INDTIX Architecture & Technical Specification

Executive Vision

Product Vision

INDTIX is India's next-generation, AI-assisted, multi-sided live event commerce platform — combining the discovery depth of District/Zomato with the transactional strength of BookMyShow, rebuilt for the mobile-first, API-first, edge-computing era.

Mission

Democratise access to live culture — make it trivially easy for any organiser to sell tickets, any venue to manage capacity, and any fan to discover, book, and attend events across India.

Vision (3 Years)

India's #1 end-to-end live event platform: 1M+ events listed, 50M+ registered fans, 10,000+ active organisers, 2,000+ verified venues, ₹500 Cr+ GMV/year.

Platform Sides

Fans — discover & book. Organisers — create & sell. Venues — list & manage. Business Accounts — bulk purchase. INDTIX ERP — platform control.

Business Model

Platform fee: ₹20/ticket (fan-side)
Commission: 3–8% of GMV (organiser-side)
Venue SaaS: ₹5,000–₹50,000/month
Premium analytics: ₹10,000+/month
Sponsored listings & ads
White-label licensing

Information Architecture

Six portals, one shared domain, clear separation of concerns. All portals share the same auth service and data layer.

DOMAIN: INDTIX.COM

Fan Portal/fan

Organiser/organiser

Venue/venue

Event Mgr/event-manager

Super Admin/admin

Ops / POS/ops

↓ Shared

Hono WorkerCloudflare Workers Edge

Auth ServiceOTP + Social + JWT

Notification HubWhatsApp + Email + Push

↓ Persistence

D1 (SQLite)Relational data

KV StoreSessions, cache

R2 StorageMedia, tickets, docs

VectorizeAI embeddings

RBAC

Roles & Permissions Matrix

9-tier role-based access control. Every action is gated by role + ownership + event context.

Role	Portal Access	Create Events	View Revenue	Approve KYC	Issue Refunds	Scan QR	Access ERP
Super Admin	All	✅	Platform-wide	✅	✅	✅	Full
Compliance Manager	Admin ERP	❌	Read-only	✅ KYC only	Read-only	❌	Compliance tabs
Finance Manager	Admin ERP	❌	Full platform	❌	✅	❌	Finance tabs
Organiser Owner	Organiser	✅ Own events	Own events	❌	Own events	❌	❌
Organiser Staff	Organiser (limited)	Draft only	❌	❌	❌	❌	❌
Venue Manager	Venue Portal	❌	Venue revenue	❌	❌	❌	❌
Event Manager	Event Manager	❌	Event P&L	❌	❌	✅	❌
Ground Staff	Ops/POS	❌	❌	❌	❌	✅	❌
Fan	Fan Portal	❌	Own bookings	❌	Own bookings	❌	❌

Tech Stack

Full Technology Stack

Production-grade, edge-first, minimal-dependency stack chosen for global performance, developer ergonomics, and cost efficiency.

Frontend

Vanilla JS + TypeScript — no framework weight
Tailwind CSS (CDN) — utility-first styling
Font Awesome 6 — icon system
Chart.js — analytics charts
Google Fonts — Inter + Space Grotesk
Progressive enhancement, no build step for HTML portals

Backend / Edge

Cloudflare Workers — edge runtime (175 PoPs)
Hono v4 — lightweight typed web framework
TypeScript 5 — type-safe API layer
Vite 6 — build toolchain
Wrangler 4 — deployment CLI
JWT-based stateless auth with KV refresh tokens

Data Layer

Cloudflare D1 — SQLite globally distributed (primary)
Cloudflare KV — sessions, feature flags, rate limits
Cloudflare R2 — ticket PDFs, KYC docs, media
Cloudflare Vectorize — AI embeddings for INDY chatbot
Cloudflare Queues — async job processing

Communications

WhatsApp Business API — transactional messaging
Resend / Postmark — email (transactional)
Mailchimp — marketing email campaigns
Firebase Cloud Messaging — push notifications (PWA)
Twilio SMS — OTP, fallback alerts

