🔴 SaaS layer / 🟢 District enterprise Migration project · special case Wave 2/3 · cluster 6 PRD v1.0 · May 2026

Super Simple Score System
— classroom point tracker

Ultra-fast, touch-first classroom point-tracking. Teachers tap student tiles to award/subtract points in real time. "The fastest classroom engagement system for live instruction." Currently a WordPress PHP page template; this project migrates it to Next.js + Supabase and evolves through four tiers — free → individual teacher → school → district enterprise (where Hatchstacks Pro fits naturally).

Tile response · hard requirement
<100 ms
Anything slower is broken
K-12 teachers (US)
3.7M
The addressable market
Paid · M12
250+
From 5k free users
Target MRR · M12
$10k–$25k
First school customers
The split fit-flag. This is the only project in the portfolio with two fit-flags depending on tier: 🔴 at the SaaS layer (teachers, schools), 🟢 at the district enterprise tier (Year 2-3 unlock). Build Leads must understand both architectures — see §02 and §07.
02The split fit-flag

Most projects in the portfolio have one fit-flag. This one has two — because the architecture genuinely changes at the district enterprise tier. Below $50k ARR per district, standard SaaS is right. At and above that, dedicated Mac mini per district justifies itself for compliance, data residency, and white-label needs.

🔴 · SAAS LAYER

Pro overkill

Multi-tenant B2B2C product. Teachers + students + small schools as end users on Supabase + Vercel. 3.7M potential teacher market = no per-customer Mac mini possible. Standard cloud is the right architecture.

  • · Free tier (localStorage)
  • · Individual teacher ($5–$10/mo · cloud sync)
  • · School ($1–$3/student/year · admin dashboard)
🟢 · DISTRICT ENTERPRISE · Y2-3

Pro fits naturally

10k+ students per district at $50k+ ARR justifies dedicated infrastructure: isolated Postgres for data residency, district-specific FERPA/COPPA customizations, white-label branding option.

  • · Dedicated Mac mini per district
  • · Isolated Supabase instance
  • · White-label option
  • · SSO (Clever · ClassLink · Google Classroom)
  • · Off-boarding ownership transfer real
The architecture switches at the tier boundary. Same product. Different deployment. Build Lead's day-to-day Year 1 is the 🔴 SaaS work. The 🟢 enterprise tier is a Year 2-3 unlock that becomes possible because the SaaS tier has proven the product first.
03Migration pathWordPress PHP → Next.js + Supabase

An existing WordPress PHP page template runs the current product (with localStorage persistence per device). The migration moves to Next.js + Supabase without breaking the existing users. Gradual deprecation of the old stack.

CURRENT · WORDPRESS PHP page-student-points-login-protected.php WordPress page template Existing stack: ▸ WordPress + custom PHP template ▸ localStorage persistence (per-device) ▸ WordPress native authentication ▸ Vanilla JS + HTML + CSS frontend ▸ All data trapped on one device ▸ No cloud sync · no multi-class scaling ▸ No analytics · no student accounts ▸ No path to district enterprise MIGRATE Phase 1 · 6 weeks data export helper TARGET · NEXT.JS + SUPABASE Next.js 15 + App Router Vercel · Tailwind · shadcn/ui Migration target: ▸ Next.js 15 + App Router ▸ Tailwind + shadcn/ui ▸ Supabase (Postgres + Auth + Realtime) ▸ Cloud sync (paid tier) ▸ localStorage fallback (free tier) ▸ Magic-link auth + Google SSO ▸ Multi-device, multi-class scaling ▸ Path to school + district tier GRADUAL YEAR 2-3 · DISTRICT TIER Hatchstacks Pro Per-district Mac mini Enterprise unlock: ▸ Dedicated Mac mini ▸ Isolated Supabase ▸ District-specific compliance ▸ FERPA audit logging ▸ White-label branding ▸ Clever · ClassLink SSO ▸ $50k+ ARR per district ▸ Off-boarding transfer real
Don't break existing users. Migration helper exports localStorage data from the WordPress version into the new Supabase backend. Free tier preserves localStorage-only mode so hold-outs aren't forced. Old WordPress version stays accessible for 6 months after Next.js launch as a fallback.
04Tier evolutionFit-flag changes at the tier boundary

Four tiers. The first three are 🔴 standard SaaS. The fourth (district enterprise) is 🟢 Hatchstacks Pro — the only place in the portfolio where the same product crosses the fit-flag boundary.

