Secure Bookkeeper Document Portal

Build me a complete, production-ready secure document-request portal for independent bookkeepers and small accounting practices. It must be polished, fully working, and — most importantly — secure and correctly multi-tenant, because it stores other people's financial records. When you finish, make sure the linter and production build pass, and give me a short summary of the architecture, the security model, and how to run it.

Pick a product name and a one-line tagline (for example, a name that evokes a fast, organized month-end close).

WHAT IT IS
A secure workspace where the bookkeeper signs up and owns an account. They create reusable request "packets" (checklists of files and questions), send each client a secure link, and track on a dashboard exactly what is still missing. Their clients use the secure link to upload the requested documents and answer short questions without creating an account. Main use case: recurring monthly close collection, plus onboarding and year-end.

SCOPE — and what to deliberately NOT build (keep it low-maintenance)
Build: bookkeeper signup and login, client management, request packets, reusable checklist templates, secure client upload links, private file uploads, a dashboard of missing/overdue/received items, a one-click reminder composer (copy-to-clipboard plus a mailto link), an audit trail, settings, the legal pages below, realistic demo data, and production-grade security, validation, and error handling. Include a polished marketing and pricing section, but do not build payment collection.
Do NOT build: accounting-software integrations, OCR or receipt scanning, e-signatures, SMS, in-app chat, scheduled email jobs, or any public file storage. Leaving these out keeps the app secure and nearly maintenance-free.

TECH
Next.js (App Router) with TypeScript, Tailwind CSS, an accessible component set, and Zod validation. Use Supabase for the database, authentication, and PRIVATE file storage. Do all sensitive reads and writes on the server (server actions or route handlers), never trusting the browser. Deliver clean migration SQL, the security policies, a setup README, and an example environment file with placeholders only.

SECURITY — the most important requirement
Per-user isolation: every table that holds a bookkeeper's data has an owner column tied to the signed-in user, row-level security turned on, and a policy that only lets a user read or change their own rows. Never rely on filtering in the browser. One bookkeeper's clients, files, and records must be unreachable by any other user through any page, request, or file URL. Include a documented test proving a second account reads zero of the first account's data.
Client upload links (clients have no account): generate a long random token, store only a hashed version of it, never store or log the raw token, and never put guessable IDs in the public URL. A link gives access to exactly one request packet and nothing else. Let the bookkeeper regenerate a link, and support optional expiration. The public page must not read the database directly from the browser — a server handler validates the token and returns only that packet's data; uploads are saved only under that bookkeeper and client.
Files: one PRIVATE storage area, never public, with paths scoped to each owner. Limit file size, allow only safe document types (PDF, images, common office and spreadsheet formats) and reject anything executable. Show and download files only through short-lived signed links issued after confirming the requester is allowed to see them. Never log file contents or signed links.
General: validate every form on the server, escape anything users type before displaying it, serve over HTTPS, and collect only the data the app needs.

LEGAL AND DATA RESPONSIBILITY — build these, do not skip
Because this holds clients' financial records, ship it with clear disclosures and real data controls. Write the legal copy in plain language as a starting point, and add a note that it should be reviewed by an attorney before real client data is collected.
1. A Privacy Policy explaining that the bookkeeper is responsible for their clients' information, the app securely stores and manages it on their behalf, what is collected, that files are private and encrypted in transit and at rest, how long data is kept, and how it is deleted.
2. A Terms of Use page covering acceptable use, the bookkeeper's responsibility for the data they collect, and an as-is / limitation-of-liability stance appropriate to a tool handling sensitive records.
3. A clear notice on the client upload page (before uploading): who is requesting the documents, why, that files are stored securely and shared only with that bookkeeper, and a short confirmation that the uploader is authorized to share them. No dark patterns.
4. Real data controls: the bookkeeper can delete any file, request, or client (which also removes the stored files, not just the database rows); a "delete my account and all data" option that purges everything they own; and a retention setting to auto-remove completed requests after a chosen number of days. Make deletion real, not cosmetic.
5. Data minimization: do not ask for Social Security numbers or full government IDs as built-in checklist items; default templates should request documents (bank statements, receipts, prior returns), not raw identifiers.

DATA MODEL
Model these, each owned by and isolated to one bookkeeper: a profile (name, firm name, retention settings); clients (business name, contact details, status, notes); request templates and their items (reusable checklists); requests (the packet sent to a client, with title, period, due date, status, and the hashed link token); request items (each file or question, with status); files (linked to a request and item, with the storage path and metadata); reminders; and an audit log of who did what and when.

FEATURES
A dashboard showing open, overdue, and awaiting-review items across all clients with quick actions. Client management with each client's history. A request builder (from a template or from scratch) that generates and copies the secure link, shows per-item status, and lets the bookkeeper accept or reject received items with a note, plus a per-request audit timeline. Reusable templates with sensible defaults (Monthly close, New-client onboarding, Year-end). A clean, friendly, mobile-first client upload page showing the firm name, the requested items, the legal notice, and a drag-and-drop uploader that enforces the file rules. A one-click reminder composer that produces ready-to-send text and a mailto link. A settings page with profile, retention, and the account-deletion flow. A polished marketing and pricing section that tells the security and trust story, with no payment collection.

VISUAL IDENTITY
Trustworthy, calm, and professional — it must look secure and established, because users are handing it other people's financial records. A confident, restrained palette, excellent typography with aligned numbers, generous whitespace, clear status pills, subtle motion, and a distinctive logo. Not a generic admin template.

QUALITY BAR
Seed a realistic demo workspace (a firm, a handful of clients, the default templates, and several requests across statuses) so the value is obvious on first load. Handle every state: loading, empty, error, success, validation, and the upload page's valid / expired / invalid-link states. Make it accessible and responsive. No placeholder text, no unfinished screens, no console errors, and the security model implemented exactly as described.

Build the complete app now — security and data isolation first.