Kehitys · whitelabel event platformDemo deploy · instance #1: Publicis Sweden 100 years
Mock data · on62 screens linked

A guided tour of every screen
we've built so far.

Each section below opens with what the role is and why it exists, then walks through the screens in the order a real user would meet them. Click any tile. Every link works.

Before you start

What you're looking at.

Kehitys is a whitelabel platform for invitation-based events: RSVPs, signed-token invitations, ticket entitlements, door scanning, post-event recaps. Every event runs as its own tenant on its own subdomain with its own brand.

The first real instance is Publicis Sweden's 100-year anniversary celebration. The screens on this demo are themed for that event so the visual language stays concrete, but the underlying system is generic. Any future client gets the same shells skinned to their brand.

Everything you'll click is mock data. The names are made up, no real emails are sent, RSVP forms don't actually submit, and the scanner stations won't consume real tickets. The visual flow, copy, layout, and navigation are exactly what the production system will look like. only the backend is short-circuited so the demo deploy is safe to share.

Contents

Six sections.

§ 01

How the invitation reaches a guest.

Guest experience · part 1

§ 02

Living with the invitation.

Guest experience · part 2

§ 03

The event manager's workbench.

Behind the scenes · tenant admin

§ 04

The agency portal.

Behind the scenes · agency

§ 05

The platform operator.

Behind the scenes · platform

§ 06

Public surfaces and design references.

Reference

01Guest experience · part 1

How the invitation reaches a guest.

Every guest journey starts in their inbox. A single-use signed token in the email URL lets them land on the brand without a password, decide if they're coming, and book what they need. This first arc covers the moment a save-the-date hits the mailbox through to the RSVP confirmation.

The happy path

Click forward through the six steps a real guest will follow. The link in step 1 is the same redirect a clicked email would trigger.

Step 01/demo/email/std

The save-the-date email

What lands in the mailbox. Plain HTML, no tracking pixels, one CTA.

Step 02G3/i/demo-invite-anders-XK9P3M

Token landing

The CTA in the email points here. We verify the token, single-use-consume it, then redirect.

Redirect: you will land on step 3
Step 03G6/save-the-date

Save the date

Editorial hero. The guest's name, the date, two next actions.

Step 04G8/rsvp

RSVP: step 1

Yes / Decline / Decide later. No registration required.

Step 05G9/rsvp/details

RSVP: step 2

Allergies, accessibility needs, plus-one. Only shown if the answer is yes.

Step 06G10/rsvp/confirmed?status=accepted

RSVP confirmed

Receipt with the calendar add, cancel link, and what to expect next.

What if the link breaks?

Email forwarding, expired tokens, and second devices all land on clear recovery surfaces.

G2/lost-link

Lost link recovery

Enter the email address; we reissue and revoke the previous token in one transaction.

G4/i/invalid?reason=invalid

Invalid / expired / used

Three copy variants depending on why the token didn't resolve.

Try ?reason=used or ?reason=expired
02Guest experience · part 2

Living with the invitation.

After RSVP the guest has a small home inside the platform: a personal invitation page, a notifications inbox, the things they own (modules, upgrades), and the controls the law requires us to give them.

Personal surface

Sparse by design. The platform never pretends to be a social network.

G11/me

Your invitation page

Identity surface. Plus-one status, table number once assigned, day-of pass when it unlocks.

G34/notifications

Notifications inbox

Chronological feed, category-tagged, deep-linked from emails.

/me/tokens

Your tokens & access

Every entitlement scanned today, with timestamps and station names.

/pass

Day-of pass

Apple/Google Wallet-style page that doubles as the door QR.

/evening

Evening flow

What's happening right now, where the guest should be, what they still own.

/account

Account

Email, language, name. The minimum legitimately needed to invite again.

Owned things

VIP upgrades and secret unlocks. A single token-grant flow that mints modules and reveals hidden sections on /me.

G33/upgrade/demo-upgrade-vip-V1P77K

VIP upgrade landing

Token grants a bundle of modules: lounge access, drink tokens, backstage. Idempotent on second click.

/preferences/demo-invite-anders-XK9P3M

Email preferences

Unsubscribe + category-level opt-outs. Token-gated, no login.

After the event + compliance

The screens GDPR requires us to expose to every data subject, plus the wrap-up surfaces that close out the event arc.

/gallery

Gallery & recap

Post-event memory page. Photos, programme summary, thank-you note.

/privacy

Privacy policy

What we collect, who we share with, how long we keep it. Per tenant, with subprocessor list.

/accessibility

Accessibility statement

WCAG 2.2 AA conformance, known issues, contact for accessibility requests.

/me/delete-my-data

Delete my data

Self-service GDPR Article 17 erasure. Triggers a Temporal workflow with operator review.

03Behind the scenes · tenant admin

The event manager's workbench.

Each event has its own admin shell. Publicis is the first, and every future tenant gets the same set on their own subdomain. The admin owns guests, programme, tickets, communications, and the door. This section walks through every workbench an event manager touches.

Day-to-day operations

T6

/admin

Admin dashboard

KPI strip, DPA/DPIA banner, recent activity. The first screen after login.

T19

/admin/guests

Guest list

Faceted filters, bulk actions, segment-defined sends. URL-persisted state.

/admin/program

Programme

Sessions, time blocks, capacity, hosts. Drives the registration UI on the guest side.

