitive or regulated data.

This means a predictable, provable isolation suitable for healthcare, legal, and charity-sector applications where segregation is non-negotiable. Combined with row level security and encryption - security is built in not added on.

Strict End-to-End Type Safety

From API layer to UI, all inputs and outputs are validated with TypeScript and Zod. There is no untyped or legacy code path.

Meaning higher reliability, fewer production defects, faster onboarding for new developers, and easier long-term maintenance.

Modular System with Feature Flags

IsoStack ships with a core framework and optional modules that can be activated per tenant. Each module provides its own routes, API endpoints, and permissions.

Projects avoid code bloat, can evolve safely over time, and can be customised without compromising platform stability.

Advanced Tooltip System (SSOT for Help Content)

A unique three-tier (Global → App Owner → Tenant) tooltip system ensures consistent onboarding and contextual help across applications. Tenants may override content without losing the upstream structure.

Advanced help in context reduces support requests, eases rollout of complex workflows, and empowers administrators without code changes.

Audit Logging for Compliance

Every significant action—user changes, settings updates, permission edits—is logged with metadata, timestamps, and actor identity.

Organisations have defensible audit trails suitable for GDPR, safeguarding, organisational governance, and external review.

Modern, Serverless Deployment with Professional Tooling

Built for providers such as Vercel, Neon, and Cloudflare R2, IsoStack benefits from global edge networks, automated scaling, and secure CI/CD processes.

IsoStack ensures high performance, low maintenance overhead, and predictable hosting costs.

Secure by Default

  • Magic-link and OAuth authentication

  • bcrypt hashing

  • CSRF and session security

  • Input validation everywhere

  • UUID primary keys

  • Optional rate limiting

A secure baseline that meets modern expectations without relying on developer discipline alone.

Designed for Longevity

IsoStack is not a temporary low-code workaround. It is a full modern web application stack using frameworks that will still be standard in 5–10 years. A modular framework is designed from the ground up to be flexible and connected! A built-in API and library of ready built modules means it quick and low cost to extend your app.

Technical and non-technical users can see a clear, maintainable path for future enhancements, integrations, when market, environment or team members change.

Read on to learn about IsoStack components or get in touch

Send an email with any questions or requests or simply to explore more.
Email us →

IsoStack: Main Components & Why They Matter

Next.js 15 (Frontend & API Layer)

A mature, industry-standard React framework used by thousands of enterprise applications. It provides server-side rendering, excellent performance, and long-term stability.

Why chosen:

  • Fast, SEO-friendly pages

  • Built-in routing and security

  • Strong community and long-term viability

  • Simplifies both frontend and backend development

TypeScript (Across the Entire Codebase)

A typed version of JavaScript that prevents errors before they reach production.

Why chosen:

  • Fewer bugs and regressions

  • Clearer, safer code

  • Easier onboarding for new developers

  • Industry best practice for modern SaaS

tRPC + Zod (API Layer & Validation)

tRPC provides end-to-end type safety without boilerplate. Zod validates all inputs so nothing unsafe reaches the database.

Why chosen:

  • Zero API mismatch errors

  • Runtime validation for every request

  • Faster development with higher reliability

  • No code generators or fragile schemas

Prisma ORM + PostgreSQL (Database Layer)

Prisma is a next-generation ORM that gives developers a rigorous, typed way to work with PostgreSQL.
PostgreSQL is a proven, robust relational database trusted globally.

Why chosen:

  • Strong relational integrity

  • Excellent performance at any scale

  • Easy migrations and schema control

  • A long-standing, stable technology with a huge ecosystem

Neon (Serverless PostgreSQL Hosting)

Modern hosting for PostgreSQL with instant scaling, automatic backups, branching, and cost efficiency.

Why chosen:

  • No database servers to manage

  • Scales automatically with demand

  • Safe development via database branches

  • Predictable costs

NextAuth.js (Authentication)

Handles secure logins with magic links, email/password, or Google OAuth.

Why chosen:

  • Widely adopted and regularly audited

  • Reduces risk by using standard, secure patterns

  • Easy for users (magic links)

  • Easy for organisations (supports multiple login methods)

Cloudflare R2 (File & Media Storage)

A modern, low-cost, S3-compatible object store ideal for documents, images, exports, and attachments.

Why chosen:

  • Ultra-low storage costs

  • Global content delivery via Cloudflare CDN

  • Simple developer experience

  • Keeps file storage independent from the app server

Resend (Email Delivery)

A modern transactional email provider with React-based templating.

Why chosen:

  • High deliverability

  • Easy templating for branded emails

  • Secure and reliable for onboarding, notifications, and workflow messages

Mantine UI (Frontend Components)

A polished, professional React component library.

Why chosen:

  • Fast development of consistent, accessible UI

  • Highly customisable styling

  • Saves time on design without sacrificing quality

Audit Logging (Compliance & Governance)

Tracks all important actions: settings changes, invitations, permissions, etc.

Why chosen:

  • Transparency and accountability

  • Essential for GDPR, safeguarding, and internal governance

  • Reduces operational risk

Multi-Tenant Isolation (Core Data Model)

Every organisation’s data is strictly partitioned by organizationId.

Why chosen:

  • Prevents cross-client data exposure

  • Supports complex, professional deployments

  • Ensures reliability for regulated sectors (legal, healthcare, charity)

Modular Architecture with Feature Flags

Allows optional modules—billing, support, dashboards—without cluttering the system.

Why chosen:

  • Reduces complexity

  • Enables future expansion without rewrites

  • Lets each client activate only what they need

Advanced Tooltip System
(Single Source of Truth for Help Content)

Three-tier system: Global → App Owner → Tenant.
Delivers contextual onboarding, training, and process guidance inside the interface.

Why chosen:

  • Reduces support load

  • Gives every organisation personalised, editable guidance

  • Creates consistency across large teams