AI / ML

Cloudflare Workers AI — INDY chatbot (LLaMA 3)
OpenAI GPT-4o — advanced recommendations
Cloudflare Vectorize — semantic search
Custom rule engine — fraud detection
Prophet / LSTM — demand forecasting (offline)

Security

Cloudflare WAF — DDoS, bot mitigation
Rate limiting — KV-backed per-IP, per-user
JWT + Refresh tokens — auth flow
AES-256 — PII encryption at rest
Audit logs — immutable event log in D1
PCI DSS via Razorpay/Cashfree proxy

Analytics & BI

Cloudflare Analytics Engine — edge-native metrics
Plausible / PostHog — product analytics
Mixpanel — funnel & retention analysis
Metabase — internal BI dashboards
BigQuery — data warehouse (Phase 2)
Looker Studio — executive reporting

Payments

Razorpay — UPI, cards, netbanking, EMI
Cashfree — payouts (T+7 settlements)
UPI Deep Links — direct UPI intent
BNPL — LazyPay, ZestMoney integration
PCI DSS compliance via payment gateway proxy
GST engine: 18% IGST/CGST+SGST auto-split

Search & Discovery

Cloudflare Vectorize — semantic event search
Full-text search via D1 FTS5
Typesense — instant faceted search (Phase 2)
Algolia — enterprise search (Phase 3)
Geo-based event discovery via lat/lng bounding box

CMS

Cloudflare KV — dynamic content (banners, FAQs)
Custom Admin CMS — built into /admin portal
R2 — media asset storage
Contentful — headless CMS (Phase 2 blog)
Webhook-based cache invalidation

Observability

Cloudflare Logpush — structured log export
Sentry — error tracking, source maps
Uptime Robot / Better Uptime — SLA monitoring
PagerDuty — on-call alerting
Grafana Cloud — metrics dashboards (Phase 2)

DevOps / CI-CD

GitHub Actions — CI/CD pipeline
Wrangler deploy — Cloudflare Pages/Workers
Branch previews — per-PR preview URLs
Semantic versioning — git tags + changelog
Playwright — E2E test suite

Architecture

System Architecture

Monorepo with edge-native deployment. No traditional server. Hono worker handles all routing; static HTML portals are served by Cloudflare Pages CDN.

CLIENT LAYER

Fan Browserfan.html SPA

Organiserorganiser.html

Mobile AppReact Native (Phase 2)

Ops Deviceops.html PWA

HTTPS / Cloudflare CDN (175 PoPs)

EDGE LAYER

Cloudflare WAFDDoS, Bot, Rate Limit

Hono Worker_worker.js 25.56 KB

Pages CDNStatic HTML / JS / CSS

DATA LAYER

D1 SQLiteRelational (primary)

KV StoreCache / Sessions

R2 BucketFiles / Media

VectorizeAI Embeddings

QueuesAsync Jobs

EXTERNAL SERVICES

RazorpayPayments

WhatsApp APINotifications

ResendEmail

Workers AIINDY Chatbot

CashfreePayouts

Architecture Decision: Monolith vs Microservices

RECOMMENDATION: Modular Monolith → Microservices migration path

Phase 1 (MVP–Scale 1): Single Hono worker handles all API routes. Shared D1 database. Fast to build, cheap to run, easy to debug. Sufficient for 0→₹10 Cr GMV.
Phase 2 (Scale 1→2): Split into 3 workers: core API, payment processor, notification dispatcher. Still on Cloudflare Workers. Target: ₹10–100 Cr GMV.
Phase 3 (Enterprise): Full microservices — event service, inventory service, payment service, notification service, analytics service. Introduce message queue (Cloudflare Queues / Kafka). Target: ₹100 Cr+ GMV.

