FlyerTalk Forums - View Single Post - I built my own Flying Blue analytics suite… UXP question for the experts
Thread: I built my own Flying Blue analytics suite… UXP question for the experts
View Single Post
Old Dec 18, 2025 | 10:10 am
  #32  
sehgalanuj
2M
60 Nights
50 Countries Visited
5 Years on Site
 
Join Date: Jan 2018
Location: BRE
Programs: Flying Blue Ultimate, LATAM Black, Accor/IHG Platinum, Marriott/Hilton Gold
Posts: 2,032
Originally Posted by VikingXNL
Database & Infrastructure
The project uses Supabase as its backend, which is built on PostgreSQL and hosted on AWS infrastructure. Supabase is SOC2 Type II compliant and used by thousands of production applications.
Supabase is pretty cool. We use in-house at my company too for some things. But, if you are self-hosting it or not paying for the $599/month team plan, it is not SOC2-II certified. Might be worth looking into an added encryption layer, since you can't quite audit what Supabase claims and does.

Originally Posted by VikingXNL
Encryption
- In transit: All data is encrypted via TLS/HTTPS
- At rest: Supabase encrypts all data at rest using AES-256 by default
- Authentication: uses secure JWT tokens with proper expiration
Very nice! :-) You are ahead of 95% of devs in my experience.

Originally Posted by VikingXNL
Row Level Security (RLS)
Yes! PostgreSQL Row Level Security is enabled on all tables. This means even if someone somehow got database access, they can only see their own data. Every query is automatically filtered by user_id. It's not just application-level security. It's enforced at the database level.
Does Supabase really have row-level encryption turned on by default in the back-end? I wasn't aware of this. I know I'm going way off topic, but could you send me a link to where this is documented? I'd love to read about it.

Originally Posted by VikingXNL
What data is stored?
Only what you enter: flights, miles transactions, and your qualification settings. I don't store Flying Blue credentials, credit card info, or anything beyond what's needed for the analytics. The PDF import extracts data client-side in your browser. The PDF itself is never uploaded to any server.
Yep! Got this.

Originally Posted by VikingXNL
On the PDF import issues:
You're absolutely right that the current PDF import has limitations. I'm actually in the process of completely rebuilding the PDF import system from scratch. The current implementation doesn't reliably detect qualification cycles and status transitions for all users, which leads to the XP/UXP calculation issues you're experiencing.
I actually started taking a crack at it too. Of course, I only have my own PDF to work with, but so far, this part seems to work for me. If it stabilizes well, I will be happy to share it with you.

Originally Posted by VikingXNL
On PFL (Platinum For Life) tracking:
Good suggestion. This would require tracking consecutive years at Platinum level. Once the qualification cycle detection is solid, this becomes feasible to implement.
You could just make it a question in the settings for now too, i.e. when did you acquire your current status. Since the statement goes back only so far as 3 years, this could help down the road.

I'll continue playing with it and see what else I find.
sehgalanuj is offline  
Reply