The Challenge
A professional football organisation doesn't look like a typical SaaS customer. Meetings happen across coaches, medical staff, management, agents and players. Information is sensitive — contracts, medical notes, NDAs, travel plans — and who is allowed to see what is genuinely load-bearing, not a nice-to-have. At the same time, the organisation didn't want to run eight different tools to manage scheduling, meetings, internal comms, newsletters and compliance paperwork.
The brief was to replace that patchwork with a single platform — one that respected the organisation's access model, reduced the hours lost to manual note-taking and document chasing, and still felt lightweight enough that non-technical staff would actually use it.
What We Built
A full internal platform for the club. The surface area covers nine role-aware dashboards:
- A dual-view calendar (month and week) with permission-scoped event types — meetings, matches, travel — where each role sees only what they're entitled to manage
- AI-powered meeting intelligence — Zoom meetings are created from the platform, recordings are transcribed, and an OpenAI layer extracts a structured summary plus explicit action items tied to the right people
- An internal news feed with rich media (up to five images per post), reactions and pinning — the lightweight team-communication channel that replaces a fragmented group chat
- A newsletter system with a TipTap rich-text editor, scheduling, and per-recipient delivery tracking via Resend
- A digital NDA workflow — PDF generation, in-browser signing, and a verifiable audit record of who signed what and when
- User administration — temporary-password provisioning, role assignment, and a clean onboarding flow for new staff and players
How We Built It
Three decisions shaped this project:
Roles enforced at the database. Three tiers — Admin, Manager, Staff — are enforced via Postgres row-level-security policies on 28+ tables. The app layer can't leak data the database won't serve. This is the only access model that stands up in a context where the cost of a leaked medical note or contract is real.
AI lives in the meeting pipeline, not the UI. Meeting transcripts are generated server-side, summaries and action items are extracted by an OpenAI call that runs once per meeting (not on every view), and the result is stored structured. The UI just reads. That keeps the cost envelope predictable and the user experience fast.
Boring stack, thoughtful composition. Next.js 16 app router, Supabase for auth and Postgres, Zustand for client state, react-hook-form with Zod for validation, TipTap for rich text, pdf-lib for NDA generation. Nothing exotic — the interesting work is in how the pieces fit, and in the RLS model that binds them together.
The Outcome
The organisation now runs calendar, meetings, internal news, newsletters and compliance paperwork from one platform instead of five. Meeting admin — the part nobody wants to do — is largely automated: the note-taker role is no longer a person, and action items land in the right place without a human transcribing them.
On the technical side, the codebase is structured so that new roles, new dashboards and new event types are additive. The RLS model is the contract: as long as the database policies are correct, the app is safe.
Why It Matters
It's easy to build software for sports that looks the part but breaks on the access-control question. Professional football in particular has hard, real-world requirements around who sees what — between the first team and the academy, between medical and management, between staff and agents. Getting that wrong is how organisations end up back on spreadsheets.
This platform doesn't get it wrong. That's the thing worth showing.