Next.js edge middleware resolves tenant context from custom domains or subdomains before routing, injecting tenant_id into all downstream requests. Supabase PostgreSQL with row-level security policies enforces data isolation at the database layer, while tenant branding configuration is stored as JSON and applied via server-side rendered CSS custom properties. Stripe Connect handles multi-party billing with automated revenue splits between platform owner and reseller.
How do you isolate tenant data in a multi-tenant architecture?
We use PostgreSQL row-level security (RLS) policies enforced at the database layer via Supabase. Every query is scoped to the current tenant using session-level configuration variables. So even when application code has a bug, the database itself refuses to return rows belonging to other tenants. It's not a safety net you can accidentally code around. For regulated industries, we can provision physically separate Supabase projects per tenant.
How do custom domains work for each tenant?
We use Vercel's Domains API to programmatically add and verify custom domains during tenant provisioning. SSL certificates get provisioned automatically. Next.js edge middleware resolves the incoming hostname to a tenant configuration, so the correct branding and data scope are applied before any page renders. On the tenant's end, they just need to add a CNAME record—that's it.
Can each tenant have completely different branding and UI?
Yes. Tenant branding—colors, logos, fonts, navigation structure, email templates—is stored as configuration in Supabase and applied at render time via CSS custom properties and server-side rendering. No rebuild or redeploy needed. Changes take effect immediately. We can handle anything from simple color swaps to entirely different navigation layouts per tenant.
How many tenants can this architecture support?
Our architecture scales to thousands of tenants on a single codebase and deployment. Edge middleware tenant resolution adds negligible latency. Supabase's connection pooling via Supavisor handles concurrent tenant database sessions efficiently. We've stress-tested with 100+ simultaneous tenants and validated sub-200ms response times. Physical database separation is available for any tenant that needs dedicated resources.
What does the reseller admin dashboard include?
The super-admin dashboard lets resellers provision new tenants, manage subscription plans via Stripe Connect with automated revenue splitting, configure per-tenant feature flags, view cross-tenant analytics and usage metrics, manage custom domains, and control white-label email sender domains. It's a standalone Next.js application with role-based access control—not a bolt-on settings page.
How long does it take to build a white-label multi-tenant platform?
A production-ready white-label platform typically takes 10-12 weeks across four phases: core multi-tenant architecture (3 weeks), reseller tooling and billing (3 weeks), security hardening and load testing (3 weeks), and launch support with real tenant onboarding (3 weeks). You'll have a working prototype with test tenants by the end of week 3.
Do we own the code and infrastructure?
Yes, completely. You own the codebase, the Supabase project, the Vercel deployment, and all tenant data. We deliver everything via a Git repository with full documentation. There's no vendor lock-in to us. Post-launch, we offer optional retained support for ongoing development, but your team can maintain and extend the platform independently without us in the loop.
Schedule Discovery Session
We map your platform architecture, surface non-obvious risks, and give you a realistic scope — free, no commitment.
Schedule Discovery Call
Let's build
something together.
Whether it's a migration, a new build, or an SEO challenge — the Social Animal team would love to hear from you.