API Design

API Design Specification

RESTful JSON API hosted on Cloudflare Workers. All endpoints require JWT auth except /api/public/*. Versioned via URL prefix.

Base URLHTTP

# Production
https://indtix.pages.dev/api/v1/

# Auth header (all protected routes)
Authorization: Bearer <JWT_TOKEN>
Content-Type: application/json
X-INDTIX-Version: 1.0

Core API Endpoints

Method	Path	Auth	Description	Key Params
GET	/api/health	None	Platform health check	—
GET	/api/events	None	List events with filters	city, category, date, q, page, limit
GET	/api/events/:id	None	Event detail + seat availability	—
GET	/api/cities	None	Available cities list	—
GET	/api/categories	None	Event categories with counts	—
POST	/api/auth/otp/send	None	Send OTP to phone	phone, country_code
POST	/api/auth/otp/verify	None	Verify OTP, return JWT	phone, otp
POST	/api/auth/social	None	Google/Facebook OAuth	provider, id_token
POST	/api/bookings	Fan JWT	Create booking + initiate payment	event_id, tickets[], addons[]
GET	/api/bookings/:id	Fan JWT	Booking detail + QR code	—
POST	/api/bookings/:id/cancel	Fan JWT	Cancel booking + trigger refund	reason
GET	/api/users/me	JWT	Current user profile	—
POST	/api/events/create	Organiser	Create new event	Full event object
PUT	/api/events/:id	Organiser	Update event details	Partial event object
POST	/api/events/:id/publish	Organiser	Submit event for approval	—
POST	/api/scan/verify	Staff JWT	Validate QR code for entry	qr_code, event_id, gate_id
GET	/api/admin/platform/stats	Admin	Platform GMV, DAU, tickets	period
POST	/api/admin/events/:id/approve	Admin	Approve/reject event listing	action, reason
POST	/api/payments/webhook	HMAC Sig	Razorpay payment webhook	Razorpay payload
POST	/api/ai/chat	None	INDY chatbot message	message, session_id
GET	/api/venues	None	List verified venues	city, capacity_min, type
GET	/api/gst/invoice/:booking_id	Fan JWT	Download GST invoice PDF	—

Booking Response (POST /api/bookings)JSON

{
  "success": true,
  "booking": {
    "id": "BK9K3AF7X",
    "event_id": "E001",
    "user_id": "USR_ABC",
    "tickets": [
      { "tier": "GA", "qty": 2, "price": 1499, "seat": "G-12,G-13" }
    ],
    "addons": [{ "name": "Combo Meal", "price": 350 }],
    "subtotal": 3348,
    "platform_fee": 40,
    "gst": 610,
    "total": 3998,
    "payment_id": "pay_RZP9K3AF",
    "status": "confirmed",
    "qr_url": "https://r2.indtix.com/qr/BK9K3AF7X.svg",
    "ticket_pdf": "https://r2.indtix.com/tickets/BK9K3AF7X.pdf",
    "gst_invoice": "https://r2.indtix.com/gst/INV-2026-BK9K3AF7X.pdf",
    "created_at": "2026-04-10T14:32:00Z"
  }
}

Database Schema

Database Schema (Cloudflare D1 / SQLite)

12 core tables covering the full platform. All IDs use ULID for sortable uniqueness. Soft deletes via deleted_at column.

Core Tables — D1 SQLiteSQL

-- USERS: Fan, Organiser, Venue, Staff, Admin
CREATE TABLE users (
  id          TEXT PRIMARY KEY,          -- ULID
  phone       TEXT UNIQUE,
  email       TEXT UNIQUE,
  name        TEXT NOT NULL,
  role        TEXT DEFAULT 'fan',     -- fan|organiser|venue_mgr|event_mgr|staff|admin
  kyc_status  TEXT DEFAULT 'pending', -- pending|submitted|verified|rejected
  gstin       TEXT,
  pan         TEXT,
  wallet_bal  REAL DEFAULT 0,
  referral_code TEXT UNIQUE,
  created_at  TEXT DEFAULT (datetime('now')),
  deleted_at  TEXT
);

