Web Development
Homesure Health Plan
A modern Filipino health insurance platform underwritten by Philcare Inc. The application handles the full member lifecycle — from plan comparison and application submission to automated invoicing, payment processing, and affiliate agent management.
Implementation
Built Across 4 Phases
- 1
Phase 1
Landing page with animations, plan comparison, FAQ, dental, agent recruitment, about, and contact. 12 pages with 4 validated forms and bilingual Filipino/English content.
- 2
Phase 2A
Full authentication system — Supabase Auth with HTTP-only cookies, role-based access control (admin, agent, member), and secure session management.
- 3
Phase 2B
Multi-step application form with 8 steps, auto-save, conditional rendering, file uploads to Supabase Storage, medical history collection, and 5 coverage types.
- 4
Phase 3
Enhanced member portal with dashboard, application tracking, document viewing, status timeline, notifications, in-app messaging, and resource downloads.
Technology
Tech Stack
Project Scale
- 87+
- Files created (Phase 3 alone)
- 1,260
- Customer records migrated
- 8
- Step application form
- 5
- Coverage types supported
- 12
- Pages delivered
- 7
- Notification types
Architecture
Key Systems
The platform comprises several interconnected systems, each handling a critical business domain. Click to expand details.
- DragonPay integration for Philippine-local payment methods (over-the-counter banking, e-wallets, GCash) with webhook-driven confirmation handling.
- Automated payment URL generation per invoice — each invoice links directly to DragonPay's payment portal for one-time and recurring payments.
- Automated monthly invoice generation via cron job — invoices are created and emailed before the 10th of each month.
- Payment status tracking with overdue detection and automated admin notifications.
- Commission calculation engine tied to successful payments — agents earn from referred customer premiums.
- Supabase Authentication with server-side session management using HTTP-only cookies and refresh token rotation.
- Three-role system: admin (full platform access), agent (referral management, client tracking), member (application viewing, document access).
- Row-Level Security (RLS) policies enforced on all 20+ database tables — zero data leaks between roles.
- Middleware-based route protection for authenticated and role-gated pages.
- Comprehensive pre-commit security audit covering credential exposure, RLS verification, and OWASP compliance.
- 8-step multi-page application form with auto-save, progress tracking, and conditional rendering based on coverage selection.
- 5 coverage types: Individual, Couple, Family, Kids (0-18), and Friend — each with its own data collection requirements.
- Step breakdown: Coverage & Referral, Principal Info, Spouse Info, Children/Friend Info, Medical History, Document Upload, Payor Info, Review & Submit.
- React Hook Form + Zod validation on every step with comprehensive error handling.
- Supabase Storage integration for document uploads (Valid ID, proof of income, medical records) with 5MB per-file limit.
- Referral system with URL cookie tracking — agents who refer applicants are automatically linked.
Security
Hardened by Design
Every endpoint is protected with Row-Level Security (RLS) policies on Supabase. Authentication uses HTTP-only cookies with refresh token rotation. A comprehensive security audit was performed before production deployment, identifying and remediating credential exposure risks.
Security Measures
- Row-Level Security on all 20+ database tables
- HTTP-only cookies with secure session management
- Role-based access control: admin, agent, member
- Comprehensive pre-commit security audit
- Admin notification system for critical events
Want to see how this was built, or need something similar for your business? Get in touch.