Technical Architecture Proposal - Device Identifier Platform

Executive Summary

This proposal outlines the development of a privacy-focused device identifier platform comprising a B2C portal (anonymous access), B2B portal (business users with RBAC), and administrative panel, backed by a high-performance Go API.

Approach

4-Phase

Timeline

24-30 Wks

Investment

€207-272K

Scale Target

100K+ DAU

01Proposed Architecture

High-Level System Design

graph TB subgraph External["External Layer"] CDN["CloudFlare CDN
Static Assets | DDoS | WAF"] end subgraph LoadBalancing["Load Balancing"] LB["Load Balancer
Traefik / HAProxy"] end subgraph Frontend["Frontend Layer"] B2C["B2C Portal
Remix SSR + shadcn/ui"] B2B["B2B Portal
Remix + shadcn/ui"] Admin["Admin Panel
Remix + shadcn/ui"] end subgraph Gateway["API Gateway"] API["Go API Gateway
Rate Limiting | Auth | Routing"] end subgraph Services["Microservices"] Core["Core API
Go + Chi"] Notify["Notification Svc
Go Worker"] Payment["Payment Svc
Go + Stripe"] end subgraph Queue["Message Queue"] MQ["RabbitMQ / AWS SQS"] end subgraph Data["Data Layer"] DB[("PostgreSQL
Primary + Replicas")] Cache[("Redis
Cache + Sessions")] Logs[("Loki
Logs")] Storage[("S3/MinIO
Reports")] end CDN --> LB LB --> B2C LB --> B2B LB --> Admin B2C --> API B2B --> API Admin --> API API --> Core API --> Notify API --> Payment Core --> MQ Notify --> MQ Payment --> MQ MQ --> DB MQ --> Cache MQ --> Logs MQ --> Storage

Technology Stack

Layer	Technology	Rationale
Frontend	Remix v2 (React)	SSR for B2C SEO, no vendor lock-in, clean data loading
UI Components	shadcn/ui + Tailwind	Customizable, accessible, modern design system
Icons	react-icons	Multiple icon sets, tree-shakeable
State (Client)	Zustand	Lightweight, simple, TypeScript-first
Forms	react-hook-form + Zod	Performant validation, type-safe
Backend API	Go + Chi + sqlc	High performance, low memory, type-safe SQL
Database	PostgreSQL 16	ACID compliance, JSON support, Serbian law compliance
Cache	Redis	Session storage, caching, rate limiting
Queue	RabbitMQ	Async processing, notifications, reports
Object Storage	AWS S3 / MinIO	Report storage, exports
Monitoring	Prometheus + Grafana + Loki	Metrics, dashboards, centralized logging
CI/CD	GitHub Actions + ArgoCD	GitOps, automated deployments
Container	Docker + Kubernetes	Horizontal scaling, orchestration

02Privacy-by-Design

graph LR subgraph B2C["B2C User - Anonymous"] B2C1["Session Token"] B2C2["Device Fingerprint - hashed"] B2C3["No PII stored"] end subgraph B2B["B2B User - Authenticated"] B2B1["Email - hashed lookup"] B2B2["Business Info"] B2B3["Role/Permissions"] B2B4["Audit Trail"] end subgraph Device["Device Identifiers"] D1["IMEI/Serial Input"] D2["SHA-256 Hash"] D3["Stored Hash Only"] end D1 -->|"One-way hash"| D2 D2 -->|"Stored"| D3 B2C --> Device B2B --> Device

Key Privacy Principles

Device identifiers are hashed using SHA-256 before storage
B2C users require no registration - fully anonymous lookups
Only business-necessary data collected for B2B users
Complete audit trail for compliance verification

03Security Architecture

Multi-Layer Security Model

Layer 1: Network Security

WAF (Web Application Firewall)
DDoS Protection (CloudFlare)
TLS 1.3 Everywhere

Layer 2: API Gateway Security

Rate Limiting (100 req/min anonymous, 1000 req/min authenticated)
JWT Validation
Request Sanitization
IP Reputation Filtering

Layer 3: Application Security

OWASP Top 10 Mitigations
Input Validation (Zod frontend, Go validator backend)
SQL Injection Prevention (sqlc parameterized queries)
XSS Protection (CSP Headers, sanitization)
CSRF Tokens

Layer 4: Data Security

Encryption at Rest (AES-256)
Encryption in Transit (TLS 1.3)
Field-Level Encryption for PII
Key Management (AWS KMS / HashiCorp Vault)

Layer 5: Access Control

RBAC Implementation
- Admin: Full system access
- B2B Manager: Organization management
- B2B User: Limited to assigned permissions
- Anonymous: Public endpoints only
Audit Logging (all mutations)
Session Management (Redis, 24h expiry)

RBAC Schema

graph LR Org["Organizations"] Members["Members"] MemberRoles["MemberRoles"] Roles["Roles"] RolePerms["RolePermissions"] Perms["Permissions"] Settings["OrganizationSettings"] APIKeys["APIKeys"] Scopes["Scopes"] Org --> Members Members --> MemberRoles MemberRoles --> Roles Roles --> RolePerms RolePerms --> Perms Org --> Settings Org --> APIKeys APIKeys --> Scopes

04Scalability Design

Horizontal Scaling Strategy

Traffic Tier	Infrastructure	Capacity
< 10K DAU	2 API pods (64MB each), 1 DB primary	MVP Launch
10K-50K DAU	4 API pods, 1 primary + 1 read replica	Early Growth
50K-100K DAU	8 API pods, 1 primary + 2 read replicas	Target Scale
100K-500K DAU	16 API pods, clustered DB, Redis cluster	Growth Ready

