Architecture Overview
Gestallt uses SvelteKit 5 on the frontend, Firebase for authentication and data, and Cloudflare Workers at the edge. The stack is designed for low-latency access with privacy-first access control.
Stack overview
| Layer | Tech | Purpose |
|---|---|---|
| Frontend | SvelteKit 5 + Svelte 5 | Fast UI, modern DX |
| UI | Bits UI + shadcn-svelte | Consistent components |
| Styling | Tailwind CSS 4 | Reusable design tokens |
| Data | Firebase Firestore | Team-based records |
| Auth | Firebase Auth | Secure sign-in |
| Functions | Cloud Functions | Server-side logic |
| Edge | Cloudflare Workers | Fast global delivery |
Architecture principles
Team data isolation
Firestore security rules enforce strict boundaries between teams so members only see data from teams they belong to.
Role-based permissions
Admins manage membership. Members contribute entries. Permissions are applied at read/write boundaries.
Privacy-first handling
- No PHI in URLs
- Authenticated sessions protect sensitive data
- Team boundaries reduce accidental exposure
Honest compliance posture
Gestallt uses HIPAA-compatible infrastructure and communicates limitations clearly. We avoid overpromising compliance and focus on concrete controls.
Why this stack
- SvelteKit 5 delivers fast, accessible UI for parents and clinicians.
- Firebase provides secure identity, real-time data, and scalable rules-based access.
- Cloudflare Workers keep performance strong for distributed teams.