PivotalPoint.io

What We've Built

We design and ship reference platforms—ranging from multi-tenant SaaS scaffolds to encrypted billing systems and in-product guidance tooling—that founders can trust when they need to move fast without breaking everything.

How These Platforms Help Clients

  • Battle-tested patterns for multi-tenant architectures, RBAC, and compliance across Firebase, Cloud Run, and Terraform-managed GCP.
  • Operational maturity baked in: CI/CD, automated bootstrap scripts, observability, and admin tooling ship with every engagement.
  • Specialized domains (healthcare billing, onboarding guides) layered on top of the same hardened core so we can deliver faster without sacrificing quality.
SaaS Scaffold · Next.js + Express + Terraform

Loma — Production-Ready Foundation

Loma is our base platform for shipping multi-tenant SaaS. It includes a Next.js (App Router) frontend, Node/Express API, Firestore with tenant-aware security rules, Firebase Auth with custom claims, and Terraform-managed infrastructure spanning dual dev/prod environments.

  • One-command bootstrap script provisions GCP projects, Firebase apps, GitHub environments, and seeds superadmin access.
  • Full RBAC with owner/admin/member/viewer roles plus a hardened superadmin console.
  • Automated CI/CD via GitHub Actions (tests, security scans, deployments) with 300+ API tests covering routes, middleware, and services.
  • Optional edge hardening (Cloud Armor, HTTPS load balancer) and theming for tenant-specific UI.
Multi-tenant CI/CD Terraform + GCP
Healthcare Billing · Encryption by Design

Pomo — Practitioner Revenue OS

Pomo extends Loma for EU/Swiss independent psychiatrists and therapists who need privacy-first session tracking, billing, and reporting. Every patient record is encrypted with Cloud KMS (AES-GCM) and stored under CMEK-protected Firestore/GCS resources.

  • Patient, session, rate plan, rollup, and export models optimized for monthly salary/invoice workflows.
  • Strict role separation: admins manage tenants, finance teams finalize rollups, practitioners see only their own data.
  • Automated monthly rollups feed PDF/CSV/Excel exports backed by Google Cloud Storage and tracked via audit logs.
  • GDPR/FADP-compliant architecture with auditability and zero tolerance for PHI leaking into LLM-powered tooling.
GDPR / FADP Cloud KMS Financial Ops
Visit pomo.solutions
Product Tours · Chrome Recorder + 10 KB SDK

Stepsy — In-App Guide Platform

Stepsy (stepsy.cc) lets SaaS teams record a guide in their browser and ship it straight into their product. A Chrome recorder captures flows, a 10 KB CDN-delivered SDK plays them back, and an API Gateway fronts the multi-tenant backend.

  • Recorder + player loop: capture steps once, replay contextually with guardrails so users see “what to click next.”
  • Google Cloud API Gateway with signed requests, rate limiting, and observability piped into centralized logging.
  • SDK CDN with environment-aware bundles and runtime configuration for app IDs, public keys, and analytics destinations.
  • Guide analytics streamed to Mixpanel/PostHog plus in-app admin to activate/deactivate guides without redeployments.
Chrome Extension API Gateway CDN SDK
Visit stepsy.cc

Need This Level of Execution?

We use these platforms as launchpads for new AI and SaaS engagements. If you need to ship something similarly complex — fast — let’s talk.

Start a Project