-- VENUES
CREATE TABLE venues (
  id              TEXT PRIMARY KEY,
  name            TEXT NOT NULL,
  city            TEXT,
  address         TEXT,
  lat             REAL,
  lng             REAL,
  total_capacity  INTEGER,
  amenities       TEXT,  -- JSON array
  floor_plan_url  TEXT,
  gstin           TEXT,
  kyc_status      TEXT DEFAULT 'pending',
  owner_id        TEXT REFERENCES users(id),
  created_at      TEXT DEFAULT (datetime('now'))
);

-- EVENTS
CREATE TABLE events (
  id              TEXT PRIMARY KEY,
  organiser_id    TEXT REFERENCES users(id),
  venue_id        TEXT REFERENCES venues(id),
  name            TEXT NOT NULL,
  description     TEXT,
  category        TEXT,
  start_time      TEXT,
  end_time        TEXT,
  banner_url      TEXT,
  status          TEXT DEFAULT 'draft',  -- draft|review|live|cancelled|completed
  max_tickets     INTEGER DEFAULT 10,   -- per-user cap, default 10
  total_capacity  INTEGER,
  tickets_sold    INTEGER DEFAULT 0,
  is_featured     INTEGER DEFAULT 0,
  gst_rate        REAL DEFAULT 18.0,
  created_at      TEXT DEFAULT (datetime('now'))
);

-- TICKET TIERS (GA, Premium, VIP, Accessible)
CREATE TABLE ticket_tiers (
  id          TEXT PRIMARY KEY,
  event_id    TEXT REFERENCES events(id),
  name        TEXT,           -- GA, Premium, VIP
  price       REAL,
  total_qty   INTEGER,
  sold_qty    INTEGER DEFAULT 0,
  seat_map    TEXT,           -- JSON seat layout
  sale_start  TEXT,
  sale_end    TEXT
);

-- BOOKINGS (one row per booking, multiple tickets)
CREATE TABLE bookings (
  id              TEXT PRIMARY KEY,
  user_id         TEXT REFERENCES users(id),
  event_id        TEXT REFERENCES events(id),
  tickets         TEXT,   -- JSON: [{tier,qty,seat,price}]
  addons          TEXT,   -- JSON: [{name,qty,price}]
  subtotal        REAL,
  platform_fee    REAL,
  gst_amount      REAL,
  total           REAL,
  payment_id      TEXT,
  payment_method  TEXT,  -- upi|card|nb|wallet|emi|bnpl
  status          TEXT DEFAULT 'pending',  -- pending|confirmed|checked_in|cancelled|refunded
  qr_code         TEXT,
  cancelled_at    TEXT,
  cancel_reason   TEXT,
  refund_id       TEXT,
  refund_amount   REAL,
  created_at      TEXT DEFAULT (datetime('now'))
);

-- SCAN LOG (immutable entry events)
CREATE TABLE scan_log (
  id          TEXT PRIMARY KEY,
  booking_id  TEXT REFERENCES bookings(id),
  event_id    TEXT,
  gate_id     TEXT,
  staff_id    TEXT,
  scan_result TEXT,  -- valid|invalid|duplicate|expired
  scanned_at  TEXT DEFAULT (datetime('now')),
  device_id   TEXT
);

-- GST INVOICES
CREATE TABLE gst_invoices (
  id            TEXT PRIMARY KEY,
  invoice_no    TEXT UNIQUE,  -- INV-2026-XXXX
  booking_id    TEXT REFERENCES bookings(id),
  supplier_gstin TEXT,
  buyer_gstin   TEXT,
  taxable_value REAL,
  cgst          REAL,
  sgst          REAL,
  igst          REAL,
  total         REAL,
  pdf_url       TEXT,
  created_at    TEXT DEFAULT (datetime('now'))
);