T51

/admin/entitlements

Entitlements workbench

One destination for ticket types, module library, and secret upgrade QRs.

Communications

/admin/email

Email centre

Templates, send history, delivery analytics. Bounces and complaints feed back here.

/admin/notifications

In-app notifications

Compose and schedule the messages that land in /notifications on the guest side.

Door, bar, and stations

Physical-world surfaces. The scanner stations themselves run on token-authenticated URLs; the admin pages here configure them.

/admin/checkin

Door operations

Live arrivals board, scanner launcher, paper fallback, API/webhook hooks.

/admin/bar

Bar / consumption module

Settings, menu, bulk adjustments, wallet ledger, end-of-event reporting.

/admin/stations

Scanner stations

Provision and revoke door / bar / wardrobe / upgrade stations.

Governance

/admin/audit

Audit log

Every meaningful state change with actor, IP, request ID. Tenant-scoped.

/admin/settings

Tenant settings

Brand tokens, sender identity, default reply-to, locale defaults.

Authentication

Magic-link primary, TOTP 2FA mandatory for tenant staff. Click any of these to see the surfaces, even though they're normally only reached via the auth flow itself.

/admin/login

Admin sign-in

Email → magic link. No passwords by design.

Auth surface

/admin/magic/demo-magic-token

Magic-link landing

Where the magic link arrives. Single-use, 15-minute TTL.

Auth surface

/admin/forgot

Forgot / can't sign in

Fallback when the magic link doesn't arrive.

Auth surface

/admin/2fa

2FA challenge

TOTP code prompt during sign-in.

Auth surface

/admin/setup-2fa

Set up 2FA

Enrolment with QR code and recovery codes.

Auth surface

04Behind the scenes · agency

The agency portal.

Kehitys-the-company is an agency in the platform's terms. An agency owns multiple tenants. Publicis 100 is the first, and the same shell scales to every future client. This section is how an agency manages its book of business.

The agency workbench

/agency

Agency dashboard

Aggregate view across every tenant the agency manages.

/agency/tenants

Tenants

List of every event-instance the agency operates.

/agency/tenants/11111111-1111-1111-1111-111111111111

Tenant detail

Drill-down for a single tenant. Branding, contract, health, recent activity.

/agency/tenants/new

Create new tenant

Standing up a fresh event-instance. Subdomain claim, brand tokens, owner invite.

/agency/users

Agency users

Staff accounts, role assignments, audit trail.

/agency/audit

Audit log

Cross-tenant action history scoped to the agency.

Authentication

/agency/login

Agency sign-in

Same magic-link + TOTP pattern as tenant admin.

Auth surface

/agency/2fa

2FA challenge

TOTP code prompt during sign-in.

Auth surface

05Behind the scenes · platform

The platform operator.

Kehitys itself runs the multi-tenant platform across every agency, every tenant, and every event. The super-admin shell is what platform engineering and platform compliance use to keep the lights on, meet legal obligations, and respond when something breaks.

Day-to-day platform operations

/super-admin

Super-admin dashboard

Top-level health, recent incidents, audit hotspots.

/super-admin/agencies

Agencies

Every agency on the platform, their contracts and contacts.

/super-admin/tenants

Tenants

Every tenant across every agency. Search, drill-down, force-status.

/super-admin/operations

Operations

Background workflows, Temporal runs, queue health.

/super-admin/delivery

Delivery observability

Email + notification pipeline health across the platform.

/super-admin/audit

Audit log

Platform-wide action history. No tenant scoping.

Governance and compliance

Regulator-facing surfaces. These exist because the platform processes personal data across multiple data controllers and has to evidence its posture continuously.

/super-admin/governance

Governance

Active DPAs, expiring agreements, sub-processor reviews on the calendar.

/super-admin/incidents

Incidents

Open incidents and their breach-notification timers (72-hour clock).

/super-admin/platform-dpia

Platform DPIA

The living risk assessment for the platform itself. Versioned.

/super-admin/subprocessors

Sub-processors

Every third party we route data through. Public-disclosure source of truth.

Authentication

/super-admin/login

Platform sign-in

Magic-link + TOTP, same pattern.

Auth surface

/super-admin/2fa

2FA challenge

TOTP prompt during sign-in.

Auth surface

/super-admin/step-up

Step-up challenge

Extra confirmation required before destructive cross-tenant actions.

Auth surface

06Reference

Public surfaces and design references.

A few screens don't belong to a specific role. The status page is public. The scanner stations run on operator devices but live on the same codebase. The design references show how the brand system composes.

/status

Public status page

What the world sees when the platform has an open incident. Anonymous-accessible.

/scan/wardrobe/demo

Scanner: wardrobe station

Generalised scanner. Tap-claim with a 60-second undo. Same pattern as door / bar / upgrade.

/demo/email/std

Email preview: STD

How the save-the-date renders in a guest mailbox.

/demo/theme

Theme reference

Token sheet for the editorial near-black + Publicis gold brand.

/docs/flowchart-dark-tier-b.html

Dark flowchart

Animated left-to-right map of the guest RSVP spine, admin operations, entitlements, and decision branches.

Colophon

Built on Next.js 16, Mantine v8, Postgres with row-level security, Temporal for durable workflows, and Specific.dev for the runtime. No icon libraries, no Tailwind. Typography and colour do the work.

This demo runs against mock fixtures. The same screens connect to the real database the moment the mock-mode flag flips off, tenant-by-tenant, as backend lands.