Performance Targets

Metric	Target	Strategy
API Response Time	< 100ms (p95)	Redis caching, sqlc optimized queries
Page Load (B2C)	< 2s	Remix SSR, CDN, code splitting
Database Queries	< 50ms	Indexed queries, connection pooling
Availability	99.9%	Multi-AZ, health checks, auto-scaling

Go Performance Advantage

            
                        Metric
                        Node.js/NestJS
                        Go + Chi
                    
                        Memory per pod
                        ~200-300MB
                        ~30-64MB
                    
                        Cold start
                        200-500ms
                        10-50ms
                    
                        Concurrent connections
                        Event loop limited
                        Goroutines (thousands)
                    
                        Estimated infra cost
                        Baseline
                        40-50% lower

Metric	Node.js/NestJS	Go + Chi
Memory per pod	~200-300MB	~30-64MB
Cold start	200-500ms	10-50ms
Concurrent connections	Event loop limited	Goroutines (thousands)
Estimated infra cost	Baseline	40-50% lower

05Integration Architecture

graph TB subgraph Platform["Platform"] API["Go API"] end subgraph Notifications["Notifications"] SMS["SMS - Twilio / Infobip"] Email["Email - SendGrid / Mailgun"] end subgraph Payments["Payments"] Stripe["Stripe - International"] Local["Local Provider - Serbia"] end subgraph Reports["Reports"] PDF["PDF Generation"] CSV["CSV Export"] end subgraph Monitoring["Monitoring"] Pager["PagerDuty / Opsgenie"] Sentry["Sentry - Error Tracking"] end API --> SMS API --> Email API --> Stripe API --> Local API --> PDF API --> CSV API --> Pager API --> Sentry

06Development Phases

Phase 1: MVP (Foundation)

Core Go API + Database Schema
B2C Portal (anonymous lookup) - Remix + shadcn/ui
Basic Admin Panel
Authentication/Authorization
Deployment Infrastructure (K8s, CI/CD)

Phase 2: B2B + Payments

B2B Portal with RBAC
Organization & Team Management
Payment Integration (Stripe)
Report Generation (PDF/CSV)
Notification System (Email/SMS)

Phase 3: Scale + Compliance

Performance Optimization
Advanced Monitoring & Alerting
Audit System
Disaster Recovery
Security Hardening

Phase 4: Enhancement

Advanced Analytics
API Extensions
Mobile Optimization
Continuous Improvement

Indicative Timeline

Phase	Duration	Milestone
Phase 1 (MVP)	10-12 weeks	Core functionality live
Phase 2 (Prod)	8-10 weeks	Production
Phase 3 (Scale)	6-8 weeks	Production-ready at scale
Phase 4 (Enhance)	Ongoing	Continuous improvement

Total to Production: 24-30 weeks (6-7 months)

07Cost Estimates

Development Costs

Phase	Effort Range	Description
Phase 1 (MVP)	€45,000 - €65,000	Core API, B2C, Basic Admin
Phase 2 (Prod)	€35,000 - €50,000	B2B Portal, Payments, Reports
Phase 3 (Scale)	€25,000 - €35,000	Optimization, DR, Security
Phase 4 (Initial)	€15,000 - €25,000	Analytics, Enhancements
Total	€207,000 - €272,000	Full platform

Infrastructure Costs (Monthly)

Scale	Cloud Estimate	Components
MVP/Low	€600 - €1,200/mo	Basic Kubernetes, small DB
Medium (50K DAU)	€1,500 - €2,500/mo	Scaled infra, monitoring
Target (100K DAU)	€3,000 - €5,000/mo	Full HA setup

Note: Go backend reduces compute costs by ~40% compared to Node.js at scale

08Maintenance & Support

SLA Tiers

Level	Response Time	Availability	Monthly Cost
Standard	4h critical / 24h normal	99.5%	€2,500 - €3,500
Premium	1h critical / 8h normal	99.9%	€4,500 - €6,000
Enterprise	30min critical / 4h normal	99.95%	€7,500 - €10,000

Included in Maintenance

24/7 monitoring and incident response
Security patches and updates
Database maintenance and optimization
Backup verification
Performance tuning
Monthly reporting
Up to 20 hours/month feature development (Premium+)

09Compliance Summary

GDPR Alignment

Principle	Implementation
Data Minimization	Hash-only storage for device IDs, anonymous B2C
Purpose Limitation	Documented data processing purposes
Storage Limitation	Automated data retention policies
Integrity & Confidentiality	Encryption, access controls, audit logs
Accountability	DPO contact, processing records

Serbian Law Compliance

Data localization options (Serbian/EU hosting)
Serbian language support
Local payment provider integration
Compliance with Law on Personal Data Protection

10Team Composition

Role	Allocation	Responsibility
Lead Architect	100%	Architecture, Performance, Code Review
Full Stack Engineer	100%	API, Integrations, Portals
Full Stack Engineer	100%	API, Integrations, Portals
DevOps Engineer	50%	Infrastructure, CI/CD, K8s
QA Engineer	50%	Testing, Automation
Project Manager	25%	Coordination, Reporting

Next Steps

NDA Signing - To receive full specification
Discovery Workshop - 1-2 days to refine requirements
Detailed Proposal - Fixed-scope quotation after discovery
Contract & Kickoff - Project initiation