-- SETTLEMENTS
CREATE TABLE settlements (
  id              TEXT PRIMARY KEY,
  organiser_id    TEXT REFERENCES users(id),
  event_id        TEXT REFERENCES events(id),
  gross_amount    REAL,
  platform_fee    REAL,
  gst_on_fee      REAL,
  net_amount      REAL,
  status          TEXT DEFAULT 'pending',  -- pending|processing|paid|failed
  payout_ref      TEXT,
  settled_at      TEXT,
  created_at      TEXT DEFAULT (datetime('now'))
);

-- AUDIT LOG (immutable, append-only)
CREATE TABLE audit_log (
  id          TEXT PRIMARY KEY,
  actor_id    TEXT,
  actor_role  TEXT,
  action      TEXT,    -- event.approve, booking.cancel, kyc.approve ...
  entity_type TEXT,
  entity_id   TEXT,
  payload     TEXT,   -- JSON diff
  ip_address  TEXT,
  created_at  TEXT DEFAULT (datetime('now'))
);

-- WRISTBAND / LED BANDS (NFC physical devices)
CREATE TABLE wristbands (
  id          TEXT PRIMARY KEY,
  event_id    TEXT REFERENCES events(id),
  booking_id  TEXT REFERENCES bookings(id),
  nfc_uid     TEXT UNIQUE,
  band_type   TEXT,  -- standard|led|vip_led|cashless
  color_hex   TEXT,
  wallet_bal  REAL DEFAULT 0,  -- cashless wristband balance
  activated_at TEXT,
  status      TEXT DEFAULT 'inactive'
);

-- NOTIFICATIONS LOG
CREATE TABLE notifications (
  id          TEXT PRIMARY KEY,
  user_id     TEXT REFERENCES users(id),
  channel     TEXT,  -- whatsapp|email|push|sms
  template    TEXT,
  payload     TEXT,  -- JSON
  status      TEXT,  -- queued|sent|delivered|failed
  sent_at     TEXT
);

Data Flow

Key Data Flows

Four critical flows that must work flawlessly. Every step is logged to audit_log.

Booking Flow

Fan selects event → opens seat map
Seat selection triggers 10-min hold (KV lock)
Add-ons selected → total computed with GST
Payment initiated via Razorpay
Webhook confirms → D1 booking row created
QR code generated → stored in R2
WhatsApp + email confirmation sent
Seat lock released / allocated

Check-In / Scan Flow

Staff scans QR on ops.html PWA
Worker verifies: booking exists, status=confirmed
Check: event_id matches, not already scanned
Update booking.status → checked_in
Insert scan_log row (immutable)
Return: VALID / DUPLICATE / INVALID
Audio + haptic feedback on device
Live counter updates via polling

Refund Flow

Fan requests cancellation (reason required)
Refund policy engine checks eligibility
If eligible: Cashfree refund API called
Booking status → cancelled
Seat released (ticket_tiers.sold_qty--)
WhatsApp + email: refund initiated
GST credit note generated
T+5–7 days: refund settled to source

Settlement Flow

Event date passes → T+1 settlement trigger
Admin reviews settlement report
Platform fee + GST deducted from gross
TDS deducted if applicable
Settlement approved → Cashfree payout
T+7: funds credited to organiser bank
GST invoice for platform fee generated
Organiser notified via WhatsApp

BI Layer

Business Intelligence & Analytics Architecture

Three-tier analytics: real-time (edge), operational (D1 aggregation), and strategic (warehouse).

