A client engagement infrastructure that enforces data isolation, AI governance, and contact segmentation through architecture alone.

Three failure modes without the right infrastructure. Client data accessible across engagements when access controls depend on a person configuring permissions correctly. An AI assistant answering beyond its documented scope when boundaries are set by instruction rather than architecture. Contacts arriving in the wrong segment when tagging depends on a manual step that can be missed. Each is a governance failure. Each is prevented by the technical decision, not by procedure.

Client portal: React application deployed via Cloudflare Pages with a CI/CD pipeline. Supabase PostgreSQL database with 7 tables covering clients, engagement documentation sections, governance documents, monthly briefings, leadership questions, document archive, and team capability modules. Southern Sky AI configured Row Level Security on all 7 tables. Each client's data is isolated at database level, enforced by the database itself.

AI assistant powered by the Claude API via a Supabase Edge Function. Streaming responses with 1 to 2 second latency. On each query, the assistant fetches data from all 7 tables in parallel and answers only from documented client engagement data. Web access deliberately disabled. The scope of what the assistant answers from is a governance decision made at build, not a setting anyone can adjust later.

CRM: two countries, two audience regions. Segmentation applied at form level across four website integrations. Every contact automatically tagged to the correct segment at signup, no manual step. Newsletter delivered to two segmented lists with time-zone-optimised sends matched to each region. Supabase webhook integration: when a client submits a question through the portal, the CRM receives an internal notification automatically.

Three systems, connected. Client data isolated at database level. AI assistant answers within documented engagement scope. Every contact correctly segmented at signup. Portal and CRM integrated via webhook, with no manual step between client action and internal response.

A parallel demo environment using fictional client data provides a permanent proposal tool: a prospective client can see exactly what their portal would contain before committing.

The governance architecture here is the recommendation, not a policy document describing what people should do, but structures that enforce the right outcome regardless of who is using them. Client data is isolated because the database enforces it. The AI assistant stays within its documented scope because it was built that way. The right contact arrives in the right segment because the system places them there. None of it depends on procedure. All of it depends on architecture. That is the standard Southern Sky AI builds to, and the standard it recommends.