Dumpsters2U

Built for a single operator running a real dumpster rental business

Dumpsters2U is a production dumpster rental company operating in Upstate South Carolina. Before this system, the business ran on manual processes — phone orders, spreadsheet tracking, and disconnected payment collection.

The system we built handles the complete operational lifecycle: online booking, fleet assignment, delivery and pickup scheduling, payment processing, invoicing, and financial reporting — in one production-deployed system used in daily operations.

Tech stack: React 18 (frontend), Supabase (PostgreSQL + Edge Functions), Stripe (4 payment flows), Resend (transactional email).

• ▸Complete order lifecycle management from booking to pickup completion
• ▸Real-time fleet tracking with auto-assignment on booking
• ▸4 Stripe payment flows with HMAC-signed links
• ▸Automated invoice generation with PDF and email delivery
• ▸5-layer security architecture

Command Center

"No one knows what's happening without making phone calls."

A single view of the entire operation. Late drops, late pickups, new orders, scheduled deliveries, inventory availability — all surfaced before the first phone call of the day.

• ▸Tracks: Late drops, late pickups, new orders, scheduled deliveries, inventory availability
• ▸Replaces: Morning check-in calls, whiteboard status boards, reactive coordination
• ▸Enables: Proactive operations — problems visible before they become customer complaints

Pipeline Control

"Orders tracked via text message. No audit trail. Things fall through cracks."

145 orders across 7 status states. Every order tracked from booking to billing. No order falls through the cracks.

• ▸Tracks: Status, dumpster size, drop date, pickup date, total, payment status, lifecycle state
• ▸Replaces: Text-message coordination, paper manifests, spreadsheet tracking
• ▸Enables: Complete operational pipeline — from booking to billing, auditable at every step

Relationship Intelligence

"Every inbound call answered with zero context. No customer history. No repeat visibility."

50 customers. Lifetime value visible at a glance. Repeat behavior tracked. Inbound calls answered with context.

• ▸Tracks: Contact info, order count, last active date, status, repeat behavior
• ▸Replaces: Manual contact lists, memory-based customer recall
• ▸Enables: Lifetime value visibility, repeat targeting, context-aware customer service

Route & Cost Awareness

"Mileage guessed. Delivery costs never modeled. No location history."

69 service locations. Round-trip mileage tracked. Delivery cost modeling enabled.

• ▸Tracks: Address, round-trip miles, associated customer, location usage history
• ▸Replaces: Manual mileage estimates, verbal address communication
• ▸Enables: Route optimization, delivery cost modeling, geographic intelligence

Real-Time Asset Control

"'I think we have one free.' No one actually knows where the dumpsters are."

25 dumpsters. Each one has a status: available, assigned, repair, retired. No more guessing.

• ▸Tracks: Unique ID, size, status, current location, pricing mapping
• ▸Replaces: Verbal check-ins, whiteboard asset grids, memory-based availability
• ▸Enables: Real-time asset visibility, accurate availability, maintenance tracking

Structured Revenue Architecture

"Extra-day rates calculated in someone's head. Tax rates inconsistent. Retroactive surprises."

Versioned pricing snapshots. Grace days, extra-day rates, tax rates — all configurable. Existing orders retain the pricing they were booked under. No retroactive surprises.

• ▸Tracks: 5-day and 10-day windows, grace days, extra day rate, tax rate, version history
• ▸Replaces: Manual pricing math, gut-feel rate changes, retroactive billing chaos
• ▸Enables: Consistent pricing, safe rate updates, automatic extra-day calculation

4 Stripe payment flows with duplicate detection and webhook idempotency

The payment architecture handles 4 distinct payment scenarios: initial order payment, rental extensions, additional fees (damage, overweight), and dumpster swaps. Each flow uses Stripe Checkout with HMAC-signed payment links that expire and can't be reused.

Duplicate payment detection uses a webhook_events table to track processed event IDs — if Stripe delivers the same webhook twice (which happens in production), the second delivery is detected and returned early without processing. Auto-refund logic handles edge cases where a payment is captured despite a prior cancellation.

Complimentary order support allows full order processing with zero payment collected — for internal orders, comps, or warranty replacements — without triggering payment flows.

• ▸HMAC-signed payment links with configurable expiration
• ▸Webhook idempotency via webhook_events deduplication table
• ▸Duplicate payment detection with automatic refund
• ▸4 separate Checkout flows: orders, extensions, fees, swaps
• ▸Pay Now vs. Pay Upon Delivery selection at booking
• ▸Complimentary order bypass for zero-revenue orders

Owner-Ready Analytics

"Revenue unknown until accounting runs numbers. Tax collected? Anyone's guess."

Total revenue. Last 30 days. Tax collected. Average order value. Revenue over time, by size, by window, by period. One year of operational data. CFO-ready without a CFO.

• ▸Tracks: Revenue, tax, AOV, utilization, extra-day charges, 1yr simulation data
• ▸Replaces: Manual spreadsheet revenue tracking, quarterly accounting surprises
• ▸Enables: Owner-level financial visibility, pricing decision support, growth tracking

Automated invoice generation, PDF creation, and email delivery

Invoices are generated automatically on payment confirmation — no manual step required. The generate-invoice edge function creates an invoice record with a line-item breakdown, links it to the order and payment, and queues a PDF generation job.

PDF generation uses a separate edge function (generate-invoice-pdf) that renders an HTML invoice template and converts it to PDF. The resulting file is stored in Supabase Storage and linked to the invoice record.

Invoice delivery uses a token-based public access system: a unique, time-limited token grants access to a public invoice URL without requiring the customer to have an account. Invoices can be voided and reissued. Operators can resend invoice emails from the admin dashboard.

