Ctrl : Shift
Multi-tenant workforce management SaaS for multi-location businesses.
The Problem
Multi-location businesses like restaurant chains manage employee schedules in spreadsheets, track hours manually, and have no real-time visibility into who's clocked in across locations. Payroll is error-prone and compliance is a guessing game.
How It Works
Ctrl:Shift is a monolithic Node.js/Express backend serving both a React 19 web app and a React Native iOS app. The backend uses MongoDB with 28 Mongoose models, all enforcing multi-tenant isolation via organizationId on every document.
The real-time shift calendar uses Socket.IO with dedicated namespaces for calendar collaboration and general notifications. Multiple managers can edit the same calendar simultaneously — the system handles conflict resolution, optimistic UI updates, and undo/redo history per session.
Deployment runs on a self-hosted Hetzner VPS with Docker containers, Nginx reverse proxy, and a blue-green deployment pipeline via GitHub Actions for zero-downtime releases.
Key Challenges
Real-time calendar collaboration — multiple managers editing simultaneously
Built Socket.IO session management with optimistic UI, server-side validation, conflict detection, and per-client undo/redo history. Failed operations broadcast reverts to all connected clients.
Multi-tenant data isolation across 28 models
Every data-bearing model includes organizationId. Middleware validates req.user.organizationId against the resource on every request. Repository pattern ensures consistent data access.
Timezone-aware scheduling across locations
All times stored in UTC. Auto-detect location timezone via geo-tz library. Convert to/from local time at API boundaries with dedicated conversion functions.
GDPR compliance (Art. 20, 33, 5)
Immutable audit logs with TTL auto-deletion, automated breach detection via hourly scheduled job, portable JSON data export endpoint, and consent tracking at registration.