TIER 1

Free

$0 · per device
  • 8 classes
  • localStorage only
  • No cloud sync
  • Single device
  • All current features
🔴 PRO OVERKILL
TIER 2

Individual teacher

$5–$10 / mo
  • Unlimited classes
  • Cloud sync across devices
  • Multi-device login
  • CSV import · sorting · leaderboard
🔴 PRO OVERKILL
TIER 3

School

$1–$3 / student / year
  • School admin dashboard
  • Multi-teacher rollups
  • Student accounts (COPPA)
  • Analytics + reports
  • Team systems
🔴 PRO OVERKILL
TIER 4 · Y2-3

District enterprise

$50k+ ARR per district
  • Dedicated Mac mini
  • Isolated Postgres / Supabase
  • SSO: Clever · ClassLink · Google Classroom
  • White-label option
  • FERPA audit logging
  • Off-boarding transfer real
🟢 PRO FITS
The tier ladder funds itself. Free tier brings teachers in (CAC = $0, viral). Individual tier pays for cloud infrastructure. School tier funds the compliance work needed for district. District enterprise pays for the Mac mini infrastructure. Each tier funds the next layer's investment.
05Current architecture · WordPress PHP

The existing product. Single PHP page template, vanilla JS frontend, localStorage persistence per device. Functional but architecturally trapped — no path to multi-device sync, no path to schools, no path to compliance.

TEACHER iPad / Mac / Smartboard WORDPRESS PAGE page-student-points-login-protected.php Login-protected by WP auth VANILLA JS FRONTEND Tiles · click handlers · scoring No framework LOCAL STORAGE Per-device only No cloud · no multi-device LIMITATIONS · WHY WE'RE MIGRATING ▸ Data trapped on one device — teacher loses everything if device fails ▸ No multi-device — teacher on iPad in class can't continue on phone or laptop ▸ No path to student accounts — COPPA blocking · no district tier possible ▸ No analytics — schools want engagement metrics; PHP template can't provide
06Target architecture · Next.js + Supabase

Modern SaaS stack. Next.js 15 + App Router · Supabase (Postgres + Auth + Realtime). Free tier still uses localStorage for offline-first. Paid tiers add cloud sync. Same multi-tenant infrastructure scales to school tier; district enterprise breaks out to dedicated infrastructure (§07).

DEVICES · TOUCH-FIRST · IPAD PRIORITY iPad SafariPrimary · classroom touchscreen Mac classroomTeacher workstation SmartboardLarge touchscreen PhoneTeacher mobile · check-ins Student devicesPaid tier only FRONTEND · NEXT.JS 15 · APP ROUTER Next.js 15App Router · React Server Components Tailwind + shadcn/uiDesign system · WCAG AA Optimistic UI<100ms tile response · sync in background Service worker + DexieOffline-first (later phase) BACKEND · SUPABASE · MULTI-TENANT Supabase PostgresSource of truth · row-level security Supabase AuthMagic link · Google SSO Supabase RealtimeLive tile updates across devices Stripe SubscriptionsIndividual + school billing ResendTransactional email HOSTING · STANDARD CLOUD · NO MAC MINI YET (TIERS 1–3) Vercel · Next.js host Supabase Cloud (managed) Cloudflare · CDN + DDoS Sentry · PostHog (analytics)
07District enterprise · Year 2-3Where 🟢 Pro tier fits

The tier that justifies dedicated Mac mini infrastructure. Districts with 10k+ students and $50k+ ARR want isolation: their data stays in their isolated Postgres, audit logs satisfy FERPA, district can opt for white-label branding. Build Lead spec: one Mac mini per district.

