Web Apps & Dashboards · Dhaka

Web App & Dashboard Development in Dhaka

ঢাকায় ওয়েব অ্যাপ ও ড্যাশবোর্ড ডেভেলপমেন্ট

Web App & Dashboard Development in Dhaka — Digital Marketing Dhaka caricature illustration
Prod-ready
স্কেলযোগ্য

Full-stack React apps with Supabase / Postgres, real auth, roles and audit logs — shipped in 2-week sprints so your team sees working software every Friday.

Supabase/Postgres, auth, রোলস ও অডিট লগ সহ ফুল-স্ট্যাক React অ্যাপ — ২-সপ্তাহের স্প্রিন্টে, প্রতি শুক্রবার working demo।

Quick answer

Web apps & dashboards — in one paragraph

Web app development in Dhaka means production-grade React + Supabase / Postgres apps with proper authentication, role-based access, audit logs and RLS. Digital Marketing Dhaka ships web apps and internal dashboards in 2-week sprints — for SaaS founders, fintech teams and logistics operators who need software they can actually own and scale.

ঢাকায় ওয়েব অ্যাপ ডেভেলপমেন্ট মানে React + Supabase/Postgres, real authentication, role-based access, audit log ও RLS সহ production-grade অ্যাপ। Digital Marketing Dhaka ২-সপ্তাহের স্প্রিন্টে SaaS, fintech ও logistics টিমের জন্য ownable, scalable অ্যাপ ship করে।

Why Dhaka

Why this matters for Bangladeshi businesses

Dhaka is drowning in half-finished web apps — a freelancer built a beautiful frontend, disappeared, and left the founder with no docs, no auth, no backups. Or an offshore shop shipped a PHP monolith no one wants to touch. A proper web app for a Dhaka SaaS or internal ops team needs real infrastructure: RLS, migrations, CI/CD, monitoring, and a team that will still be here in 12 months when v2 ships.

ঢাকা অসম্পূর্ণ ওয়েব অ্যাপে ভরা — ফ্রিল্যান্সার সুন্দর frontend বানিয়ে হাওয়া, না doc, না auth, না backup। বা offshore shop এমন PHP monolith দিয়ে গেছে যা কেউ ছুঁতে চায় না। ঢাকার SaaS বা internal ops অ্যাপের জন্য দরকার real infrastructure — RLS, migrations, CI/CD, monitoring — এবং এমন টিম যারা ১২ মাস পরেও v2 ship করবে।

What's included

Every piece we ship in this engagement

01

React + TypeScript strict frontend

React 19, TypeScript strict mode, TanStack Router/Query, Tailwind + shadcn/ui design system. Type-safe end-to-end from DB → API → UI.

02

Supabase / Postgres backend

Postgres schema with migrations checked into git, Row-Level Security policies, GRANTs, and typed Supabase client. No custom ORM lock-in.

03

Real authentication

Email + password, magic link, Google OAuth, or Supabase Auth JWT. Password reset, email verification, session refresh — all the boring stuff done right.

04

Roles + permissions in a separate table

user_roles table with security-definer has_role() function. No storing roles on the profile row — that's a privilege escalation vulnerability we refuse to ship.

05

Audit log + soft-delete

Every mutation logged (who, what, when, before/after). Soft-deletes so 'oops the accountant deleted a client' is one SQL query away, not a backup restore.

06

Admin dashboard + user impersonation

Internal admin view to inspect any user's data, impersonate for support, run maintenance queries — behind a scoped admin role, of course.

07

Server functions + edge routes

createServerFn for internal RPC, /api routes for webhooks and public APIs. Never a client-side call with a service-role key.

08

Test coverage on critical paths

Vitest + Playwright covering auth, payments, and any mutation that touches money. CI blocks merge on failing tests.

Our process

How we deliver it in Dhaka

01

Discovery + tech spec (Week 1)

User flows, ERD, permission matrix, API contract, tech spec doc signed off by you before Sprint 1.

02

Sprint 0 — foundation

Repo, CI/CD, staging env, auth, roles, base UI shell shipped in one week. Everything after builds on this.

03

Feature sprints (2 weeks each)

Weekly demo every Friday. Staging is always shippable. You approve → we promote to production.

04

Launch + retainer

Production cutover, monitoring dashboards, on-call runbook, and monthly retainer for iteration + support.

