Data Flow at a Glance

When a user points the browser to https://app.ouva.co, the request is terminated on Netlify’s global CDN over TLS 1.2 or higher before the HTML for the single-page application is returned. The React code then boots in the client, and the user signs in with Supabase-guided password-less magic-link flow; a short-lived Java Web Token comes back and is cached in memory so the SPA can make authenticated calls.

With authentication complete, the application fetches the AI model binaries from Google servers, which are stored on Netlify and delivered over the same encrypted channel. Those binaries are cached by the browser, after which all video processing happens entirely in RAM on the local device. The AI model converts each video frame into high-level gesture events that the UI consumes immediately. When a gesture has back-end relevance, the SPA issues a signed POST to Supabase, and row-level security ensures the write lands only in the user’s tenant.

In deployments where Ouva supports local kiosk hardware, a small background agent collects machine-health metrics and occasional redacted screenshots that contain no personal data. Those artifacts are buffered on disk and forwarded over HTTPS to Grafana Cloud for centralized observability.

Finally, application updates are delivered through Netlify’s immutable build pipeline. A successful build automatically invalidates the CDN cache, and each kiosk either refreshes the session immediately or picks up the new assets during its nightly reboot, guaranteeing that every device runs the latest vetted code.