Tier 1: Real-Time (Edge)

Cloudflare Analytics Engine — sub-second metrics
Live check-in counter (KV-backed)
Payment success/failure rate (5-min windows)
Seat availability websocket-style polling
WAF threat dashboard

Tier 2: Operational (D1)

Daily GMV, tickets sold, refund rate
Organiser-level P&L per event
City-wise / category-wise revenue
Settlement aging report
KYC funnel drop-off analysis

Tier 3: Strategic (BigQuery)

D1 → BigQuery export via Logpush (Phase 2)
Fan LTV prediction, churn modeling
Organiser health score (payment history, ratings)
Event demand forecasting (14-day ahead)
Price elasticity modeling per category

Key Platform KPIs

GMV — Gross Merchandise Value (₹/month)
TPV — Total Platform Volume (tickets)
DAU/MAU — Daily/Monthly Active Users
Take Rate — Platform revenue / GMV (%)
NPS — Net Promoter Score (fan + organiser)
Time to Sell Out — event velocity metric

Security

Security & Privacy Architecture

Security is embedded in every layer — not bolted on. DPDPA 2023 compliant, PCI DSS via gateway proxy.

Authentication & Authorization

OTP-first auth (Twilio) + social OAuth
JWT (15 min) + refresh token (30 days, KV-stored)
All JWT tokens signed with RS256
Token rotation on each refresh
Device fingerprinting for anomaly detection

Privacy (DPDPA 2023)

PII encrypted at rest (AES-256 in D1)
Data minimization — collect only what's needed
Right to erasure: account deletion wipes PII
Consent management for marketing
Data localization: all data in India region

Payment Security (PCI DSS)

No card data stored — Razorpay tokenization
3D Secure 2.0 on all card transactions
Payment webhook HMAC-SHA256 verification
Idempotency keys on all payment mutations
Fraud scoring via Razorpay Shield

Ticket Integrity

QR codes: HMAC-signed, time-bound (24hr validity)
Server-side validation only (no client-side check)
Duplicate scan detection via scan_log
NFC wristband UID cryptographically linked to booking
Unique QR per seat (not per booking) for multi-gate events

Anti-Fraud & Bot Prevention

Cloudflare Turnstile CAPTCHA on checkout
Rate limiting: 10 requests/min per IP on booking
Velocity check: max 10 tickets/user/event (configurable)
Business accounts: up to 50 tickets with KYC verification
Automated bot detection via Cloudflare WAF rules

Audit & Compliance

Immutable audit_log for all state changes
GST e-invoicing ready (IRN generation Phase 2)
TDS deduction tracking for organiser payouts
FEMA compliance for any cross-border transactions
90-day log retention minimum (Cloudflare Logpush)

AI / ML

AI & Machine Learning Roadmap

AI is a product differentiator, not a feature checkbox. Four AI modules across three phases.

INDY Chatbot (Phase 1 ✅)

Event discovery AI assistant. Answers "what's happening in Pune this weekend?", handles booking FAQs, event-specific Q&A from organiser-uploaded FAQ sheets.

Model: Cloudflare Workers AI (LLaMA 3 8B)
RAG: event data + FAQ vectorized in Vectorize
Fallback: GPT-4o for complex queries
Handoff to human support after 3 failed turns

Recommendation Engine (Phase 2)

Collaborative + content-based filtering. "You might also like" events based on booking history, location, social graph.

User-item matrix: collaborative filtering
Content similarity: venue, artist, category, city
Cold start: trending events in user's city
A/B tested via Feature Flags

Fraud Detection (Phase 1 Partial)

Real-time transaction scoring to flag suspicious bulk purchases, bot behavior, and payment fraud.

Rule-based: velocity, IP, device fingerprint
ML-based: XGBoost on payment features (Phase 2)
Auto-block + manual review queue
Shadow mode before production deployment

Demand Forecasting (Phase 2)

Predict ticket sales velocity for capacity planning, dynamic pricing recommendations, and organiser advice.

Model: Facebook Prophet (offline, batch)
Inputs: historical sales, category, artist, weather
Output: "Expected sellout in 3 days" alerts
Dynamic pricing nudges for organisers

Semantic Search (Phase 2)

Natural language event search. "Chill music near Bandra this Saturday under 500" resolves to correct results.

