WinGuardian.net
Back to Proof
Case Study

Building a Full-Stack Wellness Commerce Platform from the Ground Up

A holistic wellness brand needed more than a Shopify template — they needed a platform built around their values. WinGuardian architected a decoupled, compliance-ready commerce system on Next.js 15 that scales with the business, not against it.

Impact

Order Statuses Handled10-State
Compliance FrameworksCCPA + Prop 65
Platform Versionv0.7.0
Next.js Frontend EngineeringDecoupled PHP/MySQL API ArchitectureStripe Payments IntegrationPWA & Web Push NotificationsCompliance Engineering

The Challenge

HWS Center came to WinGuardian with a clear identity and a blurry foundation. Their brand — centered on holistic health, natural ingredients, and community wellness — had outgrown off-the-shelf commerce solutions. Template platforms offered speed but no control. Custom builds from generalist agencies had produced two failed iterations that couldn't handle Stripe webhooks reliably, had no admin tooling worth using, and had accumulated compliance debt that made operating in California a legal liability.

The specific pain points were structural: product data lived inside the payment processor with no independent source of truth; order fulfillment tracking was manual and email-based; the customer account experience was effectively nonexistent. For a brand staking its reputation on trust and quality curation, the gap between their values and their digital infrastructure was doing real damage to conversion and retention.

They also operated in a regulated context. California's Proposition 65 requirements and CCPA obligations weren't optional concerns — they were live exposure. Any new platform had to handle geo-detection and consent mechanics correctly from day one, not bolted on later.

The WinGuardian Solution

WinGuardian made a foundational architectural decision early: the frontend and backend would be fully decoupled. The customer-facing application would be a Next.js 15 application with the App Router, deployed to Netlify for edge performance. All data persistence — products, users, carts, orders — would be owned by a PHP/MySQL API layer running independently at a stable internal endpoint. This separation meant the frontend could evolve at product speed while the data layer remained stable and auditable.

The commerce engine was built around Stripe as the payment processor, but critically, Stripe was not allowed to become the system of record. A webhook-driven order pipeline ensured that every Stripe event — payment success, dispute open, fraud review — translated into a named state in HWS Center's own order management system. Ten distinct order statuses gave the admin team granular visibility into fulfillment without depending on Stripe's dashboard for operational decisions. A Stripe product sync feature allowed catalog management to flow in the correct direction: from the admin panel outward, not from the processor inward.

The customer experience was engineered around trust signals and reduced friction. TanStack Query powered the product catalog with intelligent caching, infinite scroll pagination, and a debounced search layer — ensuring that browsing felt fast even on mobile connections. JWT-based authentication with cookie persistence and middleware-level route protection gave customers a secure account experience across cart, orders, and profile management without requiring a third-party identity service.

For marketing reach, WinGuardian implemented a full Web Push Notification system using the VAPID protocol — allowing the admin team to broadcast promotions or order updates directly to subscribed browsers, with automated pruning of expired subscriptions to keep the list clean. Google Analytics and Facebook Pixel were wired into the application for acquisition tracking, with UTM parameter capture for campaign attribution.

Compliance was treated as architecture, not afterthought. California geo-detection runs at the middleware layer using Netlify's geo headers, setting a 90-day cookie that triggers a Proposition 65 disclosure banner for CA-based visitors. CCPA, cookie policy, accessibility statement, and health disclaimer pages were built as first-class routes, not footer links to external PDFs. The platform was designed to pass a compliance audit, not just acknowledge one was coming.

The Results

HWS Center launched on the new platform with a complete operational stack their team could actually use. Key outcomes from the build:

  • Zero fulfillment ambiguity: the 10-state order status model gave the admin team a real-time view of every order's position in the fulfillment pipeline, replacing the prior email-chain-based process entirely.
  • Compliance exposure eliminated: Prop 65 and CCPA mechanics are automated and geo-targeted, removing the manual burden of California compliance from the operations team.
  • Customer retention surface built: Web Push subscriptions, order history, and account dashboards gave the brand direct channels to returning customers for the first time.
  • Admin independence: Product creation, Stripe catalog sync, order status updates, and push notification broadcasting are all self-service — no developer involvement required for day-to-day operations.
  • Platform velocity sustained: The decoupled architecture has supported seven minor version iterations (reaching v0.7.0) without requiring backend changes, validating the separation-of-concerns decision made at the outset.

The Strategic Difference

The most consequential decision WinGuardian made on this engagement wasn't technical — it was refusing to let the payment processor become the database. That single architectural stance protected HWS Center from a category of vendor lock-in that has crippled comparable wellness brands when Stripe's pricing, policies, or API surface changes.

WinGuardian also structured the admin tooling around the actual team using it. The product management interface, order dashboard, and push notification broadcaster were designed for a small, non-technical operations team — not for the developers who built them. That distinction matters at 6am when an order needs a status update and the engineer isn't online.

Finally, WinGuardian treated compliance as a living part of the system architecture. California's regulatory environment for wellness and supplement brands is not static, and the geo-detection and disclosure infrastructure was built to be extended — not rewritten — as requirements evolve.

HWS Center now operates a platform that reflects what their brand actually is: thoughtful, trustworthy, and built to last. That alignment between values and infrastructure is the WinGuardian standard.

Ready to achieve similar results?

Start Scoping Your Solution