SESHOS
...

Security & Legal Review

Data flow mapping, access controls, compliance, and infrastructure security

← Dashboard Roadmap

0/10

Items Complete

0/43

Sub-items Done

4

High Priority Open

0

Blocked

0%

Overall Progress

Filter:

Current Data Architecture

Data Sources

Shopify

live

API key in Vercel

Google Sheets

live

API key in Vercel

Cin7

mock

API not connected

Salesforce

planned

Needs Snowflake connector

MSI/Tableau

manual

Manual data entry

Processing

Next.js API Routes

/api/sheets, /api/shopify, /api/cin7

Server-side, no client exposure

Snowflake

Planned

Will house Salesforce sync

Data Modules

otif-data, mock-data, fetch-live-data

Server components, SSR

Display

Vercel (Production)

sesh-ops-app.vercel.app

Public URL — no auth currently

Users

Martha, Max, Michael, John, Collin, Rahul, Richard

No role-based access yet

Data Displayed

Revenue, inventory, costs, pipeline, customer names

Sensitivity: Medium-High

Sources → API Routes (server-side) → SSR Pages → Browser (no client-side API calls to external services)

Key Decisions Needed

Does the dashboard need authentication?

Currently public URL. Anyone with the link can see revenue, costs, and pipeline data.

Options: Vercel password protection (quick), NextAuth with Google SSO (proper), IP whitelist (network-level)

Role-based views or single shared view?

Max/Michael see everything. Should sales only see sales? Should finance metrics be restricted?

Options: Single view (simpler, current), role-based nav filtering, separate deployments per team

Snowflake: managed connector or custom?

Naimish is scoping. Fivetran/Airbyte are managed (faster, $$). Custom ETL is flexible but maintenance overhead.

Options: Fivetran ($), Airbyte (open-source), custom Python ETL, Salesforce native sync

← Back to RoadmapLast updated: Mar 17, 2026