Product architecture

How LeadRescue works under the hood

A plug-and-play multi-tenant platform that captures a test drive in 10 seconds and orchestrates a 14-day, multi-channel follow-up — with an opt-out kill-switch baked in.

End-to-end data flow

Step 1

Capture

Salesperson logs drive + license photo on mobile.

Step 2

Persist

Tenant-isolated record stored with GDPR controls.

Step 3

Schedule

Rules engine schedules Day 2 / 7 / 14 jobs.

Step 4

Deliver

SMS & WhatsApp via Sinch/Twilio gateway.

Step 5

Measure

KPIs, leaderboards, ROI surfaced to managers.

Multi-tenant model

Dealership tenant

Each location is fully isolated. Staff only see leads tagged with their dealership_id.

Row-level guards

Every query is scoped by tenant + role. Admins span tenants; managers see one.

Per-tenant config

Cadence, ROI margins, branding, and Stripe plan are owned by the tenant.

14-day rules engine

on lead.created
  if not consent.given          → reject (validation_error)
  else
    send  message[day=0]        via WhatsApp(template: terms_link)
    queue job(t+2d, follow_up_1)
    queue job(t+7d, follow_up_2)
    queue job(t+14d, follow_up_3)

on customer.reply OR optout.clicked
  cancel jobs(lead_id)          # CRITICAL stop
  notify  salesperson(lead_id)
  status  lead → replied|opted_out

on job.run(day=N)
  if lead.status in {replied, opted_out, converted, closed} → skip
  else send message[day=N], render(template, vars)

Idempotent jobs

Each scheduled send checks lead status before firing — no double-messages.

Hard stop trigger

Inbound webhook + opt-out link both cancel queued jobs atomically.

Template engine

Variables {name}, {car}, {salesperson} interpolated per send; multi-language ready.

System diagram

  ┌──────────────┐   HTTPS    ┌──────────────────┐
  │  Mobile Web  │ ─────────▶ │  LeadRescue API  │
  │  (sales)     │            │  (multi-tenant)  │
  └──────────────┘            └────────┬─────────┘
                                       │
       ┌────────────────────────┬──────┼──────┬─────────────────────┐
       ▼                        ▼      ▼      ▼                     ▼
 ┌───────────┐          ┌────────────┐ ┌────────────┐        ┌──────────────┐
 │ Postgres  │          │ Rules Engine│ │ Object Store│        │ Stripe Billing│
 │ (tenants) │          │ (scheduler) │ │ (licenses)  │        │ (subscriptions│
 └───────────┘          └─────┬───────┘ └─────────────┘        └──────────────┘
                              │
                       ┌──────┴──────┐
                       ▼             ▼
                 ┌──────────┐   ┌──────────┐
                 │  Sinch   │   │  Twilio  │
                 │ WhatsApp │   │   SMS    │
                 └────┬─────┘   └────┬─────┘
                      └──────┬───────┘
                             ▼
                       customer device

Compliance & guarantees

GDPR by design

Licenses encrypted (AES-256) at rest, auto-purged 30 days after sequence end.

Audit log

Every send, reply, opt-out, and status change is appended to an immutable log.

EU residency

Primary data lives in eu-north-1; failover in eu-west-3.

Role-based access

Salesperson · Manager · Admin scopes enforced server-side, not in the UI.

Live activity (illustrative)

11:11 — Customer reply received for Erik's lead (Mercedes E-Class)

11:09 — Day-2 follow-up sent to Anna Karlsson (BMW X5)

10:58 — New test drive logged by Sofia (Volvo XC60)

10:42 — Opt-out clicked — sequence stopped for Lars Olsson