Work in Progress

    We are currently crafting this experience. Something amazing is being built behind the scenes.

    Return Home
    Architecture

    Design decisions

    How we build Obfona — and why. Every architectural choice is deliberate, privacy-motivated, and explained without marketing fluff.

    Main Frontend

    React + Next.js + TypeScript

    The public-facing website and marketing pages are built with React and Next.js, powered by Bun for lightning-fast compilation and static generation.

    Why we chose this

    We chose Next.js for its robust routing, server-side capabilities, and advanced optimization. Bun replaced standard Node/npm for dramatically faster installs and testing. TypeScript enforces type safety across a growing codebase.

    Framework:Next.js 15
    Build Tool:Next.js Compiler
    Styling:Tailwind CSS
    Animation:Framer Motion
    Dashboard Frontend

    Same Stack, Separate Route

    The user dashboard shares the same React + Next.js foundation but is treated as a separate deployment target. This allows independent rollouts without affecting the marketing site.

    Why we chose this

    Decoupling the app from the marketing site reduces blast radius during updates. A logged-in user should never see a broken hero section while checking their inbox.

    State:Zustand
    Data Fetching:React Query
    Routing:Next.js Routing
    Auth:Supabase Auth
    Backend

    Supabase + Edge Functions

    Our backend is built on Supabase for database and auth, with Edge Functions for business logic that requires server-side execution. Row-level security enforces data isolation at the database layer.

    Why we chose this

    Supabase gives us PostgreSQL with built-in auth, RLS, and realtime subscriptions. Edge Functions handle API proxying and keep secrets off the client. We avoid running servers we don't need to.

    Database:PostgreSQL (Supabase)
    Auth:Supabase Auth
    Functions:Deno Edge Functions
    Security:RLS Policies
    Infrastructure

    Privacy-First Hosting

    We deliberately chose hosting providers and regions that minimize data jurisdiction risk. No US-based infrastructure for user data. All traffic is TLS 1.3 encrypted.

    Why we chose this

    Jurisdiction matters. We wanted full control over where user data physically lives. Self-hosted mail servers give us end-to-end control — no third-party can access your emails in transit.

    Region:EU-based only
    Encryption:TLS 1.3
    Mail Server:Self-hosted
    CDN:Zero-log edge

    Core engineering principles

    Security over convenience

    When we face a trade-off between making something slightly easier and keeping it more secure, we choose security. Always.

    Performance is a feature

    Slow software is bad UX. We optimize for perceived performance: skeleton loaders, optimistic updates, and edge-cached assets.

    Minimal dependencies

    Every npm package is a potential attack surface. We audit dependencies regularly and favor native APIs over bloated libraries.

    Offline-first thinking

    Email is critical infrastructure. We design for degraded connectivity — local-first where possible, graceful fallbacks everywhere.