Deep dive

The details that decide the outcome

Why Supabase + Postgres beats a custom Node backend for 90% of Dhaka SaaS

Custom Node/Express backends look flexible but cost months of undifferentiated work: auth, permissions, migrations, realtime, storage, edge functions. Supabase gives you all of that on managed Postgres with RLS as your auth layer. You keep raw SQL and full data ownership (it's just Postgres — port anywhere in 20 minutes). We reach for a custom Node stack only when Supabase genuinely can't do the job (heavy background workers, custom binary protocols). That's rare.

Row-Level Security is your auth, not a nice-to-have

The single most common Dhaka web-app breach we audit is: no RLS + a service-role key exposed on the client to 'make things work'. Every user can read every other user's data. We enforce RLS from day one — every table has policies, every policy is tested, and the client never ships with a service-role key. Server functions use requireSupabaseAuth so the DB sees the calling user's JWT and enforces access per row.

Roles belong in a separate table — always

Storing role on the profile row (profiles.is_admin = true) is a privilege escalation attack waiting to happen: a user updates their own profile row and grants themselves admin. We ship a dedicated user_roles table with a security-definer has_role(user, role) function, and every policy calls has_role instead of trusting a client-editable column. This is not overengineering — it's the difference between a shippable app and a data breach.

Owning your data means owning your migrations

Handoffs go wrong when the DB schema lives only in the head of the dev who left. Every schema change we ship is a checked-in Supabase migration file with GRANTs and RLS policies in the same file. Anyone with the repo can recreate the exact production schema on a fresh Postgres in one command. That's what 'ownership' actually means.

Dhaka proof

What it looks like on the ground

A Dhanmondi-based logistics startup asked us to rescue a stalled Node/Mongo web app — 8 months in, no auth, no roles, cracked SSL. We rebuilt on TanStack Start + Supabase in 6 weeks: 12 routes, RLS on all 18 tables, role-based dispatcher dashboard, driver mobile PWA, and Stripe + bKash payments. Shipped, monitored on Sentry, 99.94% uptime over 6 months. Founder now closes Series A investors with a live demo instead of a Figma deck.

ধানমন্ডির একটি logistics স্টার্টআপ — ৮ মাসের stalled Node/Mongo প্রোজেক্ট rescue করলাম। TanStack Start + Supabase-এ ৬ সপ্তাহে rebuild: ১২টি route, ১৮টি table-এ RLS, dispatcher dashboard, driver PWA, Stripe + bKash payment। Sentry-তে monitored, ৬ মাসে ৯৯.৯৪% uptime। ফাউন্ডার এখন Figma deck না, live demo দিয়ে Series A ক্লোজ করেন।

FAQ

Frequently asked questions

Supabase-এ locked-in হয়ে যাব?

না। Supabase = managed Postgres + open-source auth/storage/edge। যেকোনো দিন dump নিয়ে DigitalOcean বা AWS RDS Postgres-এ ২০ মিনিটে migrate করতে পারবেন। Custom ORM lock-in-এর চেয়ে অনেক নিরাপদ।

How do we handle 100k+ users?

Postgres scales fine to millions of users. For heavy read loads we add read replicas + Redis cache. For heavy writes we partition. We benchmark projected load in discovery, not after a fire.

Can we take the code in-house later?

Yes — everything is in your GitHub org from day one. We're contractors, not gatekeepers. Handover to an in-house team is a documented process, usually 2 weeks.

Do you do MVPs on tight budgets?

Yes. Lean MVP (auth + 3–4 core features + Stripe): BDT 3.2 lakh in 6 weeks. Enough to test the market without burning runway.

Vendor lock-in হবে?

না — Supabase = managed Postgres, dump নিয়ে যেকোনো দিন migrate করতে পারবেন।

Scale করবে?

Postgres millions user handle করে। Read replica + Redis cache যোগ করি প্রয়োজনে।

Code in-house নেওয়া যাবে?

হ্যাঁ, GitHub org প্রথম দিন থেকেই আপনার। ২ সপ্তাহে হ্যান্ডওভার।

MVP tight budget-এ?

৬ সপ্তাহে BDT ৩.২ লাখ থেকে lean MVP।

Free 30-min consult

Talk to a Dhaka specialist about web apps & dashboards

Share your number — a senior strategist will call you back within one business day with a short, honest audit and next steps.

No spamNo obligationReply in 24h
Service: Web apps & dashboards

No spam. Reply within 1 business day.

Ready to ship this in your next 30 days?

Book a free 30-min dev strategy call. We'll audit your current stack, site or app live and show you the biggest engineering + performance wins — no obligation.