WebRRHHpro
Multi-tenant HR SaaS with AI-powered OCR document classification, digital signatures and real-time collaboration.
Problem
HR teams managed employee documents, signatures and expiration tracking through paper workflows, email threads and local storage. This created compliance gaps, duplicated manual work and made it impossible to audit document lifecycles across departments or prove chain of custody for signed documents.
Role
Tech Lead & Full-stack .NET Developer — architecture, backend, deployment and production operations.
B2B SaaS platform for companies to manage HR documents, digital signatures and employee self-service without local infrastructure. Covers the full document lifecycle from AI-driven classification to automated expiration alerts.
Solution
Built a cloud-hosted multi-tenant SaaS platform from scratch. Each tenant gets a dedicated subdomain with isolated database access via EF Core global query filters, custom branding, and independent notification channels (SMTP + WhatsApp). The platform automates the HR document lifecycle — AI-powered OCR classification (PdfPig), multi-mode digital signatures (OTP, simple, certificate-based), worker self-service portal without accounts, real-time notifications via SignalR, and RBAC across 6 roles.
Technical Decisions
Clean Architecture on .NET 10 with C# 14 — separates domain, application, infrastructure and presentation layers. Chosen to enforce boundaries early and make tenant isolation, testing and future extraction of modules straightforward.
Blazor Web App (SSR + InteractiveServer) — unified .NET stack for backend and UI. SSR handles public pages and worker portal; InteractiveServer powers admin dashboards with real-time updates. Keeps the entire codebase in C#.
PostgreSQL with EF Core global query filters — every query is automatically scoped to the current tenant. No application-level .Where(t => t.TenantId == ...) scattered across the codebase. Combined with RBAC, this prevents data leaks at the ORM level.
Subdomain-based tenant resolution — tenant.platform.com resolves to an isolated database and brand configuration. Enables clean TLS termination per tenant through Caddy without application-level routing complexity.
PdfPig for OCR document classification — lightweight, pure .NET library with no native dependencies. Sufficient accuracy for structured HR documents (contracts, payslips, certificates) without the overhead of Tesseract-based alternatives.
Docker + Caddy on GCP with GitHub Actions CI/CD — single-container deployment per environment with automatic HTTPS, health checks and zero-downtime rolling updates. Infrastructure complexity stays low while supporting multi-tenant growth.
3-mode digital signature architecture — OTP via email (low friction for workers), simple click-to-sign (medium trust for internal docs), certificate-based with QuestPDF visual positioning (high trust for external docs). PKI integration with EJBCA/SignServer researched for enterprise-grade certificate signatures.
Trade-off — Blazor InteractiveServer holds a persistent SignalR connection per user. Acceptable for B2B SaaS with dozens-to-hundreds of concurrent users per tenant. Beyond ~500 concurrent users per node, would require Redis backplane or Azure SignalR for horizontal scaling.
Technical Challenges
Designed tenant isolation across three layers — subdomain routing, EF Core global query filters, and RBAC role checks — ensuring no cross-tenant data exposure even through direct database inspection.
Built a document lifecycle state machine (Draft → Review → Validated → Expired) with automatic transitions triggered by signature completion events and expiration date thresholds.
Developed OCR classification pipeline that extracts key fields (employee name, document type, dates) from uploaded PDFs and auto-classifies them into HR categories — handles varied document layouts from different providers and languages.
Architected three independent signature workflows sharing a common audit trail schema — each mode validates differently (OTP expiry, click consent, certificate chain) but produces the same tamper-evident output.
Integrated SignalR real-time notifications with tenant-aware connection groups and structured JSON payloads — notifications are scoped to authorized users within their tenant context, not broadcast globally.
Set up CI/CD with Docker multi-stage builds, GitHub Actions, and Caddy reverse proxy on GCP — including health check endpoints, deployment verification and structured logging across all services.
Implemented Serilog structured logging with TenantId and CorrelationId enrichment — every log entry is traceable to a specific tenant and request, critical for debugging multi-tenant issues in production.
Tech stack
backend
data
ui
infrastructure
ai / ocr
realtime
security
Impact
95% paper elimination in HR document workflows
80% time reduction in signature workflows vs. manual processes
100% document traceability with full audit trail per signature event