Context
The product team needed a dashboard that respected tenant isolation, exposed usage metrics finance could trust, and prepared for tiered packaging without a full rewrite.
Constraints
- Mixed Postgres and warehouse pipelines for reporting.
- Strict RBAC and audit expectations from enterprise buyers.
- Need for embeddable widgets in customer portals.
Approach
We normalised permission checks at the API boundary, introduced cached aggregates with clear invalidation rules, and shipped incremental exports so finance could reconcile without ad-hoc SQL.
Outcomes (pattern-level)
Reduced support tickets on “missing data”, clearer upgrade paths between plans, and onboarding materials CSMs could reuse across accounts.
Security review summaries and reference calls are available under NDA.