Embeddings: text-embedding-3-small (OpenAI)
Vector store: Cloudflare Vectorize
Hybrid: vector + keyword FTS5 (D1)
Intent extraction: category, city, date, budget

Smart Event Content (Phase 3)

AI-assisted event listing creation: auto-generate descriptions, suggest pricing tiers, flag policy violations in images.

GPT-4o: description generation from title/artist
Image moderation: Cloudflare AI Vision
Pricing suggestion: historical comps analysis
SEO meta-tag auto-generation

DevOps

DevOps, CI/CD & Observability

Zero-downtime deploys, automated testing, and real-time observability built in from day one.

.github/workflows/deploy.yml — CI/CD PipelineYAML

name: INDTIX Deploy Pipeline
on:
  push:
    branches: [main, staging]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci && npm run typecheck && npm run test
      - run: npx playwright test --reporter=html  # E2E tests

  deploy-preview:
    if: github.event_name == 'pull_request'
    needs: test
    runs-on: ubuntu-latest
    steps:
      - run: npm run build && npx wrangler pages deploy dist --branch=pr-${{ github.event.number }}
      - comment PR with preview URL

  deploy-production:
    if: github.ref == 'refs/heads/main'
    needs: test
    runs-on: ubuntu-latest
    steps:
      - run: npm run build && npx wrangler pages deploy dist --project-name indtix --branch main
      - run: npx wrangler d1 migrations apply indtix-production  # Run migrations
      - notify Slack #deploys channel

SLA & Monitoring

Uptime target: 99.9% (8.7 hr/yr downtime budget)
P95 API response: <100ms (edge-native)
Booking success rate: >99.5%
QR scan latency: <500ms
Payment webhook processing: <2s
PagerDuty alerts for P1 incidents (<5 min MTTR)

Testing Strategy

Unit: Vitest for Hono route handlers
Integration: D1 in-memory SQLite for API tests
E2E: Playwright — booking flow, QR scan, checkout
Load: k6 — 10,000 concurrent users on ticket sale day
Security: OWASP ZAP automated scan on every deploy

Launch Plan

Launch Phases & Roadmap

Three phases from MVP to enterprise scale. Each phase has clear success metrics before advancing.

Phase 1: MVP — Operational Core

Months 1–4 · Target: ₹1 Cr GMV

Prove the market. Launch in 3 cities (Mumbai, Bangalore, Delhi). Focus on music festivals and comedy shows as anchor categories.

Fan portal (events, booking, QR) Organiser portal (create, sell, settle) Basic seat map engine UPI + card payments WhatsApp booking confirmation QR code scan ops GST invoice (basic) KYC (manual review) Admin dashboard INDY chatbot (MVP)

Phase 2: Growth — Full Platform

Months 5–12 · Target: ₹20 Cr GMV

Expand to 10 cities. Launch venue portal, event manager portal, wristband module. Add B2B bulk tickets. Mobile app (React Native).

Venue portal (full) Event manager portal NFC wristbands + LED bands B2B bulk tickets (50-ticket KYC) Mobile app (iOS + Android) Recommendation engine Dynamic seat pricing BNPL (LazyPay, ZestMoney) Resale marketplace (Phase 2b) BigQuery BI pipeline Automated KYC (Digilocker) POS terminal (cashless)

Phase 3: Enterprise Scale

Year 2+ · Target: ₹100 Cr GMV

Full enterprise platform. White-label licensing for venue chains. IPO readiness. International expansion (UAE, Singapore).

White-label venue SaaS API marketplace (for ticketing integrations) Livestream ticketing NFT-backed VIP memberships International payments (Stripe) AI demand forecasting Sponsor activation platform Post-event merch store Artist fan club management Microservices architecture

Risks

Risk Register

Identified risks across tech, business, and regulatory dimensions. Reviewed monthly.