• ▸Auto-generation on payment confirmation
• ▸PDF generation via dedicated edge function
• ▸Token-based public invoice access (no login required)
• ▸Supabase Storage for PDF hosting
• ▸Void and reissue capability
• ▸Admin resend from dashboard

Operational Accountability

"Late events disappear when order status changes. No historical record. No accountability."

Historical record of every late pickup and late drop-off. Actual vs. estimated dates. Preserved independently of order status. Operational accountability that survives status changes.

• ▸Tracks: Late pickups, late drop-offs, days late, actual vs. estimated, timestamps
• ▸Replaces: Verbal complaint logs, lost paper records, disputed delivery claims
• ▸Enables: Dispute resolution, team accountability, operational performance tracking

Structured Intake

"Orders taken over phone, pricing calculated manually, no confirmation of availability."

Customer selection, location, size, source, payment, scheduling, internal notes — all in one flow. Live pricing preview updates in real time. No dumpster assigned until payment confirmed.

• ▸Tracks: Customer, location, size, source, payment status, schedule, internal notes
• ▸Replaces: Phone order sheets, manual pricing lookups, paper booking forms
• ▸Enables: Structured intake, live pricing preview, payment-gated assignment

Event-driven notifications using an outbox pattern

All email notifications use a notification_outbox table as an intermediary — events are written to the outbox first, then a queue-notification edge function processes them and calls send-order-notification to deliver via Resend.

The outbox pattern decouples notification delivery from the triggering event: if an email delivery fails, the outbox record can be retried without reprocessing the original event. Each notification type has a defined template and recipient set.

Notification events: order received (customer confirmation), order scheduled (with delivery window), payment confirmation (with invoice link), invoice delivery (with PDF attachment link), pickup reminder, and internal operator alerts for exceptions.

• ▸notification_outbox table as delivery buffer
• ▸queue-notification → send-order-notification chain
• ▸Resend for transactional email delivery
• ▸Retry-safe architecture
• ▸Customer: order confirmation, scheduling, payment, invoice
• ▸Operator: exception alerts and daily digest

45+ tables, triggers, and functions in a fully normalized PostgreSQL schema

The database is built on Supabase (PostgreSQL) with 45+ tables covering every entity in the dumpster rental operation: orders, customers, service locations, inventory, pricing, payments, invoices, notifications, compliance events, and analytics aggregates.

Row Level Security (RLS) policies enforce access control at the database layer — admin users can read all rows, anonymous users can only access public-facing functions, and no client-side query can bypass RLS even if the JWT is compromised.

Auto-generated IDs use a format that encodes entity type and attributes (e.g., D2U_14YD_001 for a 14-yard dumpster). Database triggers handle side effects: update_customer_last_seen updates the customer record on every order, increment_customer_orders increments the lifetime order count. The calculate_order_pricing function computes pricing deterministically from inputs and stores a snapshot at order creation.

• ▸45+ tables with full relational integrity
• ▸Row Level Security on all tables
• ▸Auto-generated size-aware IDs (D2U_14YD_01)
• ▸Triggers: update_customer_last_seen, increment_customer_orders
• ▸Functions: calculate_order_pricing, auto_assign_dumpster
• ▸Pricing snapshots stored at order creation (no price drift)

25+ Supabase Edge Functions with structured logging and internal auth

All business logic runs in Supabase Edge Functions — Deno-based serverless functions deployed alongside the database. This keeps business logic close to the data, eliminates cold start latency variance, and simplifies the deployment model.

Every edge function emits structured logs with a consistent format: timestamp, function name, event type, and sanitized payload. PII (names, phone numbers, email addresses) is redacted from logs at the source before emission.

CORS enforcement uses an allowlist — only the production domain and localhost are permitted. Internal function-to-function calls use a shared internal auth token rather than user JWTs. Rate limiting is applied at the edge before any function logic executes.

• ▸25+ edge functions covering all business operations
• ▸Structured logging with PII redaction
• ▸CORS allowlist enforcement
• ▸Internal function auth separate from user session tokens
• ▸Rate limiting at edge layer
• ▸Function-to-function calls for composite operations

5-layer security architecture with no single point of failure

Security is layered: no single control handles all threats, and each layer covers the gaps of the layer above it.

Layer 1 — Row Level Security: PostgreSQL RLS policies enforce access control at the database row level. Even with a compromised JWT, RLS prevents unauthorized data access. Layer 2 — JWT Session Authentication: Supabase Auth manages session tokens with configurable expiration. Admin routes require a valid session JWT. Layer 3 — HMAC-Signed Payment URLs: Payment links are signed with a secret key. Unsigned or expired links are rejected before reaching Stripe. Layer 4 — CORS Allowlist: Only the production domain and development environment can call edge functions. Layer 5 — Internal Function Authentication: Function-to-function calls use a separate internal auth token that cannot be obtained by end users.

• ▸Layer 1: PostgreSQL Row Level Security on all tables
• ▸Layer 2: Supabase Auth JWT session management
• ▸Layer 3: HMAC-signed payment URLs with expiration
• ▸Layer 4: CORS allowlist (production + localhost only)
• ▸Layer 5: Internal function auth token for service calls

Business Intelligence Layer

"The owner doesn't know if the business is healthy until accounting runs the numbers — weeks later."

A single Health Score computed from fleet utilization, on-time rate, revenue momentum, and fulfillment rate. Six intelligence sections covering revenue, orders, fleet, customers, and compliance. The number the owner checks in 2 seconds before anything else.

• ▸Tracks: Health Score (0–100), revenue trend, pipeline funnel, fleet utilization %, customer repeat rate, compliance rate
• ▸Replaces: Weekly accounting calls, manual KPI spreadsheets, end-of-quarter revenue surprises
• ▸Enables: Owner-level situational awareness — every operational signal visible at a glance, before the first call of the day