Architecture Overview
Cub Klub follows the Septimius ecosystem convention for all platform services. This page describes the planned architecture and key technical decisions.
Stack
| Layer | Technology | Notes |
|---|---|---|
| Frontend | Next.js 14 (App Router) | TypeScript, server and client components |
| Backend | FastAPI (Python) | Async endpoints, structured logging |
| Database | Supabase (PostgreSQL) | eu-west-1, RLS on every table |
| Auth | Supabase Auth | Family account model with parent and child profiles |
| Storage | Supabase Storage | Media uploads with signed URLs |
| AI | KORA (via Assembler) | Child-appropriate content recommendations |
Design System
Cub Klub extends the shared @septimius-technology-group/tokens package with its
own palette. The brand colours are yellow #ffcd00 (sunshine, warmth), purple
#662483 (imagination, creativity), and teal #01707d (trust, safety). All
components inherit the base token set and override colour variables for the
Cub Klub theme.
Domains
| Domain | Purpose |
|---|---|
| cubklub.com | Primary platform — activities, tracking, community |
| cubklubtv.com | Video content and educational resources |
Safety and Compliance
Child data is classified as Confidential (Tier 3) under the Kennis OS data classification model. All tables containing child information require strict row-level security policies.
Compliance requirements:
- GDPR — lawful basis for processing, right to erasure, data minimisation
- COPPA — verifiable parental consent, limited data collection for children
- Age-gating — parental controls on all child-facing features
Auth Model
Supabase Auth provides the identity layer. A single family account holds one or more parent profiles and one or more child profiles. Parents manage consent, privacy settings, and content restrictions for their children. Child profiles have reduced permissions and cannot access administrative features.