DISTRICT · 10K+ STUDENTS · $50K+ ARR DISTRICT ADMINS📊 Cross-school analytics📋 Compliance dashboard💳 Single PO billing SCHOOLS🏫 Per-school admin📈 Teacher rollups👥 Multi-teacher coordination TEACHERS⚡ <100ms tile response📱 Multi-device sync🎮 Team systems SSO · DISTRICT IDP🔐 Clever (most common)🔐 ClassLink🔐 Google Classroom ↓ all traffic terminates at the district's dedicated Mac mini ↓ DEDICATED INFRASTRUCTURE · ONE PER DISTRICT · HATCHSTACKS PRO District Mac minidistrict-{name}.local TAILSCALEBuild Lead access · no public admin ISOLATED POSTGRESPer-district · data residency FERPA AUDIT LOGGINGImmutable · retained per district policy WHITE-LABEL OPTIONDistrict's own branding · subdomain COMPLIANCE CUSTOMIZATIONSDistrict policies · COPPA workflows CEO + QA AGENTS · DEDICATEDCompliance audits · district account mgmt OFF-BOARDING TRANSFER · REAL HERE (UNLIKE OTHER TIERS)If district exits, Mac mini + isolated Postgres + audit logs + branding all transfer to district. Pro tier signature feature applies.
Why this works. Districts care about three things SaaS can't easily promise: data residency (their student data stays on their dedicated infrastructure), audit isolation (no cross-district leakage), and exit options (off-boarding transfer). Hatchstacks Pro delivers all three natively.
08Tile performance architecture<100ms response · the hard requirement

The single most important non-functional requirement. Anything slower than 100ms from tap → visual feedback breaks the teacher's classroom flow. Optimistic UI + async cloud sync makes this viable. Conflict resolution handles offline → online transitions.

sequenceDiagram
    participant T as Teacher's tap
    participant UI as React state
    participant V as Visual feedback
    participant LS as localStorage
    participant SB as Supabase
    participant TR as Realtime broadcast

    T->>UI: Touch event on student tile
    Note over UI: Synchronous · <16ms
    UI->>V: Optimistic state update (+1 point)
    V-->>T: Visual feedback (green glow)
    Note over V: <100ms target met ✓
    par Async cloud sync
        UI->>LS: Persist locally (immediate)
        UI->>SB: Write PointEvent (background)
        SB->>TR: Broadcast to other devices
        TR->>UI: Echo to other open tabs/devices
    end
    alt Sync succeeds
        SB-->>UI: Confirm write
        Note over UI: All state consistent
    else Sync fails (offline)
        UI->>LS: Queue retry
        Note over LS: Service worker retries on reconnect
        Note over UI: UI shows offline indicator
    else Conflict on reconnect
        SB-->>UI: Conflict (newer write elsewhere)
        UI->>UI: Last-write-wins (or operator review)
        UI->>V: Reconcile visual state
    end
Don't ever block the UI on the network. The tile MUST update visually within 100ms regardless of network state. Cloud sync is best-effort in the background. localStorage is the fallback. Conflict resolution happens after the fact, not during the tap.
09COPPA + FERPA complianceGates district sales

Two federal laws govern student data. FERPA governs all education records. COPPA governs data collection from kids under 13. R1 (FERPA/COPPA non-compliance) is High severity — kills district sales before they start. Compliance review is mandatory before student-account features ship.