Risk	Likelihood	Impact	Mitigation
D1 SQLite write contention during flash ticket sale (100K+ concurrent users)	HIGH	HIGH	D1 batched writes + KV-based seat lock queue. Durable Objects for inventory (Phase 2).
Razorpay outage during major event sale	MED	HIGH	Cashfree as secondary payment gateway. Fallback payment link via email.
QR code forgery / ticket scalping	MED	HIGH	HMAC-signed QR, time-bound validity, server-side validation only, NFC wristbands for premium events.
GST compliance failure (wrong CGST/SGST split for inter-state transactions)	MED	MED	GST engine auto-detects supply type (IGST vs CGST+SGST) based on supplier/buyer PIN codes.
Organiser fraud (collect money, cancel event, disappear)	LOW	HIGH	KYC before payout, T+7 settlement delay, refund reserve withheld for 30 days.
DPDPA data breach — PII exposure	LOW	HIGH	AES-256 PII encryption, Cloudflare WAF, penetration testing quarterly, security audit log.
WhatsApp Business API policy change / suspension	MED	MED	Email (Resend) as primary fallback. SMS (Twilio) as tertiary.
Cloudflare D1 size limits hit (10 GB per database)	LOW	MED	Data archival strategy: move closed events to R2 cold storage after 90 days. Multiple D1 databases by region.
Worker 10ms CPU limit exceeded on complex API routes	MED	MED	Cloudflare Workers Paid plan (30ms CPU). Heavy compute offloaded to Queue workers.
Key person dependency (core tech team)	MED	HIGH	Document all architecture decisions (this spec!). Cross-train. Standard stack — Hono + TypeScript is widely understood.

Assumptions

Open Issues & Assumptions

Open Issues

D1 Durable Objects strategy for high-concurrency ticket sales not yet finalised — needs load testing at 10K+ RPS
KYC partner (Digilocker / CKYC / manual) final vendor selection pending legal review
WhatsApp Business API approval timeline for INDY persona uncertain (Meta's 2-4 week approval)
GST e-invoicing (IRN generation via GSTN sandbox) integration spec not started
Mobile app native vs. PWA-first decision pending UX research
Resale/secondary market feature: RBI and legal position on P2P ticket resale unclear

Assumptions Made

Cloudflare D1 will remain in GA (not deprecated) — backed by strong Cloudflare roadmap signals
Razorpay maintains >99.9% uptime SLA — industry standard, monitored via status page
Indian users will accept OTP-first auth (no password) — validated by major apps (CRED, Zepto)
10-ticket default cap is sufficient for consumer demand — configurable per event
Cloudflare Workers 10ms CPU budget is sufficient for all routes — some complex routes may need Paid plan (30ms)
GST rate remains at 18% on entertainment services — subject to government policy change

Phase 1 Scope Completion Status

✅ Fan portal: events, booking, seat map, checkout, auth, chatbot, wishlist, refunds
✅ Organiser portal: create, tickets, seat map, add-ons, analytics, KYC, settlements
✅ Venue portal: calendar, capacity, floor plan, pricing, GST, incidents
✅ Event manager portal: run sheet, check-in, POS, wristbands, announcements
✅ Super Admin ERP: 25 panels across platform management
✅ Ops/POS: QR scanner, manual entry, POS terminal, wristbands
✅ Brand system (brand.html)
✅ Architecture spec (this file)
✅ Deployed on Cloudflare Pages edge network
⚠️ D1 database not yet connected to live portals (static data)
⚠️ WhatsApp integration pending API approval
⚠️ Razorpay payment gateway integration not yet live

INDTIX Platform Status

v1.0 — Production deployment on Cloudflare Pages edge network

Fan Portal ↗ Organiser ↗ Venue ↗ Event Mgr ↗ Admin ERP ↗ Ops/POS ↗ Brand System ↗

API: https://8d2bac41.indtix.pages.dev/api/health · Worker: 25.56 KB · Edge: Cloudflare 175 PoPs