Islands architecture ships lean HTML by default. Only the interactive parts hydrate, so pages load fast everywhere.
How SoulTales is built for scale, cost efficiency, security, and GDPR. The services we use and why.
Platform stack
Built to scale. Secured by design.
SoulTales runs on a modern, edge-first stack, chosen for performance, predictable costs, strong privacy defaults, and no vendor lock-in. Every service below is in production today.
Edge-first Pay-as-you-grow GDPR-aware PCI via Stripe
Frontend · soultales.com
The public site is an Astro application on Cloudflare Workers. Every listing, destination, and browse page is statically generated at build time. We deploy four times a day so content stays fresh without runtime CMS calls. Map filters run at the edge against pre-built listing data: no database traffic while travelers explore. Fast page loads, optimized assets, edge delivery, and almost no always-on compute: secure by default, with a minimal CO₂ footprint.
Global edge SSR with no cold-start monolith. Scales automatically with traffic spikes during campaign season.
Headless CMS for listings, destinations, and pages. Partners update once, the site updates everywhere.
Fully managed serverless Postgres behind Directus. Content is baked in at build time, so travelers never trigger database queries on the live site.
Edge libSQL for traveler sessions, favorites, and planner data. Low latency auth without a central database bottleneck.
Magic-link sign-in delivered from the EU region, aligned with GDPR expectations for transactional email.
Real-time media transformation: resize, crop, and optimize images on delivery so every gallery loads fast without storing dozens of variants.
Web and product analytics without cookies. Privacy-first, 100% GDPR-aligned, proxied through our own domain so we control what leaves the browser.
Better Auth
Traveler sign-in with Google, Apple, Facebook, X, and more, plus email magic links. Sessions live in our own Turso database via Drizzle ORM, so auth scales without per-seat SaaS fees as the user base grows. Separate from the partner portal, and no card data anywhere near our auth layer.
Backend · manage.soultales.app
Directus is our content source of truth. It runs in containers on Fly.io with Neon Postgres and Google Cloud Storage for uploaded media.
Open-source headless CMS with full control over schemas, roles, flows, and partner data without vendor lock-in on content.
Container hosting close to users with on-demand horizontal and vertical scaling. Directus and helpdesk each run as isolated apps.
Fully managed serverless Postgres on a Rust-built storage engine. Autoscaling compute optimized for latency, scale-to-zero when idle, and usage-based pricing: fast under load, low cost when quiet. Branching makes staging and migration testing practical without extra hardware.
Durable object storage for partner uploads and CMS assets, offloaded from app servers so Fly machines stay lean.
Partner portal · ie.soultales.app
Partners manage listings, prices, and subscriptions on a separate Astro app, also on Cloudflare Workers, with Clerk for identity and Stripe for billing.
Same islands architecture as the public site. The partner portal ships lean HTML with Vue only where partners need rich forms and dashboards.
Same edge platform as the public site, plus KV for session state. Partners get a fast portal without maintaining servers.
Enterprise-grade partner accounts, MFA-ready, separate from traveler auth. The right tool for B2B onboarding at scale.
PCI-compliant subscriptions and invoicing. Card data never touches our Workers; Stripe handles compliance end to end.
Listing translations and AI-assisted content so partners can publish in six languages without hiring translators per field.
Live chat widget embedded in the partner portal. Conversations route to our self-hosted helpdesk, not a black-box SaaS inbox.
Helpdesk · helpdesk.soultales.app
Customer support runs on self-hosted Chatwoot: our data, our retention rules, integrated with the same email and storage patterns as the rest of the platform.
Open-source support desk with no per-seat SaaS tax as the team grows. Web chat, email, feedback, and social channels in one integrated platform. Full ownership of conversation history.
Same fully managed Neon stack with a Rust-built engine, autoscaling compute, and scale-to-zero pricing. Separate database isolation per service.
Managed Redis for Sidekiq job queues. Reliable background processing without running our own Redis cluster.
S3-compatible attachment storage with zero egress fees to Workers. Cost-efficient file handling at scale.
Scalability & cost efficiency
We avoid oversized always-on servers. Each layer scales independently so campaign traffic does not require re-architecture.
Edge-first delivery
Cloudflare Workers serve the public site and partner portal from hundreds of PoPs. Static docs on Cloudflare Pages add zero server management.
Pay for usage
Neon, Turso, Fly, and Workers bill on consumption, so quiet months stay cheap and peak season scales without manual capacity planning.
Open source where it counts
Directus and Chatwoot are self-hosted OSS with no per-seat CMS or helpdesk markup. We invest in hosting, not shelfware licenses.
Every package builds and deploys through automated pipelines for consistent releases without manual SSH deploys.
Platform documentation at blueprints.soultales.app: static, fast, and cheap to host at any traffic level.
Security, privacy & GDPR
SoulTales is built for European travelers and Irish partners. Data boundaries, email region, and billing compliance are first-class decisions, not afterthoughts.
Separate identities
Travelers (Better Auth + Turso) and partners (Clerk) never share a login system. A breach or misconfiguration in one surface does not expose the other.
EU-aligned email
Magic links and transactional mail send through Mailgun's EU infrastructure, reducing cross-border data transfer for authentication flows.
PCI scope reduction
Stripe Checkout and webhooks handle all payment data. Our Workers never store card numbers, shrinking compliance scope dramatically.
Privacy by architecture
- Analytics proxy: PostHog runs through our own domain so we control what leaves the browser.
- Secrets isolation: credentials live in Cloudflare, Fly, and GitHub secret stores, never in the repository.
- Service isolation: CMS, portal, public site, and helpdesk each have dedicated databases and deploy targets.
- Data ownership: Self-hosted Directus and Chatwoot mean content and support history stay under our control.
Full technical inventory
For the complete per-package service list (including embeds and CI), see Services & vendors. For architecture diagrams and data flow, see Architecture.