STUDENT DATA FLOW · COPPA SCRUTINY (UNDER 13) · FERPA EDUCATION RECORDS 1. TEACHER ADDS STUDENT CSV import OR manual entry Name only (no PII required) Free tier: localStorage Paid tier: Supabase 2. POINTS AWARDED PointEvent written Audit trail · timestamp teacher_id stored Required for FERPA audit Student account? NO SCORE-ONLY MODE Teacher controls all data · no student PII No COPPA gate YES COPPA CONSENT FLOW REQUIRED Parent verifiable consent · school-as-agent doctrine · OR district SSO Required if student under 13 has direct login COMPLIANCE PILLARS · MANDATORY BEFORE DISTRICT TIER FERPA · EDUCATION RECORDS ▸ Audit log every PointEvent ▸ Retention per district policy ▸ Data subject access requests ▸ Parent right to inspect/correct ▸ Encryption at rest + in transit ▸ Limited disclosure rules All tiers · stricter for district COPPA · UNDER 13 ▸ Parental verifiable consent ▸ School-as-agent doctrine ▸ No third-party tracking ▸ Data minimization ▸ Right to delete ▸ No behavioral advertising Triggers when student has login PRIVACY SEALS ▸ Common Sense Privacy ▸ iKeepSafe COPPA seal ▸ Student Data Privacy Pledge ▸ SOC 2 Type 1 before district tier ▸ State-specific addenda R7: schools block apps without seals QA AGENT · ENFORCEMENT ▸ Audit log integrity check ▸ Consent record validation ▸ Data export compliance ▸ Retention policy enforce ▸ Daily compliance report Active in district tier
R7 — school wifi blocks third-party domains. Schools block apps without Common Sense Privacy + iKeepSafe COPPA seals. Both seals must be obtained before the school-tier sales push (Phase 4). Without them, schools' content filters block the domain and the product never reaches teachers.
10Phase timeline52 weeks · migration first
W1W6W16W26W52 PHASE 1Migration PHASE 2Cloud + paid tier PHASE 3Analytics + student accts PHASE 4 — school + district tier · $10–25k MRRFirst school customer · district enterprise prep STACK Next.js + Supabase migrate Iteration · cloud sync · features FREE USERS 500 free 5k free Growing toward 25k+ PAID 50 paid · $250–500 MRR 250 paid · $1.5–2.5k MRR First school customers · $10–25k MRR COMPLIANCE COPPA flow · audit log Privacy seals · SOC 2 Type 1 · district readiness Migration complete Paid tier · 50 paid 5k free · 250 paid · student accts First school + district prep $0 $250–500 $1.5–2.5k $10–25k MRR target MRR
11Risk heatmap

Seven risks. R1 (FERPA/COPPA) and R7 (school wifi blocks) are the existential ones — both gate district tier sales entirely. R2 (school procurement cycles 6–12 months) means individual-tier revenue must fund the long enterprise sell.

Low
Medium
High
Critical
High
R1
R7
Medium
R5
R2
R3
R4
Low
R6
— Likelihood →
Risk register
R1FERPA / COPPA non-complianceCompliance review before any student-account feature ships · QA Agent enforcement
R2School procurement 6–12 monthsSelf-service individual tier funds operations · district is long-game
R3ClassDojo / GoGuardian competeSpeed is the wedge · ClassDojo is feature-heavy but slow
R4iPad Safari quirks (touch + offline)iPad QA in every release loop · PWA + service worker
R5Existing WordPress users resist migrationOne-click data export · preserve free WP version for 6 mo as fallback
R6Free tier abuse (100 fake accounts)Soft limits · CAPTCHA on signup
R7School wifi blocks third-party domainsCommon Sense Privacy + iKeepSafe COPPA seals · CRITICAL gate before school push
12Data model
erDiagram
    TEACHER ||--o{ CLASS : "owns"
    CLASS ||--o{ STUDENT : "contains"
    STUDENT ||--o{ POINT_EVENT : "earns"
    TEACHER ||--o{ POINT_EVENT : "awards"
    CLASS ||--o{ TEAM : "may group into"
    TEAM }o--o{ STUDENT : "includes"
    SCHOOL ||--o{ TEACHER : "employs"
    DISTRICT ||--o{ SCHOOL : "contains"

    TEACHER {
        uuid id PK
        string email
        uuid school_id FK
        uuid district_id FK
        enum subscription_tier "free|individual|school|district"
        string stripe_customer_id
        jsonb preferences
    }
    CLASS {
        uuid id PK
        uuid teacher_id FK
        string name
        string color
        string grade_level
        int default_point_amount
        jsonb enabled_features
        bool archived
    }
    STUDENT {
        uuid id PK
        uuid class_id FK
        string name
        int current_score
        int total_points_awarded
        int total_points_subtracted
        uuid user_id FK
    }
    POINT_EVENT {
        uuid id PK
        uuid student_id FK
        uuid class_id FK
        uuid teacher_id FK
        int delta
        timestamp event_at
        text note
    }
    TEAM {
        uuid id PK
        uuid class_id FK
        string name
        string color
    }
    SCHOOL {
        uuid id PK
        string name
        string address
        uuid district_id FK
        uuid billing_account_id FK
    }
    DISTRICT {
        uuid id PK
        string name
        string billing_contact
        string PO_number
        int per_student_rate_cents
    }
13Build Lead · Week 1

Migration-focused. Day 1–2 study the existing WordPress code carefully (don't reinvent). Day 3–4 scaffold Next.js + Supabase. Day 5–6 port the existing tile UI. Day 7 build the migration helper and test on iPad Safari + Smartboard (the two surfaces that matter most).

