IN-spect is a multi-tenant SaaS platform that orchestrates the full insurance inspection lifecycle — connecting policyholders, field technicians, and carrier networks through a single, secure, role-aware system.
Claim Status Lifecycle
6
User Roles
3
Notification Channels
RLS
Tenant Isolation
PWA
Offline Field Mode
End-to-End Workflow
Five clear stages — from public submission to carrier delivery — each handled by the right role with the right tools.
Claimant submits damage details and schedules an inspection via the public, CAPTCHA-protected intake portal.
The system dispatches an email, SMS, and in-app notification to the relevant manager or admin instantly.
Manager assigns the nearest available technician using Google Maps Distance Matrix routing. Tech receives a notification immediately.
Tech completes the inspection on a mobile PWA — capturing notes and geo-tagged photos offline. Data syncs automatically on reconnect.
Approved claims are pushed to the carrier via standardised webhooks with AI-tagged media and verified EXIF metadata.
Three Distinct Portals
Each user type accesses a purpose-built experience — no shared screens, no cluttered menus.
Route: /intake
A clean, no-login wizard for policyholders. In three steps, the claimant provides personal details, describes the damage, and selects a preferred inspection time slot. Cloudflare Turnstile CAPTCHA prevents spam.
Route: /claims · /admin/*
Full control over the claims queue. Managers review submissions, assign technicians, track status changes, and collaborate with colleagues via live-updating comment threads — no page refresh needed.
Route: /tech
A mobile-first Progressive Web App built to work without signal. Technicians see their assigned queue, capture notes and photos locally, and update inspection statuses — everything syncs automatically when connectivity returns.
Platform Capabilities
Enterprise-grade infrastructure decisions made from day one.
PostgreSQL Row Level Security enforces tenant boundaries at the database level. Even a compromised query cannot leak another tenant's data. Tenant context flows via Node.js AsyncLocalStorage — set once per request, enforced everywhere.
No tokens in localStorage. Sessions are cryptographically secure HTTP-only cookies with a separate CSRF double-submit token. SHA-256 hashes stored server-side — plaintext never touches the database. Sessions auto-refresh near expiry.
Workbox service worker caches the app shell, API responses (24 h), and uploaded images (30 d). An IndexedDB mutation outbox queues all writes. The Browser Background Sync API replays them in order the moment connectivity is restored.
Six notification events (claim submitted, status changed, technician assigned, etc.) dispatch via Email, SMS (Twilio), and In-App. Each user controls per-event channel preferences. BullMQ workers handle delivery asynchronously with automatic retries.
Photos upload directly to S3 via presigned PUT URLs — the server never relays binary data. A background worker then extracts EXIF GPS coordinates and timestamps, and runs AWS Rekognition to automatically tag damage types on every image.
Socket.io powers live comment threads on every claim. A PostgreSQL trigger on the comments table fires pg_notify, which the server relays as a Socket.io event to all users viewing the same claim — no polling, no refresh.
Approved claims are fanned out to external carrier systems via BullMQ-backed webhooks. Payloads are validated against OpenAPI 3.0 JSON schemas before delivery. Failed deliveries are retried automatically. Carrier managers get a read-only aggregated inbox via cross-tenant sharing agreements.
The dispatch service queries Google Maps Distance Matrix to calculate real travel times between available technicians and each new inspection address, enabling managers to assign the nearest available field agent with confidence.
Each agency gets its own subdomain (agency.in-spect.co.za) via wildcard DNS. The server resolves the tenant from the hostname on every request — no login-time tenant selection, no cross-contamination. Twilio and carrier credentials can be configured per tenant.
Technology
React 19
Frontend
TypeScript
Full stack
Express.js
Backend API
PostgreSQL
+ Row Level Security
BullMQ
Redis job queues
Socket.io
Real-time WS
Vite + PWA
Offline-first build
Material UI v9
Component library
AWS S3
Media storage
Rekognition
Image AI
Twilio
SMS delivery
Heroku
Cloud hosting
IN-spect is currently in active development. Reach out to discuss onboarding your agency or carrier network.