Thumbstack
Multi-tenant link-in-bio SaaS with a full commerce stack — cart, guest checkout, orders, digital delivery, coupons, and Stripe subscriptions.
- Domains in architecture
- 3
- Subscription grace period
- 7 days
- Plan enforcement axes
- 6+
- Commerce stack
- Full
The Problem
Link-in-bio products have been dominated by competitors that treat commerce as an afterthought — a checkout button that hands users off to an external platform, or a shop page that is a link list in disguise. The result is a fragmented experience: creators collect email and social links in one place, then push their audience to Gumroad, Shopify, or a standalone store to actually buy something.
The opportunity I saw was to build a link-in-bio platform where commerce was first-class. Not a checkout button bolted on, but a full commerce stack — cart, guest checkout, orders, digital delivery, coupons, subscription management — embedded inside the same editor that creators already use to build their page.
The harder part was doing this as a multi-tenant SaaS. Every creator needs their own isolated data, their own subdomain, their own plan enforcement, their own subscription state. And it all has to be fast, secure, and operable by one person.
The Approach
The architecture I settled on is a three-domain system: brand.com for the authoring editor where creators build their pages, brandpages.com for the public-facing published pages their audience visits, and brandstatic.com as a CDN origin for user-uploaded media. Each domain has its own role in the security and caching model.
For authentication, I chose a strict posture: __Host- cookie prefix for session tokens, dual JWT rotation, and security_stamp session invalidation. These are the patterns you expect from an auth provider, not a SaaS side project — but for a multi-tenant commerce platform they are non-negotiable.
The commerce stack was built from scratch. Cart, guest checkout, orders, digital delivery, coupons, and Stripe subscriptions all live in the same codebase, working against the same multi-tenant data model. Plan enforcement runs across six-plus dimensions (max sites, allowed block types, custom domain, visual effects, analytics, commerce) and each tier gets evaluated at request time.
What I Built
A three-domain Next.js application stack: the editor (brand.com) runs as an authenticated admin surface; the published pages (brandpages.com) are public, cache-friendly, and tenant-isolated at the path level; the static CDN (brandstatic.com) serves user media with strict CORS and content-type validation.
A Stripe subscription lifecycle handler with a 7-day grace period for past-due accounts. Webhooks run through a verified handler that writes to the same database that the editor and public pages read from, with plan state reflected in real-time everywhere.
Plan enforcement at the rendering layer: every block type, every commerce feature, every customization option is gated against the current tenant plan. Downgrading a subscription does not break a creator’s existing page — it hides or disables the premium features until they upgrade again.
Analytics built on an in-memory event buffer that rolls up hourly via a cron job. GDPR-compliant (no IP storage, no cookies for non-authenticated visitors), stored in the same PostgreSQL database as the rest of the app, and queryable by the creator in their dashboard.
Results
Thumbstack runs as a single operator SaaS with a complete commerce stack, three-domain architecture, and multi-tenant data isolation. Every commerce feature that competitors treat as a pro add-on is included in the default build.
The authentication posture is stricter than most link-in-bio platforms in the market — __Host- cookies, JWT rotation, security_stamp invalidation. The setup was written so that session compromise is recoverable without logging every tenant out.
Subscription lifecycle is fully automated: upgrades, downgrades, grace period handling, and plan enforcement are all driven by Stripe webhooks without manual intervention. Billing state is always authoritative from Stripe, never from the application database.
The whole system is operated solo. The three-domain architecture, multi-tenant database, full commerce stack, and subscription lifecycle are all maintained by one person — which was the original design constraint, not an afterthought.
Tech Stack
More work like this
The portfolio has more shipped products. About me covers the background and philosophy that connects them.