DAY 1Read-in
  • Tailnet · 1Password · Notion access
  • Read PRD end-to-end
  • Read current WordPress PHP code
  • Map existing features to new stack
Existing product understood
DAY 2Compliance
  • FERPA reference reading
  • COPPA reference reading
  • Common Sense Privacy + iKeepSafe seal docs
  • Map compliance to data model
Compliance landmines clear
DAY 3Next.js + Supabase
  • Next.js 15 scaffold (App Router)
  • Tailwind + shadcn/ui
  • Supabase project · Postgres schema
  • Magic-link auth + Google SSO
Stack ready
DAY 4Tile UI port
  • Port student tile component
  • Tap zones (left subtract / right add)
  • Green / red glow animations
  • Multi-class navigation
  • iPad Safari smoke test
Core UI ported
DAY 5Persistence
  • localStorage persistence (free tier)
  • Supabase cloud sync (paid tier)
  • Optimistic UI · <100ms test
  • PointEvent audit trail
Two persistence modes
DAY 6Features port
  • CSV import
  • Sorting (name / score)
  • Leaderboard with slide animations
  • Classwide adjustment tile
  • Sound effects toggle
Feature parity reached
DAY 7Migration + test
  • Migration helper: WP localStorage → Supabase
  • iPad Safari QA pass
  • Smartboard touchscreen QA
  • Free tier launch on staging
  • Test plan for existing WP users
Free tier launch-ready
14Cross-project map

Mostly standalone in architecture. Stripe subscription pattern reusable. COPPA/FERPA compliance learning transfers to any future ed-tech projects. The district enterprise pattern is reusable for any multi-tenant → enterprise upgrade path elsewhere in the portfolio.

THIS PROJECTScore System 🟡 HYBRID PATTERNVacation Rental TurnoverSame multi-tenant → per-client lane SHARED PATTERNTier-upgrade lane 🟢 PRO · WAVE 1ADU Directory V2Stripe subscription pattern SHARED TECHStripe + Supabase FUTUREMore ed-tech projectsFERPA/COPPA reusable STANDALONEMostly independentMigration project · unique Dashed = transferable patterns. Dotted = future / standalone.
The tier-upgrade lane is the reusable pattern. Both Vacation Rental Turnover and Score System share the pattern: standard SaaS for most users, dedicated Mac mini for the top-tier enterprise customer. The mechanics (data migration to isolated infrastructure, white-label option, ownership transfer at off-boarding) are reusable across both projects.
15Glossary
COPPA
Children's Online Privacy Protection Act. Governs data collection from kids under 13. Triggers when students have direct accounts on the platform.
FERPA
Family Educational Rights and Privacy Act. Governs all student education records — including point histories. Audit log + retention policies enforce this.
School-as-agent
COPPA doctrine: schools can consent on behalf of parents for educational tools. Reduces COPPA friction in school + district tier.
Clever / ClassLink
Standard SSO providers for K-12 schools. District-level. Required for the district enterprise tier sale.
Common Sense Privacy
Standard third-party privacy review for ed-tech. Schools' content filters often gate access based on this seal.
iKeepSafe COPPA
Privacy seal program specifically for COPPA compliance. Districts require it before approving an app.
District
A school district — administrative + procurement entity. The enterprise customer at Tier 4.
Per-student licensing
Standard ed-tech pricing model ($1–$5/student/year). Used at school and district tiers.
Optimistic UI
Update the UI immediately on user action, sync to server in background. The pattern that makes <100ms tile response possible.
PointEvent
Audit-trail entity. Every point awarded creates a PointEvent. Required for FERPA compliance.
Tile
A clickable student card. Tap left = subtract point. Tap right = add point. The atomic UI primitive of the product.
SOC 2 Type 1
Compliance audit some districts require before signing. Target: complete before Phase 4 district push.
← Portfolio